[Catalyst-dev] Security issue with Catalyst::Action::REST
Peter Karman
peter at peknet.com
Wed Sep 1 18:46:29 GMT 2010
Ton Voon wrote on 09/01/2010 05:24 AM:
> Instead, I've patched Catalyst::Action::Deserialize::Data::Serializer so
> that if the serializer is Data::Dumper, pass it through a Safe
> compartment instead. This limits the input to JSON-like input in perl
> style which I guess is the most you would use REST input as.
What if the serializer is Data::Dump, et al.? I.e., is the special check
for Data::Dumper echoing some other, similar test in the module or in
Catalyst core?
--
Peter Karman . http://peknet.com/ . peter at peknet.com
More information about the Catalyst-dev
mailing list