added data serialization, encryption, and ip subnet checking to spectre

lib/WebGUI/Operation.pm

@@ -77,6 +77,7 @@ Returns a hash reference containing operation and package names.
 
 sub getOperations {
 	return {
+	  'spectre' => 'WebGUI::Operation::Spectre',
 	  'adminConsole' => 'WebGUI::Operation::Admin',
           'switchOffAdmin' => 'WebGUI::Operation::Admin',
           'switchOnAdmin' => 'WebGUI::Operation::Admin',

lib/WebGUI/Operation/Spectre.pm

@@ -0,0 +1,49 @@
+package WebGUI::Operation::Spectre;
+
+#-------------------------------------------------------------------
+# WebGUI is Copyright 2001-2006 Plain Black Corporation.
+#-------------------------------------------------------------------
+# Please read the legal notices (docs/legal.txt) and the license
+# (docs/license.txt) that came with this distribution before using
+# this software.
+#-------------------------------------------------------------------
+# http://www.plainblack.com                     info@plainblack.com
+#-------------------------------------------------------------------
+
+use strict;
+use Crypt::Blowfish;
+use JSON;
+
+=head1 NAME
+
+Package WebGUI::Operation::Spectre
+
+=head1 DESCRIPTION
+
+Operation handler for Spectre functions.
+
+=cut
+
+#-------------------------------------------------------------------
+
+=head2 www_spectre ( )
+
+Checks to ensure the requestor is who we think it is, and then executes a spectre function, and returns a data packet.
+
+=cut
+
+sub www_spectre {
+	my $session = shift;
+	return $session->privilege->insufficient unless(isInSubnet($session->env->get("REMOTE_ADDR"), $session->config->get("spectreSubnets"));
+	my $cipher = Crypt::Blowfish->new($session->config->get("spectreCryptoKey"));
+	my $payload = jsonToObj($cipher->decrypt($session->form->get("payload")));
+	my $out = {};
+	if ($payload->{do} eq "runWorkflow") {
+		# do workflow stuff
+	}
+	return $cipher->encrypt(objToJson($out));
+}
+
+
+
+1;

lib/WebGUI/Utility.pm

@@ -19,9 +19,10 @@ package WebGUI::Utility;
 use Exporter;
 use strict;
 use Tie::IxHash;
+use Net::Subnets;
 
 our @ISA = qw(Exporter);
-our @EXPORT = qw(&isBetween &makeTabSafe &makeArrayTabSafe &randomizeHash &commify &randomizeArray 
+our @EXPORT = qw(&isBetween &makeTabSafe &makeArrayTabSafe &randomizeHash &commify &randomizeArray &isInSubnet
 	&formatBytes &sortHashDescending &sortHash &isIn &makeCommaSafe &makeArrayCommaSafe &randint &round
 	);
 
@@ -40,6 +41,7 @@ This package provides miscellaneous but useful utilities to the WebGUI programme
  $string = commify($integer);
  $size = formatBytes($integer);
  $boolean = isIn($value, @array);
+ $boolean = isInSubnet($ip, \@subnets);
  makeArrayCommaSafe(\@array); 
  makeArrayTabSafe(\@array); 
  $string = makeCommaSafe($string);
@@ -155,6 +157,48 @@ sub isIn {
 	return 0;
 }
 
+
+#-------------------------------------------------------------------
+
+=head2 isInSubnet ( ipAddress, subnets ) 
+
+Verifies whether an IP address is in a given subnet. Returns a 1 if it is, undef if there's a formatting error, or 0 if the IP is not in the list of subnets.
+
+=head3 ipAddress
+
+A scalar containing an IP address.
+
+=head3 subnets
+
+An array reference containing subnets in CIDR format. Example: 127.0.0.1/32
+
+=cut
+
+sub isInSubnet {
+	my $ip = shift;
+	my $subnets = shift;
+	# some validation
+	for my $cidr ( @{ $subnets } ) {
+    		my @parts = $cidr =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)\/(\d+)$/;
+    		unless ( 5 == @parts ) { # cidr has 5 parts
+			return undef;
+    		}
+    		unless ( 4 == grep { $_ <= 255 } @parts[0..3] ) { # each octet needs to be between 0 and 255
+			return undef;
+    		}
+    		unless ( $parts[4] <= 32 ) { # the subnet needs to be less than or equal to 32, as 32 represents only 1 ip address
+			return undef;
+    		}
+	}
+	my $net = Net::Subnets->new;
+	$net->subnets($subnets);
+	if ($net->check($ip)) {
+		return 1;
+	} else {
+		return 0;
+	}
+}
+
 #-------------------------------------------------------------------
 
 =head2 makeArrayCommaSafe ( array )