package Catalyst::Action::Deserialize::Data::Serializer;
-use strict;
-use warnings;
+use Moose;
+use namespace::autoclean;
-use base 'Catalyst::Action';
+extends 'Catalyst::Action';
use Data::Serializer;
+use Safe;
+my $compartment = Safe->new;
+$compartment->permit_only( qw(padany null lineseq const pushmark list anonhash anonlist refgen leaveeval undef) );
+
+our $VERSION = '0.85';
+$VERSION = eval $VERSION;
sub execute {
my $self = shift;
}
close(BODY);
}
- my $dso = Data::Serializer->new( serializer => $serializer );
my $rdata;
- eval {
- $rdata = $dso->raw_deserialize($rbody);
- };
+ if ( $serializer eq "Data::Dumper" ) {
+ # Taken from Data::Serialize::Data::Dumper::deserialize, but run within a Safe compartment
+ my $code = $rbody =~ /^\{/ ? "+".$rbody : $rbody;
+ $rdata = $compartment->reval( $code );
+ }
+ else {
+ my $dso = Data::Serializer->new( serializer => $serializer );
+ eval {
+ $rdata = $dso->raw_deserialize($rbody);
+ };
+ }
if ($@) {
return $@;
}
projects / catagits/Catalyst-Action-REST.git / blobdiff