setcwd was failing in taint mode; prepare for release 1.78_07

Changes

@@ -1,5 +1,8 @@
 Revision history for Net::SFTP::Foreign
 
+1.78_07  Oct 6, 2015
+        - setcwd was broken in taint mode (bug report by E. Choroba)
+
 1.78_06  Oct 1, 2015
         - the auto resume feature in put method was broken (bug report
           and fix by Denis Shirokov)

lib/Net/SFTP/Foreign.pm

@@ -1,6 +1,6 @@
 package Net::SFTP::Foreign;
 
-our $VERSION = '1.78_06';
+our $VERSION = '1.78_07';
 
 use strict;
 use warnings;
@@ -36,7 +36,8 @@ use Net::SFTP::Foreign::Helpers qw(_is_reg _is_lnk _is_dir _debug
                                    _sort_entries _gen_wanted
                                    _gen_converter _hexdump
                                    _ensure_list _catch_tainted_args
-                                   _file_part _umask_save_and_set);
+                                   _file_part _umask_save_and_set
+                                   _untaint);
 use Net::SFTP::Foreign::Constants qw( :fxp :flags :att
 				      :status :error
 				      SSH2_FILEXFER_VERSION );
@@ -535,6 +536,7 @@ sub setcwd {
         if ($check) {
             $cwd = $sftp->realpath($cwd);
             return undef unless defined $cwd;
+            _untaint($cwd);
             my $a = $sftp->stat($cwd)
                 or return undef;
             unless (_is_dir($a->perm)) {
@@ -1027,7 +1029,7 @@ sub stat {
 }
 
 sub fstat {
-    _deprecated "fstat is deprecated and will be removed on the upcomming 2.xx series, "
+    _deprecated "fstat is deprecated and will be removed on the upcoming 2.xx series, "
         . "stat method accepts now both file handlers and paths";
     goto &stat;
 }
@@ -1224,7 +1226,7 @@ sub setstat {
 # these return true on success, undef on failure
 
 sub fsetstat {
-    _deprecated "fsetstat is deprecated and will be removed on the upcomming 2.xx series, "
+    _deprecated "fsetstat is deprecated and will be removed on the upcoming 2.xx series, "
         . "setstat method accepts now both file handlers and paths";
     goto &setstat;
 }
@@ -3205,7 +3207,7 @@ sub statvfs {
 }
 
 sub fstatvfs {
-    _deprecated "fstatvfs is deprecated and will be removed on the upcomming 2.xx series, "
+    _deprecated "fstatvfs is deprecated and will be removed on the upcoming 2.xx series, "
         . "statvfs method accepts now both file handlers and paths";
     goto &statvfs;
 }
@@ -5498,6 +5500,23 @@ instance:
 I don't have access to an HP-UX machine, and so far nobody using it
 has been able to explain this behaviour. Patches welcome!
 
+=item - Taint mode and data coming through SFTP
+
+When the module finds it is being used from a script started in taint
+mode, on every method call it checks all the arguments passed and dies
+if any of them is tainted. Also, any data coming through the SFTP
+connection is marked as tainted.
+
+That generates an internal conflict for those methods that under the
+hood query the remote server multiple times, using data from responses
+to previous queries (tainted) to build new ones (die!).
+
+I don't think a generic solution could be applied to this issue while
+honoring the taint-mode spirit (and erring on the safe side), so my
+plan is to fix that in a case by case manner.
+
+So, please report any issue you find with taint mode!
+
 =back
 
 Also, the following features should be considered experimental:

lib/Net/SFTP/Foreign/Helpers.pm

@@ -28,7 +28,8 @@ our @EXPORT_OK = qw( _is_lnk
 		     _glob_to_regex
                      _file_part
                      _umask_save_and_set
-                     _tcroak );
+                     _tcroak
+                     _untaint );
 
 our $debug;
 
@@ -308,6 +309,15 @@ sub _file_part {
     $1;
 }
 
+sub _untaint {
+    if (${^TAINT}) {
+        for (@_) {
+            defined or next;
+            ($_) = /(.*)/s
+        }
+    }
+}
+
 sub _umask_save_and_set {
     my $umask = shift;
     if (defined $umask) {