Subject: | Taint-mode bug in Archive::Zip::Archive::addTree |
When a script uses taint-mode and Archive::Zip the usage of the addTree()-method causes an
taint error with File::Find. The Problem is that the subdirectories, in the given directory are
tainted and a chdir with a tainted value causes this error.
File::Find::find has an "untaint" option to fix this, but it is not set from within addTree. So
replacing
File::Find::find( $wanted, $root );
with
File::Find::find( {wanted => $wanted, untaint => 1}, $root );
fixes the problem. Since the documentation for File::Find says that setting the untaint option on
programms without taint-mode set is a no-op, this looks like the best solution.
The same Bug is reported in https://rt.cpan.org/Public/Bug/Display.html?id=48891 nearly three
years ago. Please fix this for the next release.
With best regards,
Tim