-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow Module::CPANfile in taint mode #41
Conversation
|
I will test without but I think both were required. |
If you call |
How about this? The taint was coming from Cwd::abs_path(). |
I actually don't get the point of this whole taint patch because you're using taint mode to distrust such tainted variables. If we add a support for scalar ref in parse i.e. |
I can live with that. Although I don't think either Cwd::abs_path() or the content of the cpanfile should be considered tainted. it's not like I detaint modules when I load them with require(). The cpanfile in question is just another part of the code base. |
Yeah, it's mostly the same as |
One this is fixed, I can remove a lot of cruft from Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1246528 which will make me so happy. |
@miyagawa -- what direction would you like me to take with this PR to get it accepted? I hate to bother, but I am eager for Module::CPANfile to work under taint mode. Thanks! |
Allow Module::CPANfile in taint mode
Thank you again! :) |
I need to call this code under taint mode, and currently it dies. This fixes it and shouldn't hurt anyone.