Skip Menu |

This queue is for tickets about the Archive-Zip CPAN distribution.

Report information
The Basics
Id: 78931
Status: new
Priority: 0/
Queue: Archive-Zip

People
Owner: Nobody in particular
Requestors: tim [...] bellinghausen.org
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: 1.31_04
Fixed in: (no value)



Subject: Taint-mode bug in Archive::Zip::Archive::addTree
When a script uses taint-mode and Archive::Zip the usage of the addTree()-method causes an taint error with File::Find. The Problem is that the subdirectories, in the given directory are tainted and a chdir with a tainted value causes this error. File::Find::find has an "untaint" option to fix this, but it is not set from within addTree. So replacing File::Find::find( $wanted, $root ); with File::Find::find( {wanted => $wanted, untaint => 1}, $root ); fixes the problem. Since the documentation for File::Find says that setting the untaint option on programms without taint-mode set is a no-op, this looks like the best solution. The same Bug is reported in https://rt.cpan.org/Public/Bug/Display.html?id=48891 nearly three years ago. Please fix this for the next release. With best regards, Tim