[Templates] Problem with Compile and -T

Wed, 20 Mar 2002 09:04:18 +0100

I have a Problem using the Compile Option while using Tainted Mode in 
Perl using Template Toolkit Version 2.06.

Error Message:

   Insecure dependency in mkdir while running with -T switch at
   /usr/lib/perl5/5.6.1/File/Path.pm line 137.

This is called in Template::Provider (line 310)

   &File::Path::mkpath("$cdir/$wdir");

First of all I think the slash between the two directories isn't needed 
and causing in a doubled slash at this point.
But the Problem is that $wdir is tainted and has to be untainted before 
use. If I change the code as follows, it works.

   $wdir =~ /(.*)/;
   &File::Path::mkpath($cdir.$1);

But the same Problem is on line 765:

   &File::Path::mkpath($basedir) unless -d $basedir;

I changed it to:

   $basedir =~ /(.*)/;
   &File::Path::mkpath($1) unless -d $basedir;

Now it works. Please check this out and add this short bugfix.

Regards
Alexander

-- 
Alexander Schilling                     webł GmbH
Web Developer                           Seidenstraße 57
                                         70174 Stuttgart
alexander.schilling@webhoch3.de         Fon +49 (0)711/633066-26
http://www.webhoch3.de                  Fax +49 (0)711/633066-29