[interchange-cvs] interchange - heins modified lib/Vend/Util.pm
interchange-core@icdevgroup.org
interchange-core@icdevgroup.org
Thu Mar 27 11:53:00 2003
User: heins
Date: 2003-03-27 16:52:59 GMT
Modified: lib/Vend Util.pm
Log:
* Add absolute_or_relative() routine to check whether a file name
is either absolute or contains a ../ component.
This is a stopgap routine only -- it is quite likely that we should
do something a bit more useful for checking file security.
For instance, there are many cases where we check for NoAbsolute and
then do varied check routines. I guess it would make sense to have
that just be one call to a subroutine.
The reason it was done that way originally was to prevent unnecessary
subroutine call overhead, as the original default for NoAbsolute was
unset, but now that the default is "Yes" it would be better to do it.
Improvements in Perl and processor speed have made subroutine overhead
a smaller problem in non-looping situations like this.
Revision Changes Path
2.55 +52 -4 interchange/lib/Vend/Util.pm
rev 2.55, prev_rev 2.54
Index: Util.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Util.pm,v
retrieving revision 2.54
retrieving revision 2.55
diff -u -r2.54 -r2.55
--- Util.pm 20 Mar 2003 23:31:24 -0000 2.54
+++ Util.pm 27 Mar 2003 16:52:59 -0000 2.55
@@ -1,6 +1,6 @@
# Vend::Util - Interchange utility functions
#
-# $Id: Util.pm,v 2.54 2003/03/20 23:31:24 racke Exp $
+# $Id: Util.pm,v 2.55 2003/03/27 16:52:59 mheins Exp $
#
# Copyright (C) 1996-2002 Red Hat, Inc. <interchange@redhat.com>
#
@@ -85,7 +85,7 @@
use Safe;
use subs qw(logError logGlobal);
use vars qw($VERSION @EXPORT @EXPORT_OK);
-$VERSION = substr(q$Revision: 2.54 $, 10);
+$VERSION = substr(q$Revision: 2.55 $, 10);
my $Eval_routine;
my $Eval_routine_file;
@@ -952,6 +952,48 @@
return \%hash;
}
+## Takes an IC scalar form value (parm=val\nparm2=val) and translates it
+## to a reference
+
+sub scalar_to_hash {
+ my $val = shift;
+
+ $val =~ s/^\s+//mg;
+ $val =~ s/\s+$//mg;
+ my @args;
+
+ @args = split /\n+/, $val;
+
+ my $ref = {};
+
+ for(@args) {
+ m!([^=]+)=(.*)!
+ and $ref->{$1} = $2;
+ }
+ return $ref;
+}
+
+## Takes a form reference (i.e. from \%CGI::values) and makes into a
+## scalar value value (i.e. parm=val\nparm2=val). Also translates it
+## via HTML entities -- it is designed to make it into a hidden
+## form value
+
+sub hash_to_scalar {
+ my $ref = shift
+ or return '';
+
+ unless (ref($ref) eq 'HASH') {
+ die __PACKAGE__ . " hash_to_scalar routine got bad reference.\n";
+ }
+
+ my @parms;
+ while( my($k, $v) = each %$ref ) {
+ $v =~ s/\r?\n/\r/g;
+ push @parms, HTML::Entities::encode("$k=$v");
+ }
+ return join "\n", @parms;
+}
+
## This simply returns a hash of words, which may be quoted shellwords
## Replaces most of parse_hash in Vend::Config
sub hash_string {
@@ -2019,11 +2061,17 @@
# Can't use that because it INSISTS on object
# calls without returning a blessed object
-my $abspat = $^O =~ /win32/i ? '^([a-z]:)?[\\\\/]' : '^/';
+my $abspat = $^O =~ /win32/i ? qr{^([a-zA-Z]:)?[\\/]} : qr{^/};
+my $relpat = qr{\.\.[\\/]};
sub file_name_is_absolute {
my($file) = @_;
- $file =~ m{$abspat}oi ;
+ $file =~ $abspat;
+}
+
+sub absolute_or_relative {
+ my($file) = @_;
+ $file =~ $abspat or $file =~ $relpat;
}
sub win_catfile {