1head 1.4; 2access; 3symbols; 4locks; strict; 5comment @# @; 6 7 81.4 9date 2008.01.22.03.21.28; author TWikiContributor; state Exp; 10branches; 11next 1.3; 12 131.3 14date 2007.01.16.04.12.05; author TWikiContributor; state Exp; 15branches; 16next 1.2; 17 181.2 19date 2006.10.25.00.22.01; author TWikiContributor; state Exp; 20branches; 21next 1.1; 22 231.1 24date 2006.02.01.12.01.25; author TWikiContributor; state Exp; 25branches; 26next ; 27 28 29desc 30@new-topic 31@ 32 33 341.4 35log 36@buildrelease 37@ 38text 39@---+ Package =TWiki::Sandbox= 40 41This object provides an interface to the outside world. All calls to 42system functions, or handling of file names, should be brokered by 43this object. 44 45NOTE: TWiki creates a singleton sandbox that is *shared* by all TWiki 46runs under a single mod_perl instance. If any TWiki run modifies the 47sandbox, that modification will carry over in to subsequent runs. 48Be very, very careful! 49 50 51%TOC% 52 53---++ ClassMethod *new* <tt>($os,$realOS)</tt> 54 55Construct a new sandbox suitable for $os, setting 56flags for platform features that help. $realOS distinguishes 57Perl variants on platforms such as Windows. 58 59 60 61---++ ObjectMethod *finish* <tt>()</tt> 62Break circular references. 63 64 65 66---++ StaticMethod *untaintUnchecked* <tt>($string) -> $untainted</tt> 67 68Untaints $string without any checks (dangerous). If $string is 69undefined, return undef. 70 71The intent is to use this routine to be able to find all untainting 72places using grep. 73 74 75 76---++ StaticMethod *normalizeFileName* <tt>($string) -> $filename</tt> 77 78Errors out if $string contains filtered characters. 79 80The returned string is not tainted, but it may contain shell 81metacharacters and even control characters. 82 83 84 85---++ StaticMethod *sanitizeAttachmentName* <tt>($fname) -> ($fileName,$origName)</tt> 86 87Given a file name received in a query parameter, sanitise it. Returns 88the sanitised name together with the basename before sanitisation. 89 90Sanitisation includes filtering illegal characters and mapping client 91file names to legal server names. 92 93 94 95---++ ObjectMethod *sysCommand* <tt>($template,@@params) -> ($data,$exit)</tt> 96 97Invokes the program described by $template 98and @@params, and returns the output of the program and an exit code. 99STDOUT is returned. STDERR is THROWN AWAY. 100 101The caller has to ensure that the invoked program does not react in a 102harmful way to the passed arguments. sysCommand merely 103ensures that the shell does not interpret any of the passed arguments. 104 105 106@ 107 108 1091.3 110log 111@buildrelease 112@ 113text 114@d7 5 115d23 5 116@ 117 118 1191.2 120log 121@buildrelease 122@ 123text 124@d2 1 125@ 126 127 1281.1 129log 130@buildrelease 131@ 132text 133@d29 1 134a29 1 135STATIC Errors out if $string contains filtered characters. 136d36 10 137@ 138