| Subject: | Bad regex in untainting - slight return w/ patch |
This is similar to unfixed bug #7252. Test::Pod::Coverage::all_modules() checks the dir. path components of the filename to make sure they are not "invalid and untaintable". However, the regex used does not allow for dirs that contain either '.' or '-', and dies when encountering such. Here's a patch for those 2 characters; don't know if it's necessary to include others (e.g. comma, colon) that can be valid.
(It occurs to me that in the long run, this entire operation might be better off left to File::Spec, via something like a File::Spec::untaint() method. Do you think that's a good idea?)
--- Coverage.pm.old Tue Jun 22 17:02:06 2004
+++ Coverage.pm Fri Dec 9 12:52:29 2005
@@ -204,7 +204,7 @@
# Untaint the parts
for ( @parts ) {
- /^([a-zA-Z0-9_]+)$/;
+ /^([a-zA-Z0-9_\.\-]+)$/;
die qq{Invalid and untaintable filename "$file"!} unless $_ eq $1;
$_ = $1;
}