Change 27345: Move all the de-tainting logic for runperl into test.pl.

[Nicholas Clark]

Change 27345 by [EMAIL PROTECTED] on 2006/02/27 16:13:05

        Move all the de-tainting logic for runperl into test.pl.

Affected files ...

... //depot/perl/t/op/utftaint.t#9 edit
... //depot/perl/t/test.pl#67 edit

Differences ...

==== //depot/perl/t/op/utftaint.t#9 (text) ====
Index: perl/t/op/utftaint.t
--- perl/t/op/utftaint.t#8~27341~       2006-02-27 06:39:46.000000000 -0800
+++ perl/t/op/utftaint.t        2006-02-27 08:13:05.000000000 -0800
@@ -144,9 +144,6 @@
 }
 
 {
-    my @keys = qw(CDPATH IFS ENV BASH_ENV);
-    push @keys, qw(PATH) unless $^O eq 'MSWin32';
-    local @[EMAIL PROTECTED] = (undef) x scalar(@keys);
     fresh_perl_is('$a = substr $^X, 0, 0; /\x{100}/i; /$a\x{100}/i || print 
q,ok,',
                  'ok', {switches => ["-T", "-l"]},
                  "matching a regexp is taint agnostic");

==== //depot/perl/t/test.pl#67 (text) ====
Index: perl/t/test.pl
--- perl/t/test.pl#66~27220~    2006-02-18 10:22:13.000000000 -0800
+++ perl/t/test.pl      2006-02-27 08:13:05.000000000 -0800
@@ -481,16 +481,36 @@
     die "test.pl:runperl() does not take a hashref"
        if ref $_[0] and ref $_[0] eq 'HASH';
     my $runperl = &_create_runperl;
+    my $result;
+
     if (${^TAINT}) {
-       # We will assume that if you're running under -T, you really mean
-       # to run a fresh perl, so we'll brute force launder everything for
-       # you
-       foreach ($runperl, $ENV{PATH}) {
-           $_ =~ /(.*)/s;
-           $_ = $1;
+       # We will assume that if you're running under -T, you really mean to
+       # run a fresh perl, so we'll brute force launder everything for you
+       my $sep;
+
+       eval "require Config; Config->import";
+       if ($@) {
+           warn "test.pl had problems loading Config: $@";
+           $sep = ':';
+       } else {
+           $sep = $Config{path_sep};
        }
+
+       my @keys = grep {exists $ENV{$_}} qw(CDPATH IFS ENV BASH_ENV);
+       local @[EMAIL PROTECTED] = ();
+       # Untaint, plus take out . and empty string:
+       $ENV{PATH} =~ /(.*)/s;
+       local $ENV{PATH}
+           = join $sep, grep {$_ ne "" and $_ ne "."}
+               split quotemeta ($sep), $1;
+
+       $runperl =~ /(.*)/s;
+       $runperl = $1;
+
+       $result = `$runperl`;
+    } else {
+       $result = `$runperl`;
     }
-    my $result = `$runperl`;
     $result =~ s/\n\n/\n/ if $is_vms; # XXX pipes sometimes double these
     return $result;
 }
End of Patch.