[catagits/Catalyst-Action-REST.git] / lib / Catalyst / Action / Deserialize / Data / Serializer.pm

package Catalyst::Action::Deserialize::Data::Serializer;

use Moose;
use namespace::autoclean;

extends 'Catalyst::Action';
use Data::Serializer;
use Safe;
use Scalar::Util qw(openhandle);
my $compartment = Safe->new;
$compartment->permit_only( qw(padany null lineseq const pushmark list anonhash anonlist refgen leaveeval undef) );

our $VERSION = '1.04';
$VERSION = eval $VERSION;

sub execute {
    my $self = shift;
    my ( $controller, $c, $serializer ) = @_;

    my $sp = $serializer;
    $sp =~ s/::/\//g;
    $sp .= ".pm";
    eval {
        require $sp
    };
    if ($@) {
        $c->log->debug("Could not load $serializer, refusing to serialize: $@")
            if $c->debug;
        return 0;
    }
    my $body = $c->request->body;
    if ($body) {
        my $rbody = '';

        if(openhandle $body) {
            seek($body, 0, 0); # in case something has already read from it
            while ( defined( my $line = <$body> ) ) {
                $rbody .= $line;
            }
        } else {
            $rbody = $body;
        }

        my $rdata;
        if ( $serializer eq "Data::Dumper" ) {
            # Taken from Data::Serialize::Data::Dumper::deserialize, but run within a Safe compartment
            my $code = $rbody =~ /^\{/ ? "+".$rbody : $rbody;
            $rdata = $compartment->reval( $code );
        }
        else {
            my $dso = Data::Serializer->new( serializer => $serializer );
            eval {
                $rdata = $dso->raw_deserialize($rbody);
            };
        }
        if ($@) {
            return $@;
        }
        $c->request->data($rdata);
    } else {
        $c->log->debug(
            'I would have deserialized, but there was nothing in the body!')
                if $c->debug;
    }
    return 1;
}

__PACKAGE__->meta->make_immutable;

1;
Commit	Line	Data
7ad87df9	1	package Catalyst::Action::Deserialize::Data::Serializer;
7ad87df9	2
930013e6	3	use Moose;
930013e6	4	use namespace::autoclean;
7ad87df9	5
930013e6	6	extends 'Catalyst::Action';
7ad87df9	7	use Data::Serializer;
0fd45d2a	8	use Safe;
1bb5ad32	9	use Scalar::Util qw(openhandle);
0fd45d2a	10	my $compartment = Safe->new;
0fd45d2a	11	$compartment->permit_only( qw(padany null lineseq const pushmark list anonhash anonlist refgen leaveeval undef) );
7ad87df9	12
44fa7f94	13	our $VERSION = '1.04';
f465980c	14	$VERSION = eval $VERSION;
f465980c	15
7ad87df9	16	sub execute {
	17	my $self = shift;
	18	my ( $controller, $c, $serializer ) = @_;
eccb2137	19
e601adda	20	my $sp = $serializer;
	21	$sp =~ s/::/\//g;
	22	$sp .= ".pm";
	23	eval {
	24	require $sp
	25	};
	26	if ($@) {
d4611771	27	$c->log->debug("Could not load $serializer, refusing to serialize: $@")
d4611771	28	if $c->debug;
e601adda	29	return 0;
e601adda	30	}
7ad87df9	31	my $body = $c->request->body;
7ad87df9	32	if ($body) {
1bb5ad32	33	my $rbody = '';
	34
	35	if(openhandle $body) {
	36	seek($body, 0, 0); # in case something has already read from it
	37	while ( defined( my $line = <$body> ) ) {
7ad87df9	38	$rbody .= $line;
7ad87df9	39	}
1bb5ad32	40	} else {
1bb5ad32	41	$rbody = $body;
7ad87df9	42	}
1bb5ad32	43
e601adda	44	my $rdata;
0fd45d2a	45	if ( $serializer eq "Data::Dumper" ) {
	46	# Taken from Data::Serialize::Data::Dumper::deserialize, but run within a Safe compartment
	47	my $code = $rbody =~ /^\{/ ? "+".$rbody : $rbody;
	48	$rdata = $compartment->reval( $code );
	49	}
	50	else {
	51	my $dso = Data::Serializer->new( serializer => $serializer );
	52	eval {
	53	$rdata = $dso->raw_deserialize($rbody);
	54	};
	55	}
e601adda	56	if ($@) {
	57	return $@;
	58	}
7ad87df9	59	$c->request->data($rdata);
7ad87df9	60	} else {
eccb2137	61	$c->log->debug(
d4611771	62	'I would have deserialized, but there was nothing in the body!')
d4611771	63	if $c->debug;
7ad87df9	64	}
e601adda	65	return 1;
eccb2137	66	}
7ad87df9	67
24748286	68	__PACKAGE__->meta->make_immutable;
24748286	69
7ad87df9	70	1;