[LON-CAPA-cvs] cvs: loncom /xml Safe.pm

albertel lon-capa-cvs@mail.lon-capa.org
Thu, 17 Oct 2002 19:27:24 -0000


albertel		Thu Oct 17 15:27:24 2002 EDT

  Modified files:              
    /loncom/xml	Safe.pm 
  Log:
  - closing security hole
  
  
Index: loncom/xml/Safe.pm
diff -u loncom/xml/Safe.pm:1.2 loncom/xml/Safe.pm:1.3
--- loncom/xml/Safe.pm:1.2	Sat Mar 30 13:53:17 2002
+++ loncom/xml/Safe.pm	Thu Oct 17 15:27:24 2002
@@ -214,7 +214,7 @@
     # Create anon sub ref in root of compartment.
     # Uses a closure (on $expr) to pass in the code to be executed.
     # (eval on one line to keep line numbers as expected by caller)
-	my $evalcode = sprintf('package %s; sub { eval $__SAFE_LOCAL_expr; }', $root);
+    my $evalcode = sprintf('package %s; sub { @_ = (); eval $__SAFE_LOCAL_expr; }', $root);
     my $evalsub;
 
 	if ($strict) { use strict; $evalsub = eval $evalcode; }
@@ -228,7 +228,7 @@
     my $root = $obj->{Root};
 
     my $evalsub = eval
-	    sprintf('package %s; sub { do $file }', $root);
+	      sprintf('package %s; sub { @_ = (); do $file }', $root);
     return Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub);
 }