1 package Catalyst::Action::Deserialize::Data::Serializer;
4 use namespace::autoclean;
6 extends 'Catalyst::Action';
9 use Scalar::Util qw(openhandle);
10 my $compartment = Safe->new;
11 $compartment->permit_only( qw(padany null lineseq const pushmark list anonhash anonlist refgen leaveeval undef) );
13 our $VERSION = '1.03';
14 $VERSION = eval $VERSION;
18 my ( $controller, $c, $serializer ) = @_;
27 $c->log->debug("Could not load $serializer, refusing to serialize: $@")
31 my $body = $c->request->body;
35 if(openhandle $body) {
36 seek($body, 0, 0); # in case something has already read from it
37 while ( defined( my $line = <$body> ) ) {
45 if ( $serializer eq "Data::Dumper" ) {
46 # Taken from Data::Serialize::Data::Dumper::deserialize, but run within a Safe compartment
47 my $code = $rbody =~ /^\{/ ? "+".$rbody : $rbody;
48 $rdata = $compartment->reval( $code );
51 my $dso = Data::Serializer->new( serializer => $serializer );
53 $rdata = $dso->raw_deserialize($rbody);
59 $c->request->data($rdata);
62 'I would have deserialized, but there was nothing in the body!')
68 __PACKAGE__->meta->make_immutable;