Storable and code serialization: documentation

Message-Id: <200210020821.g928Lb2i003767@vran.herceg.de>

p4raw-id: //depot/perl@17969

diff --git a/ext/Storable/MANIFEST b/ext/Storable/MANIFEST
index 6c75149..ab0b705 100644 (file)
--- a/ext/Storable/MANIFEST
+++ b/ext/Storable/MANIFEST
@@ -6,6 +6,7 @@ Storable.xs                 The C side of Storable
 ChangeLog                  Changes since baseline
 t/blessed.t                See if Storable works
 t/canonical.t              See if Storable works
+t/code.t                   Test (de)serialization of code references
 t/compat06.t               See if Storable works
 t/croak.t                  See if Storable works
 t/dclone.t                 See if Storable works

diff --git a/ext/Storable/Storable.pm b/ext/Storable/Storable.pm
index 8346fda..4fba6b1 100644 (file)
--- a/ext/Storable/Storable.pm
+++ b/ext/Storable/Storable.pm
@@ -21,7 +21,7 @@ package Storable; @ISA = qw(Exporter DynaLoader);
 use AutoLoader;
 use vars qw($canonical $forgive_me $VERSION);
 
-$VERSION = '2.04';
+$VERSION = '2.05';
 *AUTOLOAD = \&AutoLoader::AUTOLOAD;            # Grrr...
 
 #
@@ -509,6 +509,18 @@ creating lookup tables for complicated queries.
 Canonical order does not imply network order; those are two orthogonal
 settings.
 
+=head1 CODE REFERENCES
+
+Since Storable version 2.05, CODE references may be serialized with
+the help of L<B::Deparse>. To enable this feature, set
+C<$Storable::Deparse> to a true value. To enable deserializazion,
+C<$Storable::Eval> should be set to a true value. Be aware that
+deserialization is done through C<eval>, which is dangerous if the
+Storable file contains malicious data. You can set C<$Storable::Eval>
+to a subroutine reference which would be used instead of C<eval>. See
+below for an example using a L<Safe> compartment for deserialization
+of CODE references.
+
 =head1 FORWARD COMPATIBILITY
 
 This release of Storable can be used on a newer version of Perl to
@@ -784,6 +796,21 @@ which prints (on my machine):
        Blue is still 0.100000
        Serialization of %color is 102 bytes long.
 
+Serialization of CODE references and deserialization in a safe
+compartment:
+
+       use Storable qw(freeze thaw);
+       use Safe;
+       use strict;
+       my $safe = new Safe;
+       # permitting the "require" opcode is necessary when using "use strict"
+       $safe->permit(qw(:default require));
+       local $Storable::Deparse = 1;
+       local $Storable::Eval = sub { $safe->reval($_[0]) };
+       my $serialized = freeze(sub { print "42\n" });
+       my $code = thaw($serialized);
+       $code->(); # prints 42
+
 =head1 WARNING
 
 If you're using references as keys within your hash tables, you're bound

diff --git a/ext/Storable/t/code.t b/ext/Storable/t/code.t
index f24fe77..3a6d1a4 100644 (file)
--- a/ext/Storable/t/code.t
+++ b/ext/Storable/t/code.t
@@ -147,7 +147,6 @@ ok(prototype($thawed->[4]), prototype($obj[0]->[4]));
 ######################################################################
 # Security with
 #   $Storable::Eval
-#   $Storable::Safe
 #   $Storable::Deparse
 
 {
@@ -214,8 +213,8 @@ ok(prototype($thawed->[4]), prototype($obj[0]->[4]));
        $freezed = freeze $obj[0]->[$i];
        $@ = "";
        eval { $thawed = thaw $freezed };
-       skip(q{ok($@, ""});
-       skip(q{$thawed->(), $res});
+       ok($@, "");
+       ok($thawed->(), $res);
     }
 
     $freezed = freeze $obj[0]->[6];