Note that modern versions of "patch" already do symlink protection.
I think this means you could drop this "-l" check in Patch.pm. >From http://git.savannah.gnu.org/cgit/patch.git/tree/NEWS ... Changes in version 2.7.5: * There are users which expect patch to follow symbolic links in the working directory, so patch now again follows symbolic links as long as they do not leave the working directory. Changes until version 2.7.4: ... * Patch no longer follows symbolic links to input and output files. This ensures that symbolic links created by git-style patches cannot cause patch to write outside the working directory (CVE-2015-1196).
