Stas Bekman <[EMAIL PROTECTED]> wrote:
:Unfortunately ExtUtils::MM_Unix->parse_version is unusable, because it doesn't
:work under -T :( That leaves me no choice but to duplicate loads of code :(
[...]
:Here is the fix against blead perl:
:--- lib/ExtUtils/MM_Unix.pm.orig 2004-03-23 12:06:37.153572807 -0800
:+++ lib/ExtUtils/MM_Unix.pm 2004-03-23 17:27:25.849684620 -0800
:@@ -3092,6 +3092,8 @@
: next if $inpod || /^\s*#/;
: chop;
: next unless /(?<!\\)([\$*])(([\w\:\']*)\bVERSION)\b.*\=/;
:+ # untaint
:+ { local($1, $2); ($_ = $_) = /(.*)/; }
: my $eval = qq{
: package ExtUtils::MakeMaker::_version;
: no strict;
Hmm, so we read some text from an arbitrary file, then eval a selected
line from that (after wrapping it up some). Making that "work under -T"
simply by treating all possible strings as safe seems like a bad idea -
I think the existing behaviour is probably more correct, unless you are
going to provide a regexp that'll match only guaranteed-safe code
fragments.
If your particular -T script knows when parse_version is being called,
and upon what files, and has already taken separate steps to determine
that these files should be trusted, then that's fine. But to modify
parse_version in a way that assumes the caller has done that seems
inappropriate to me - for your case I think it would be more reasonable
to duplicate the function to make a parse_version_from_trusted_file().
Whether such an additional function would also be suitable for inclusion
in ExtUtils::* I don't know.
Hugo
