| Subject: | [patch] Date::Manip clobbers $ENV{PATH} on *nix. |
The problem appears to be a consequence of fixing RT #78566 for
Date-Manip: taint problems with 6.32
The thing is that if you are _not_ running in taint mode, the PATH gets
clobbered anyway, making it impossible to spawn user-written commands.
There _is_ a workaround, which is to find all the places in your code
where a Date::Manip object is instantiated, and localize $ENV{PATH}.
I believe the attached universal diff represents a way to have your cake
and eat it too. That is, taint mode works, but the PATH is still
unmodified outside Date::Manip. At least, on my system (Mac OS 10.6.8,
Perl 5.16.1) I get:
$ perl -T -Mblib -MDate::Manip::TZ -E 'Date::Manip::TZ->new(); say
$ENV{PATH};
'/usr/local/perl/5.16.1/bin:/opt/local/bin:/opt/local/sbin:/ImageMagick-6.4.1/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11/bin:/Users/tom/Code/Tools
| Subject: | Date-Manip-TZ.diff |
--- lib/Date/Manip/TZ.old 2012-09-04 10:40:58.000000000 -0400
+++ lib/Date/Manip/TZ.pm 2012-10-26 22:08:34.000000000 -0400
@@ -71,6 +71,8 @@
# methods a list of methods used for determining the
# current zone
+ # path the PATH to set for determining the current
+ # zone (undef if none)
# dates critical dates on a per/year (UT) basis
# zonerx the regular expression for matching timezone
# names/aliases
@@ -81,6 +83,7 @@
# zrx the regular expression to match all timezone
# information
'methods' => [],
+ 'path' => undef,
'zonerx' => undef,
'abbrx' => undef,
'offrx' => undef,
@@ -93,7 +96,7 @@
my $os = $dmb->_os();
if ($os eq 'Unix') {
- $ENV{PATH} = '/bin:/usr/bin';
+ $$self{'data'}{'path'} = '/bin:/usr/bin';
$$self{'data'}{'methods'} = [
qw(main TZ
env zone TZ
@@ -399,6 +402,9 @@
my (@methods) = @{ $$self{'data'}{'methods'} };
+ defined $$self{'data'}{'path'}
+ and local $ENV{PATH} = $$self{'data'}{'path'};
+
METHOD:
while (@methods) {
my $method = shift(@methods);