zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-04-15 06:23:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: address code review findings from cubic-dev-ai

Browse Source 
- Fix path traversal regex prefix confusion in perl-security skill
  - Revert v1.4.0 changelog entry (Perl not part of that release)
  - Rename $a/$b to $x/$y to avoid shadowing sort globals
  - Replace return undef with bare return per perlcritic rules
This commit is contained in:
Necip Sunmaz
2026-03-09 06:46:49 +03:00
committed by Affaan Mustafa
parent b2a7bae5db
commit 36bcf20588
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
skills/perl-security/SKILL.md
View File

@@ -197,7 +197,7 @@ sub safe_path($base_dir, $user_path) {
// die "Path does not exist\n";
my $base_real = realpath($base_dir)
// die "Base dir does not exist\n";
die "Path traversal blocked\n" unless $real =~ /^\Q$base_real\E/;
die "Path traversal blocked\n" unless $real =~ /^\Q$base_real\E\//;
return $real;
}
```