This patch is fairly obvious:
*** ./lib/AutoLoader.pm.1g Tue Jan 2 14:00:50 1996
--- ./lib/AutoLoader.pm Tue Jan 2 14:18:29 1996
***************
*** 21,25 ****
AUTOLOAD {
! my $name = "auto/$AUTOLOAD.al";
$name =~ s#::#/#g;
eval {require $name};
--- 21,26 ----
AUTOLOAD {
! $AUTOLOAD =~ /([\w:]+)/; # avoid taint problems for eval require $name
! my $name = "auto/$1.al";
$name =~ s#::#/#g;
eval {require $name};
but... a) I don't really understand the problem (not being a tainted user),
b) I don't know why $AUTOLOAD is tainted, and c) I don't know why $AUTOLOAD
couldn't be untainted internally.
Think of this patch as just flagging the issue - I don't think it has
a bug number yet (but I've not checked recently).
Tim.
*** ./lib/AutoLoader.pm.1g Tue Jan 2 14:00:50 1996
--- ./lib/AutoLoader.pm Tue Jan 2 14:18:29 1996
***************
*** 21,25 ****
AUTOLOAD {
! my $name = "auto/$AUTOLOAD.al";
$name =~ s#::#/#g;
eval {require $name};
--- 21,26 ----
AUTOLOAD {
! $AUTOLOAD =~ /([\w:]+)/; # avoid taint problems for eval require $name
! my $name = "auto/$1.al";
$name =~ s#::#/#g;
eval {require $name};
but... a) I don't really understand the problem (not being a tainted user),
b) I don't know why $AUTOLOAD is tainted, and c) I don't know why $AUTOLOAD
couldn't be untainted internally.
Think of this patch as just flagging the issue - I don't think it has
a bug number yet (but I've not checked recently).
Tim.