X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FAction%2FDeserialize%2FData%2FSerializer.pm;h=124af973c7675f12b36aa169e7e06966fd3fef25;hb=be099c6c6c1f5b9f6c3c543762c1c1fcde82946a;hp=26beb1dfc4ff93dd76105e515ada160f2c71b013;hpb=ab8ab47a739539677817d6a7493b888c7a7815f6;p=catagits%2FCatalyst-Action-REST.git diff --git a/lib/Catalyst/Action/Deserialize/Data/Serializer.pm b/lib/Catalyst/Action/Deserialize/Data/Serializer.pm index 26beb1d..124af97 100644 --- a/lib/Catalyst/Action/Deserialize/Data/Serializer.pm +++ b/lib/Catalyst/Action/Deserialize/Data/Serializer.pm @@ -5,8 +5,12 @@ use namespace::autoclean; extends 'Catalyst::Action'; use Data::Serializer; +use Safe; +use Scalar::Util qw(openhandle); +my $compartment = Safe->new; +$compartment->permit_only( qw(padany null lineseq const pushmark list anonhash anonlist refgen leaveeval undef) ); -our $VERSION = '0.85'; +our $VERSION = '1.03'; $VERSION = eval $VERSION; sub execute { @@ -26,19 +30,29 @@ sub execute { } my $body = $c->request->body; if ($body) { - my $rbody; - if ( -f $c->request->body ) { - open( BODY, "<", $c->request->body ); - while ( my $line = ) { + my $rbody = ''; + + if(openhandle $body) { + seek($body, 0, 0); # in case something has already read from it + while ( defined( my $line = <$body> ) ) { $rbody .= $line; } - close(BODY); + } else { + $rbody = $body; } - my $dso = Data::Serializer->new( serializer => $serializer ); + my $rdata; - eval { - $rdata = $dso->raw_deserialize($rbody); - }; + if ( $serializer eq "Data::Dumper" ) { + # Taken from Data::Serialize::Data::Dumper::deserialize, but run within a Safe compartment + my $code = $rbody =~ /^\{/ ? "+".$rbody : $rbody; + $rdata = $compartment->reval( $code ); + } + else { + my $dso = Data::Serializer->new( serializer => $serializer ); + eval { + $rdata = $dso->raw_deserialize($rbody); + }; + } if ($@) { return $@; } @@ -51,4 +65,6 @@ sub execute { return 1; } +__PACKAGE__->meta->make_immutable; + 1;