1 Description: Replace insecure make_temporary_filename with File::Temp::tempfile
2 Forwarded: http://lists.example.com/2010/03/1234.html
3 Origin: vendor, http://bugs.debian.org/740670
4 Author: Don Armstrong <don@debian.org>
5 Last-Update: 2010-03-29
12 +use File::Temp qw(tempfile);
15 ( $VERSION = q($Id: Tidy.pm,v 1.74 2013/09/22 13:56:49 perltidy Exp $) ) =~ s/^.*\s+(\d+)\/(\d+)\/(\d+).*$/$1$2$3/; # all one line for MakeMaker
20 -sub make_temporary_filename {
22 - # Make a temporary filename.
23 - # The POSIX tmpnam() function has been unreliable for non-unix systems
24 - # (at least for the win32 systems that I've tested), so use a pre-defined
25 - # name for them. A disadvantage of this is that two perltidy
26 - # runs in the same working directory may conflict. However, the chance of
27 - # that is small and manageable by the user, especially on systems for which
28 - # the POSIX tmpnam function doesn't work.
29 - my $name = "perltidy.TMP";
30 - if ( $^O =~ /win32|dos/i || $^O eq 'VMS' || $^O eq 'MacOs' ) {
33 - eval "use POSIX qw(tmpnam)";
34 - if ($@) { return $name }
37 - # just make a couple of tries before giving up and using the default
39 - my $tmpname = tmpnam();
40 - my $fh = IO::File->new( $tmpname, O_RDWR | O_CREAT | O_EXCL );
50 # Here is a map of the flow of data from the input source to the output
52 @@ -1324,11 +1296,7 @@
53 my ( $fh_stream, $fh_name ) =
54 Perl::Tidy::streamhandle( $stream, 'r' );
56 - my ( $fout, $tmpnam );
58 - # TODO: fix the tmpnam routine to return an open filehandle
59 - $tmpnam = Perl::Tidy::make_temporary_filename();
60 - $fout = IO::File->new( $tmpnam, 'w' );
61 + my ( $fout, $tmpnam ) = tempfile();
65 @@ -5159,14 +5127,7 @@
66 # Pod::Html requires a real temporary filename
67 # If we are making a frame, we have a name available
68 # Otherwise, we have to fine one
70 - if ( $rOpts->{'frames'} ) {
71 - $tmpfile = $self->{_toc_filename};
74 - $tmpfile = Perl::Tidy::make_temporary_filename();
76 - my $fh_tmp = IO::File->new( $tmpfile, 'w' );
77 + my ($fh_tmp,$tmpfile) = tempfile();
80 "unable to open temporary file $tmpfile; cannot use pod2html\n";