1 package Catalyst::Action::Deserialize::Data::Serializer;
4 use namespace::autoclean;
6 extends 'Catalyst::Action';
9 my $compartment = Safe->new;
10 $compartment->permit_only( qw(padany null lineseq const pushmark list anonhash anonlist refgen leaveeval undef) );
12 our $VERSION = '0.91';
13 $VERSION = eval $VERSION;
17 my ( $controller, $c, $serializer ) = @_;
26 $c->log->debug("Could not load $serializer, refusing to serialize: $@")
30 my $body = $c->request->body;
33 if ( -f $c->request->body ) {
34 open( BODY, "<", $c->request->body );
35 while ( my $line = <BODY> ) {
41 if ( $serializer eq "Data::Dumper" ) {
42 # Taken from Data::Serialize::Data::Dumper::deserialize, but run within a Safe compartment
43 my $code = $rbody =~ /^\{/ ? "+".$rbody : $rbody;
44 $rdata = $compartment->reval( $code );
47 my $dso = Data::Serializer->new( serializer => $serializer );
49 $rdata = $dso->raw_deserialize($rbody);
55 $c->request->data($rdata);
58 'I would have deserialized, but there was nothing in the body!')
64 __PACKAGE__->meta->make_immutable;