oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of git@github.com:plainblack/webgui

Browse source
This commit is contained in:
khenn 2010-08-10 21:35:43 -05:00
commit da2b55d484
4 changed files with 18 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/changelog/7.x.x.txt
View file

@ -14,6 +14,7 @@
- fixed #11772: Metadata in Post doesn't set default value correctly - fixed #11772: Metadata in Post doesn't set default value correctly
- fixed #11768: Edit Branch does not update File wgaccess permissions - fixed #11768: Edit Branch does not update File wgaccess permissions
- added Asset Report Asset allowing creation of reports based on Asset Properties. - added Asset Report Asset allowing creation of reports based on Asset Properties.
- fixed #11773: Pluggable allows arbitrary module loading
7.9.10 7.9.10
- fixed #11721: spamStopWords not in WebGUI.conf.original - fixed #11721: spamStopWords not in WebGUI.conf.original

5
lib/WebGUI/Pluggable.pm
View file

@ -232,6 +232,11 @@ sub load {
croak "Could not load $module because $moduleError{$module}"; croak "Could not load $module because $moduleError{$module}";
} }
# Sanitize
if ( $module !~ m{^\w+(?:::\w+)*$} ) {
croak "Invalid module name: $module";
}
# Try to load the module # Try to load the module
my $modulePath = $module . ".pm"; my $modulePath = $module . ".pm";
$modulePath =~ s{::|'}{/}g; $modulePath =~ s{::|'}{/}g;

2
lib/WebGUI/Storage.pm
View file

@ -315,7 +315,7 @@ sub addFileFromFilesystem {
return undef; return undef;
} }
my $filename = (File::Spec->splitpath( $pathToFile ))[2]; my $filename = (File::Spec->splitpath( $pathToFile ))[2];
if (isIn($self->getFileExtension($filename), qw(pl perl sh cgi php asp))) { if (isIn($self->getFileExtension($filename), qw(pl perl sh cgi php asp pm))) {
$filename =~ s/\./\_/g; $filename =~ s/\./\_/g;
$filename .= ".txt"; $filename .= ".txt";
} }

12
t/Pluggable.t
View file

@ -31,6 +31,7 @@ use Test::Deep::Shallow;
use Test::Deep::Blessed; use Test::Deep::Blessed;
use Test::Deep::Isa; use Test::Deep::Isa;
use Test::Deep::Set; use Test::Deep::Set;
use Test::Exception;
use WebGUI::Pluggable; use WebGUI::Pluggable;
@ -41,7 +42,7 @@ use WebGUI::Pluggable;
#---------------------------------------------------------------------------- #----------------------------------------------------------------------------
# Tests # Tests
plan tests => 12; # Increment this number for each test you create plan tests => 19; # Increment this number for each test you create
#---------------------------------------------------------------------------- #----------------------------------------------------------------------------
# put your tests here # put your tests here
@ -62,6 +63,15 @@ is($dumper->Dump, q|$VAR1 = {
}; };
|, "Can instanciate an object."); |, "Can instanciate an object.");
dies_ok { WebGUI::Pluggable::load( '::HA::HA' ) } 'load dies on bad input';
like( $@, qr/^\QInvalid module name: ::HA::HA/, 'helpful error message' );
dies_ok { WebGUI::Pluggable::load( 'HA::HA::' ) } 'load dies on bad input';
dies_ok { WebGUI::Pluggable::load( 'HA::..::..::HA' ) } 'load dies on bad input';
dies_ok { WebGUI::Pluggable::load( '..::..::..::HA' ) } 'load dies on bad input';
dies_ok { WebGUI::Pluggable::load( 'uploads::ik::jo::ikjosdfwefsdfsefwef::myfile.txt\0.pm' ) } 'load dies on bad input';
dies_ok { WebGUI::Pluggable::load( 'HA::::HA' ) } 'load dies on bad input';
#---------------------------------------------------------------------------- #----------------------------------------------------------------------------
# Test find and findAndLoad # Test find and findAndLoad
{ # Block to localize @INC { # Block to localize @INC