Cwd::fast_abs_path's untaint should allow for multiline directories

jberger · Father Chrysostomos · commit 9f28c6384ccf · 2012-12-03T08:53:45.000-08:00
This bug was noticed via Perl-Toolchain-Gang/File-chdir#3 and testing has led to this being the cause. The problem is worse on some platforms (notably cygwin in this case) when abs_path is implemented by fast_abs_path. Since File::chdir tests for proper behavior when a directory contains a newline, this bug then breaks File::chdir (one of my favorites and very useful xplatform tool). Yes this should have tests, but since it will involve creating a directory with a newline, I thought I would do better to leave that to someone with better knowledge than I.
diff --git a/dist/Cwd/Cwd.pm b/dist/Cwd/Cwd.pm
@@ -624,8 +624,8 @@ sub fast_abs_path {
 
     # Detaint else we'll explode in taint mode.  This is safe because
     # we're not doing anything dangerous with it.
-    ($path) = $path =~ /(.*)/;
-    ($cwd)  = $cwd  =~ /(.*)/;
+    ($path) = $path =~ /(.*)/s;
+    ($cwd)  = $cwd  =~ /(.*)/s;
 
     unless (-e $path) {
  	_croak("$path: No such file or directory");
