Apache-Wyrd

 view release on metacpan or  search on metacpan

Changes  view on Meta::CPAN

           IP addresses can now be checked in Apache::Wyrd::Services::Auth
           and Apache::Wyrd::Interfaces::GetUser to prevent cookie-theft

           Changed conditional expression interpretation order to behave more
           intuitively in Apache::Wyrd::Interfaces::Setter. _set now preserves
           conditionals which may not be addressed by the current _set
           operation, while clear_set interprets these conditionals as false. 
           This allows better layering of _set-tings on the same argument

           SAK: file_attribute() now untaints the file path it generates
           sort_by_[i]key will reverse order on a key if the key is
           preceeded by a minus sign

           Documentation changes

    0.93   March 25, 2005

           New Wyrd: Apache::Wyrd::Services::Bot for defining a process
           to be invoked and monitoring that process from a browser
           window

Wyrd/Bot.pm  view on Meta::CPAN

sub _format_output {
	my ($self) = @_;
	$self->_init_params;
	my $running = 0;
	my $start = 1;
	my $view = '';
	my $status = 0;
	my $meta = '';
	if (-f $self->pidfile) {
		my $pid = ${slurp_file($self->pidfile)};
		($pid) = $pid =~ /^(\d+)$/; #untainting
		$running = kill(0, $pid) if ($pid);
		if (not($pid)) {
			$self->_raise_exception("Pidfile " . $self->pidfile . " exists, but can't be read. Cannot continue.");
		} elsif ($running) {
			$self->_info("An instance of this Bot is running.  A new bot will not be launched.");
			$start = 0;
		} else {
			sleep 1;#making sure the other process wasn't just about to remove the file, and we caught it in mid-state
			if (-f $self->pidfile) {
				$self->_error("A stale pidfile was found.  Removing it and continuing... ");

Wyrd/DBL.pm  view on Meta::CPAN

		logfile
		loglevel
		mode
		mtime
		nlink
		rdev
		req
		self_path
		size
		strict
		taint_exceptions
		uid
		user
	);
	my $data = {
		dbl_log		=>	[],
		dbh_ok		=>	0,
		dbh			=>	undef,
		response	=>	undef
	};
	foreach my $param (@standard_params) {

Wyrd/DBL.pm  view on Meta::CPAN

=cut

sub base_class {
	my ($self) = @_;
	return $self->{'base_class'};
}

=pod

=item (hashref) C<taint_exceptions> (void)

Which params are allowed to contain information that could be interpreted as a
Wyrd.

=cut

sub taint_exceptions {
	my ($self) = @_;
	return @{$self->{'taint_exceptions'} || []};
}

=pod

=item (hashref) C<globals> (void)

return a reference to the globals hashref  Has a useful debugging message on unfound globals.

=cut

Wyrd/DBL.pm  view on Meta::CPAN

	return $self->{'apr'};
}

=pod

=item (scalar/arrayref) C<param> ([scalar])

Like CGI->param().  As a security measure, any data found in parameters which
matches the name of the Wyrds on a given installation, I<e.g. BASENAME> is
dropped unless the variable is named in the array of variable names stored
by reference under the C<taint_exceptions> key of the BASENAME::Handler's
C<init()> function.

=cut

sub param {
	my ($self, $value, $set) = @_;
	return $self->apr->param($value, $set) if (scalar(@_) > 2);
	if ($value) {
			if (grep {$value eq $_} $self->taint_exceptions) {
				return $self->apr->param($value);
			}
			my $forbidden = qr/<$self->{base_class}/;
			if (wantarray) {
				return grep {$_ !~ /$forbidden/} $self->apr->param($value);
			} else {
				my $result = $self->apr->param($value);
				if ($result !~ /$forbidden/) {
					return $result
				}

Wyrd/Handler.pm  view on Meta::CPAN

defines the hashref which will be used to initialize the Apache::Wyrd objects. 
It B<must> return the request object under the key 'req', which is stored under
the C<Apache::Wyrd::Handler> attribute 'req' by the C<handler> method.  Any
other keys are optional.

By default, if the hash key 'error_page' is set (non-null), the installation
will use an error page with a debugging log.  See the C<errorpage> method.

Note also if you wish to pass data containing Wyrd constructions via CGI
variables, you need to list the variables by array reference here under the
taint_exceptions key.  For example, a site under the namespace "TESTSITE" has
a form with a text area called "widget_text" in which Wyrds may be composed.
This text area's name is included in the hashref values returned by init:

  sub init {
    my ($self) = @_;
    return {
      req => $self->{'req'},
      taint_exceptions => ['widget_text'],
      .... other init keys and values ...
    }
  }

Otherwise, any data submitted by the textarea will be ignored if it contains
any string beginning with E<lt>TESTSITE::.

=cut

sub init {

Wyrd/Services/SAK.pm  view on Meta::CPAN

	foreach my $path (@paths) {
		#warn "testing $path";
		my $result = 1;
		foreach my $test (split '', $tests) {
			my $write_ok = (-w $path);
			$result = 0 if ($test eq 'w' and not ($write_ok));
			$result = 0 if ($test eq 'r' and not (-r _));
			$result = 0 if ($test eq 'd' and not (-d _));
			$result = 0 if ($test eq 'f' and not (-f _));
		}
		($path) = $path =~ /(.+)/;#untaint
		return $path if ($result);
	}
	#at this point, the tests have failed for all paths.
	#test the special case of a file for writing that does
	#not yet exist
	if (($tests =~ /w/) and ($tests !~ /d|f/)) {
		foreach my $path (@paths) {
			($path) = $path =~ /(.+)/;#untaint
			my ($testdir, @null) = ($path =~ m#(.+)/([^/]+)#);
			if ($tests =~ /r/) {
				return $path if (-d $testdir and -w _ and -r _)
			} else {
				return $path if (-d $testdir and -w _)
			}
		}
	}
	return;
}