On Thu, May 21, 2015 at 8:38 AM, David Golden <x...@xdg.me> wrote:
> We have various unsolved tickets (see end for links) about
> File::Temp/File::Spec failing on Windows due to taint, where
> File::Spec->tmpdir returns the root directory, which many Windows users
> can't actually write to. (Context: File::Spec checks -w on candidate temp
> dirs, but that can be true on Windows, yet the ACLs can prevent files from
> being written there. See perlport on -X operators.)
I'm curious *why* tmpdir() would return the root directory. Normally
%TMP% should be setup to point to the Temp directory inside the local
APPDATA directory for regular users, or to %windir%/Temp when running
as a service.
> After discussions on #toolchain, I have two proposals:
>
> (1) That File::Temp fall back to the following if it can't create a
> temporary directory in the directory that is the result of
> File::Spec->tmpdir:
>
>
> File::Spec->catdir(Win32::GetFolderPath(Win32::CSIDL_LOCAL_APPDATA),q{Temp})
Seems sensible to me, although I'm not sure what that returns for
processes running as a service.
> (2) That File::Spec::Win32 put that same path after environment variables
> paths but before all existing fallback paths
> (https://metacpan.org/source/SMUELLER/PathTools-3.47/lib/File/Spec/Win32.pm#L74-78)
I just noticed the the GetTempPath() API will fall back to
%USERPROFILE% if neither %TMP% nor %TEMP% are set. Maybe that variable
should be checked as well, for consistency with other apps?
https://msdn.microsoft.com/en-us/library/windows/desktop/aa364992%28v=vs.85%29.aspx
Cheers,
-Jan
