ejoffe has asked for the wisdom of the Perl Monks concerning the following question:

While trying to use Archive::Zip under modperl with -T, I ran into taint problems using addTree.   In particular, I get the following error when trying to to an addTree:

Insecure dependency in chdir while running with -T switch at /usr/local/lib/perl5/site_perl/5.6.1/Archive/Zip.pm line 1088.

This happens even when passing a hardcoded path to addTree like 
$zip->addDirectory("foo");
$zip->addTree("/tmp/bar", "foo/bar");

[download]
The module developer no longer works in Perl and so suggested I post on perlmonks for someone to latch on to fixing it.   Ned (the author) said to email him with a fix if there is one at ned@bike-nomad.com, and he will incorporate it into the module.

-Ethan

janitored by ybiC: Retitle from detrimental-to-PM-search one-word "Archive::Zip", and minor format tweaks for legibility

Replies are listed 'Best First'.
Re: Archive::Zip, taint, addTree()
by PodMaster (Abbot) on Mar 18, 2004 at 03:38 UTC
    If you take a look at sub addTree, you'll see that it's using File::Find, and if you read the File::Find documentation, you'll see untaint/untaint_pattern/untaint_skip. Simply modify addTree to provide these options to File::Find.

    If bike-nomad is not maintaining his modules anymore, perhaps someone should volunteer/ask to take over maintenance.

    MJD says "you can't just make shit up and expect the computer to know what you mean, retardo!"
    I run a Win32 PPM repository for perl 5.6.x and 5.8.x -- I take requests (README).
    ** The third rule of perl club is a statement of fact: pod is sexy.

[reply]

Back to Seekers of Perl Wisdom