From b8484d0c483a75140fb1afeab66984f0ae48d4eb Mon Sep 17 00:00:00 2001
From: Jesse Luehrs <doy@tozt.net>
Date: Fri, 4 Dec 2015 01:59:27 -0500
Subject: be a bit safer about files

don't use two-arg open, don't use File::Temp::tempfile
---
 lib/Spreadsheet/ParseXLSX.pm | 47 ++++++++++++++++++++------------------------
 1 file changed, 21 insertions(+), 26 deletions(-)

(limited to 'lib/Spreadsheet/ParseXLSX.pm')

diff --git a/lib/Spreadsheet/ParseXLSX.pm b/lib/Spreadsheet/ParseXLSX.pm
index 3d1ebd6..6e84e3e 100644
--- a/lib/Spreadsheet/ParseXLSX.pm
+++ b/lib/Spreadsheet/ParseXLSX.pm
@@ -63,41 +63,36 @@ sub parse {
     my $self = shift;
     my ($file, $formatter) = @_;
 
+    my $zip = Archive::Zip->new;
     my $workbook = Spreadsheet::ParseExcel::Workbook->new;
 
-    my $tempfile;
     if ($self->_check_signature($file)) {
-        $tempfile = $file = Spreadsheet::ParseXLSX::Decryptor->open(
+        $file = Spreadsheet::ParseXLSX::Decryptor->open(
             $file,
             $self->{Password}
         );
     }
 
-    eval {
-        my $zip = Archive::Zip->new;
-        if (openhandle($file)) {
-            bless $file, 'IO::File' if ref($file) eq 'GLOB'; # sigh
-            $zip->readFromFileHandle($file) == Archive::Zip::AZ_OK
-                or die "Can't open filehandle as a zip file";
-            $workbook->{File} = undef;
-        }
-        elsif (!ref($file)) {
-            $zip->read($file) == Archive::Zip::AZ_OK
-                or die "Can't open file '$file' as a zip file";
-            $workbook->{File} = $file;
-        }
-        else {
-            die "Argument to 'new' must be a filename or open filehandle";
-        }
-
-        $self->_parse_workbook($zip, $workbook, $formatter);
-    };
-    if ($tempfile) {
-        unlink $tempfile;
-    };
-    die $@ if $@;
+    if (openhandle($file)) {
+        bless $file, 'IO::File' if ref($file) eq 'GLOB'; # sigh
+        my $fh = ref($file) eq 'File::Temp'
+            ? IO::File->new("<&=" . fileno($file))
+            : $file;
+        $zip->readFromFileHandle($fh) == Archive::Zip::AZ_OK
+            or die "Can't open filehandle as a zip file";
+        $workbook->{File} = undef;
+        $workbook->{__tempfile} = $file;
+    }
+    elsif (!ref($file)) {
+        $zip->read($file) == Archive::Zip::AZ_OK
+            or die "Can't open file '$file' as a zip file";
+        $workbook->{File} = $file;
+    }
+    else {
+        die "Argument to 'new' must be a filename or open filehandle";
+    }
 
-    return $workbook;
+    return $self->_parse_workbook($zip, $workbook, $formatter);
 }
 
 sub _check_signature {
-- 
cgit v1.2.3-54-g00ecf