codecov[bot]
commented
2 years ago Codecov Report
Merging #30 (884ea39) into master (3640eaa) will decrease coverage by
0.02%. The diff coverage is77.77%.
@@ Coverage Diff @@
## master #30 +/- ##
==========================================
- Coverage 79.47% 79.45% -0.03%
==========================================
Files 18 19 +1
Lines 721 730 +9
Branches 79 81 +2
==========================================
+ Hits 573 580 +7
Misses 114 114
- Partials 34 36 +2 | Impacted Files | Coverage Δ | |
|---|---|---|
| lib/DateTime/Locale/Data.pm | 70.83% <0.00%> (-3.08%) |
:arrow_down: |
| t/taint.t | 87.50% <87.50%> (ø) |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update 3640eaa...884ea39. Read the comment docs.
autarch
At $work we're in the process of upgrading Debian LTS (Stretch → Bullseye). This has caused some fallout in loading locales using tainted variables. This appears to be unintended fallout from the 1.11 change where locales are now read from disk on-demand.
Stretch:
Bullseye:
Assuming the change was unintentional this commit restores the old behaviour while keeping the data on disk. I don't think it's unreasonable that a locale code would be tainted if it came from the database of the web request.
The commit does a little validation but to be honest it's probably overkill as the value is checked higher up the stack, so we could easily make the regex
/(.+)/if you prefer.The test should be skipping itself on perls compiled without taint support.