oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixed possible vulnerability loading help files

Browse source
This commit is contained in:
Doug Bell 2010-08-11 15:54:48 -05:00
parent 39e3c4fb7c
commit 6b1e02f764
3 changed files with 17 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/changelog/7.x.x.txt
View file

@ -2,6 +2,7 @@
- webgui.org homepage gives 404 (#11778) - webgui.org homepage gives 404 (#11778)
- fixed #11779: SQLReport can run arbitrary queries - fixed #11779: SQLReport can run arbitrary queries
- fixed possible vulnerability loading template parser - fixed possible vulnerability loading template parser
- fixed possible vulnerability loading help files
7.9.11 7.9.11
- fixed #11755: New cart does not update shipping methods correctly - fixed #11755: New cart does not update shipping methods correctly

12
lib/WebGUI/Operation/Help.pm
View file

@ -41,18 +41,16 @@ been already and logs errors during the load.
sub _loadHelp { sub _loadHelp {
my $session = shift; my $session = shift;
my $helpPackage = shift; my $helpPackage = shift;
eval { WebGUI::Pluggable::load( $helpPackage ); };
if ($@) {
$session->errorHandler->error("Help failed to compile: $helpPackage. ".$@);
return {};
}
if (defined *{"$helpPackage\::HELP"}) { ##Symbol table lookup if (defined *{"$helpPackage\::HELP"}) { ##Symbol table lookup
our $table; our $table;
*table = *{"$helpPackage\::HELP"}; ##Create alias into symbol table *table = *{"$helpPackage\::HELP"}; ##Create alias into symbol table
return $table; ##return whole hashref return $table; ##return whole hashref
} }
my $load = sprintf 'use %-s; $%-s::HELP', $helpPackage, $helpPackage;
my $help = eval($load);
if ($@) {
$session->errorHandler->error("Help failed to compile: $helpPackage. ".$@);
return {};
}
return $help;
} }
#------------------------------------------------------------------- #-------------------------------------------------------------------

13
t/Help/compiled.t
View file

@ -15,13 +15,14 @@ use lib "$FindBin::Bin/../lib";
use WebGUI::Test; use WebGUI::Test;
use WebGUI::Session; use WebGUI::Session;
use WebGUI::Operation::Help; use WebGUI::Operation::Help;
use Test::More;
use Test::Exception;
#The goal of this test is to verify that all entries in the lib/WebGUI/Help #The goal of this test is to verify that all entries in the lib/WebGUI/Help
#directory compile. This test is necessary because WebGUI::Operation::Help #directory compile. This test is necessary because WebGUI::Operation::Help
#will return an empty hash if it won't compile, and the help will simply #will return an empty hash if it won't compile, and the help will simply
#disappear. #disappear.
use Test::More;
my $numTests = 0; my $numTests = 0;
my $session = WebGUI::Test->session; my $session = WebGUI::Test->session;
@ -30,10 +31,18 @@ my @helpFileSet = WebGUI::Operation::Help::_getHelpFilesList($session);
$numTests = scalar @helpFileSet; #One for each help compile $numTests = scalar @helpFileSet; #One for each help compile
plan tests => $numTests; plan tests => $numTests + 2;
foreach my $helpSet (@helpFileSet) { foreach my $helpSet (@helpFileSet) {
my $helpName = $helpSet->[1]; my $helpName = $helpSet->[1];
my $help = WebGUI::Operation::Help::_load($session, $helpName); my $help = WebGUI::Operation::Help::_load($session, $helpName);
ok(keys %{ $help }, "$helpName compiled"); ok(keys %{ $help }, "$helpName compiled");
} }
#----------------------------------------------------------------------------
# Test invalid help files
WebGUI::Test->interceptLogging;
lives_ok { WebGUI::Operation::Help::_load( $session, '::HI::' ) } "invalid help module doesnt die";
like( $WebGUI::Test::logger_error, qr/^Help failed to compile/, 'invalid help module errored' );
WebGUI::Test->restoreLogging;