-#
-# Catalyst::Action::Deserialize::Data::Serializer.pm
-# Created by: Adam Jacob, Marchex, <adam@hjksolutions.com>
-# Created on: 10/12/2006 03:00:32 PM PDT
-#
-# $Id$
-
package Catalyst::Action::Deserialize::Data::Serializer;
-use strict;
-use warnings;
+use Moose;
+use namespace::autoclean;
-use base 'Catalyst::Action';
+extends 'Catalyst::Action';
use Data::Serializer;
+use Safe;
+my $compartment = Safe->new;
+$compartment->permit_only( qw(padany null lineseq const pushmark list anonhash anonlist refgen leaveeval undef) );
+
+our $VERSION = '0.91';
+$VERSION = eval $VERSION;
sub execute {
my $self = shift;
}
close(BODY);
}
- my $dso = Data::Serializer->new( serializer => $serializer );
my $rdata;
- eval {
- $rdata = $dso->raw_deserialize($rbody);
- };
+ if ( $serializer eq "Data::Dumper" ) {
+ # Taken from Data::Serialize::Data::Dumper::deserialize, but run within a Safe compartment
+ my $code = $rbody =~ /^\{/ ? "+".$rbody : $rbody;
+ $rdata = $compartment->reval( $code );
+ }
+ else {
+ my $dso = Data::Serializer->new( serializer => $serializer );
+ eval {
+ $rdata = $dso->raw_deserialize($rbody);
+ };
+ }
if ($@) {
return $@;
}
return 1;
}
+__PACKAGE__->meta->make_immutable;
+
1;