[Bast-commits] r5676 - in DBIx-Class/0.08/trunk: lib/DBIx/Class t

Tue Mar 3 09:44:52 GMT 2009

Author: ribasushi
Date: 2009-03-03 09:44:52 +0000 (Tue, 03 Mar 2009)
New Revision: 5676

Modified:
   DBIx-Class/0.08/trunk/lib/DBIx/Class/Schema.pm
   DBIx-Class/0.08/trunk/t/54taint.t
Log:
Extend untainting of findallmod() to load_namespaces as well as load_classes

Modified: DBIx-Class/0.08/trunk/lib/DBIx/Class/Schema.pm
===================================================================

--- DBIx-Class/0.08/trunk/lib/DBIx/Class/Schema.pm	2009-03-03 09:30:15 UTC (rev 5675)
+++ DBIx-Class/0.08/trunk/lib/DBIx/Class/Schema.pm	2009-03-03 09:44:52 UTC (rev 5676)
@@ -157,6 +157,21 @@
   return $name;
 }
 
+# Finds all modules in the supplied namespace, or if omitted in the
+# namespace of $class. Untaints all findings as they can be assumed
+# to be safe
+sub _findallmod {
+  my $proto = shift;
+  my $ns = shift || ref $proto || $proto;
+
+  my @mods = Module::Find::findallmod($ns);
+
+  # try to untaint module names. mods where this fails
+  # are left alone so we don't have to change the old behavior
+  no locale; # localized \w doesn't untaint expression
+  return map { $_ =~ m/^( (?:\w+::)* \w+ )$/x ? $1 : $_ } @mods;
+}
+
 # returns a hash of $shortname => $fullname for every package
 #  found in the given namespaces ($shortname is with the $fullname's
 #  namespace stripped off)
@@ -168,7 +183,7 @@
     push(
       @results_hash,
       map { (substr($_, length "${namespace}::"), $_) }
-      Module::Find::findallmod($namespace)
+      $class->_findallmod($namespace)
     );
   }
 
@@ -314,7 +329,7 @@
     }
   } else {
     my @comp = map { substr $_, length "${class}::"  }
-                 Module::Find::findallmod($class);
+                 $class->_findallmod;
     $comps_for{$class} = \@comp;
   }
 
@@ -325,13 +340,6 @@
     foreach my $prefix (keys %comps_for) {
       foreach my $comp (@{$comps_for{$prefix}||[]}) {
         my $comp_class = "${prefix}::${comp}";
-        { # try to untaint module name. mods where this fails
-          # are left alone so we don't have to change the old behavior
-          no locale; # localized \w doesn't untaint expression
-          if ( $comp_class =~ m/^( (?:\w+::)* \w+ )$/x ) {
-            $comp_class = $1;
-          }
-        }
         $class->ensure_class_loaded($comp_class);
 
         my $snsub = $comp_class->can('source_name');

Modified: DBIx-Class/0.08/trunk/t/54taint.t
===================================================================
--- DBIx-Class/0.08/trunk/t/54taint.t	2009-03-03 09:30:15 UTC (rev 5675)
+++ DBIx-Class/0.08/trunk/t/54taint.t	2009-03-03 09:44:52 UTC (rev 5676)
@@ -6,18 +6,8 @@
 use warnings;
 
 use Test::More;
+BEGIN { plan tests => 7 }
 
-BEGIN {
-  eval "require Module::Find;";
-  if ($@) {
-    plan skip_all => 'Could not load Module::Find';
-    exit;
-  }
-  else {
-    plan tests => 7;
-  }
-}
-
 package DBICTest::Taint::Classes;
 
 use Test::More;
@@ -52,5 +42,4 @@
   ok( __PACKAGE__->source('Test'), 'The Namespaces::Test source has been registered' );
 }, 'Loading classes with Module::Find/load_namespaces worked in taint mode' );
 
-
 1;


