-#
-# Catalyst::Action::Deserialize::Data::Serializer.pm
-# Created by: Adam Jacob, Marchex, <adam@marchex.com>
-# Created on: 10/12/2006 03:00:32 PM PDT
-#
-# $Id$
-
package Catalyst::Action::Deserialize::Data::Serializer;
-use strict;
-use warnings;
+use Moose;
+use namespace::autoclean;
-use base 'Catalyst::Action';
+extends 'Catalyst::Action';
use Data::Serializer;
+use Safe;
+use Scalar::Util qw(openhandle);
+my $compartment = Safe->new;
+$compartment->permit_only( qw(padany null lineseq const pushmark list anonhash anonlist refgen leaveeval undef) );
+
+our $VERSION = '1.00';
+$VERSION = eval $VERSION;
sub execute {
my $self = shift;
require $sp
};
if ($@) {
- $c->log->debug("Could not load $serializer, refusing to serialize: $@");
+ $c->log->debug("Could not load $serializer, refusing to serialize: $@")
+ if $c->debug;
return 0;
}
my $body = $c->request->body;
if ($body) {
- my $rbody;
- if ( -f $c->request->body ) {
- open( BODY, "<", $c->request->body );
- while ( my $line = <BODY> ) {
+ my $rbody = '';
+
+ if(openhandle $body) {
+ seek($body, 0, 0); # in case something has already read from it
+ while ( defined( my $line = <$body> ) ) {
$rbody .= $line;
}
- close(BODY);
+ } else {
+ $rbody = $body;
}
- my $dso = Data::Serializer->new( serializer => $serializer );
+
my $rdata;
- eval {
- $rdata = $dso->raw_deserialize($rbody);
- };
+ if ( $serializer eq "Data::Dumper" ) {
+ # Taken from Data::Serialize::Data::Dumper::deserialize, but run within a Safe compartment
+ my $code = $rbody =~ /^\{/ ? "+".$rbody : $rbody;
+ $rdata = $compartment->reval( $code );
+ }
+ else {
+ my $dso = Data::Serializer->new( serializer => $serializer );
+ eval {
+ $rdata = $dso->raw_deserialize($rbody);
+ };
+ }
if ($@) {
return $@;
}
$c->request->data($rdata);
} else {
$c->log->debug(
- 'I would have deserialized, but there was nothing in the body!');
+ 'I would have deserialized, but there was nothing in the body!')
+ if $c->debug;
}
return 1;
}
+__PACKAGE__->meta->make_immutable;
+
1;