modernize include macro slightly and add note about security

2012-11-17 15:56:52 -05:00 · 2012-11-17 15:56:52 -05:00 · 76b638ddb9
commit 76b638ddb9
parent 759c93cbe3
1 changed files with 11 additions and 17 deletions
--- a/lib/WebGUI/Macro/Include.pm
+++ b/lib/WebGUI/Macro/Include.pm
@ -11,7 +11,6 @@ package WebGUI::Macro::Include;
 #-------------------------------------------------------------------
 use strict;
 use FileHandle;
 use WebGUI::International;
 =head1 NAME
@ -21,6 +20,8 @@ Package WebGUI::Macro::Include
 =head1 DESCRIPTION
 Macro for returning the contents of a file from the filesystem.
 This macro is an extreme security risk and you are advised not to
 use it.
 =head2 process ( filename )
@ -36,22 +37,15 @@ The complete path to a file in the local filesystem.
 #-------------------------------------------------------------------
 sub process {
-	my $session = shift;
+    my $session = shift;
-        my (@param, $temp, $file);
+    my $filename = shift;
-        @param = @_;
+    my $i18n = WebGUI::International->new($session,'Macro_Include');
-	my $i18n = WebGUI::International->new($session,'Macro_Include');
+    if ($filename =~ /passwd/i || $filename =~ /shadow/i || $filename =~ m{\.conf$}i) {
-	if ($param[0] =~ /passwd/i || $param[0] =~ /shadow/i || $param[0] =~ m{\.conf$}i) {
+        return $i18n->get('security');
-                return $i18n->get('security');
+    }
-        }
+    open my $fh, '<', $filename
-	$file = FileHandle->new($param[0],"r");
+        or return $i18n->get('not found');
-	if ($file) {
+    return scalar do { local $/; readline $fh };
 		local $/;
 		$temp = $file->getline();
 		$file->close;
 	} else {
 		$temp = $i18n->get('not found');
 	}
        return $temp;
 }