1 package Catalyst::Action::Deserialize::Data::Serializer;
4 use namespace::autoclean;
6 extends 'Catalyst::Action';
9 use Scalar::Util qw(openhandle);
10 my $compartment = Safe->new;
11 $compartment->permit_only( qw(padany null lineseq const pushmark list anonhash anonlist refgen leaveeval undef) );
15 my ( $controller, $c, $serializer ) = @_;
24 $c->log->debug("Could not load $serializer, refusing to serialize: $@")
28 my $body = $c->request->body;
32 if(openhandle $body) {
33 seek($body, 0, 0); # in case something has already read from it
34 while ( defined( my $line = <$body> ) ) {
42 if ( $serializer eq "Data::Dumper" ) {
43 # Taken from Data::Serialize::Data::Dumper::deserialize, but run within a Safe compartment
44 my $code = $rbody =~ /^\{/ ? "+".$rbody : $rbody;
45 $rdata = $compartment->reval( $code );
48 my $dso = Data::Serializer->new( serializer => $serializer );
50 $rdata = $dso->raw_deserialize($rbody);
56 $c->request->data($rdata);
59 'I would have deserialized, but there was nothing in the body!')
65 __PACKAGE__->meta->make_immutable;