On Thu, May 21, 2015 at 3:37 PM, Jan Dubois <j...@activestate.com> wrote:
> I'm curious *why* tmpdir() would return the root directory. Normally > %TMP% should be setup to point to the Temp directory inside the local > APPDATA directory for regular users, or to %windir%/Temp when running > as a service. > > Under taint mode, all sources from %ENV are rejected, so we can't rely on those. See this link for the filtering function: https://metacpan.org/source/SMUELLER/PathTools-3.47/lib/File/Spec/Unix.pm#L176-205 The other "problem" is that the -w check always reports true, even if the user doesn't have ACLs to create files/directories. Longer-term, File::Spec::Win32 could have its own _tmpdir method that checks to see if Win32::API is installed (as I think it is with AS/Strawberry) and then use some Win32 API function to check ACLs on proposed directories. I just noticed the the GetTempPath() API will fall back to > %USERPROFILE% if neither %TMP% nor %TEMP% are set. Maybe that variable > should be checked as well, for consistency with other apps? > > > https://msdn.microsoft.com/en-us/library/windows/desktop/aa364992%28v=vs.85%29.aspx > First, I'd want someone to check if it returns %USERPROFILE% exactly or some path under it. David -- David Golden <x...@xdg.me> Twitter/IRC: @xdg
