diff -rc Module-Pluggable-3.5-orig/lib/Module/Pluggable/Object.pm Module-Pluggable-3.5/lib/Module/Pluggable/Object.pm *** Module-Pluggable-3.5-orig/lib/Module/Pluggable/Object.pm 2007-01-30 00:13:00.000000000 +0100 --- Module-Pluggable-3.5/lib/Module/Pluggable/Object.pm 2007-03-13 14:29:34.000000000 +0100 *************** *** 136,147 **** my $sp = catdir($dir, (split /::/, $searchpath)); # if it doesn't exist or it's not a dir then skip it ! next unless ( -e $sp && -d _ ); # Use the cached stat the second time my @files = $self->find_files($sp); # foreach one we've found foreach my $file (@files) { # untaint the file; accept .pm only next unless ($file) = ($file =~ /(.*$file_regex)$/); # parse the file to get the name --- 136,148 ---- my $sp = catdir($dir, (split /::/, $searchpath)); # if it doesn't exist or it's not a dir then skip it ! next unless ( -d $sp ); my @files = $self->find_files($sp); # foreach one we've found foreach my $file (@files) { + # untaint the file; accept .pm only next unless ($file) = ($file =~ /(.*$file_regex)$/); # parse the file to get the name *************** *** 161,167 **** my $err = $self->handle_finding_plugin($plugin); carp "Couldn't require $plugin : $err" if $err; ! push @plugins, $plugin; } --- 162,168 ---- my $err = $self->handle_finding_plugin($plugin); carp "Couldn't require $plugin : $err" if $err; ! push @plugins, $plugin; } *************** *** 201,207 **** (my $path = $File::Find::name) =~ s#^\\./##; push @files, $path; } ! }, $search_path ); } #chdir $cwd; return @files; --- 202,208 ---- (my $path = $File::Find::name) =~ s#^\\./##; push @files, $path; } ! }, "$search_path/." ); } #chdir $cwd; return @files;