[LON-CAPA-cvs] cvs: loncom /xml Safe.pm
albertel
lon-capa-cvs@mail.lon-capa.org
Thu, 17 Oct 2002 19:27:24 -0000
albertel Thu Oct 17 15:27:24 2002 EDT
Modified files:
/loncom/xml Safe.pm
Log:
- closing security hole
Index: loncom/xml/Safe.pm
diff -u loncom/xml/Safe.pm:1.2 loncom/xml/Safe.pm:1.3
--- loncom/xml/Safe.pm:1.2 Sat Mar 30 13:53:17 2002
+++ loncom/xml/Safe.pm Thu Oct 17 15:27:24 2002
@@ -214,7 +214,7 @@
# Create anon sub ref in root of compartment.
# Uses a closure (on $expr) to pass in the code to be executed.
# (eval on one line to keep line numbers as expected by caller)
- my $evalcode = sprintf('package %s; sub { eval $__SAFE_LOCAL_expr; }', $root);
+ my $evalcode = sprintf('package %s; sub { @_ = (); eval $__SAFE_LOCAL_expr; }', $root);
my $evalsub;
if ($strict) { use strict; $evalsub = eval $evalcode; }
@@ -228,7 +228,7 @@
my $root = $obj->{Root};
my $evalsub = eval
- sprintf('package %s; sub { do $file }', $root);
+ sprintf('package %s; sub { @_ = (); do $file }', $root);
return Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub);
}