X-Git-Url: http://git.shiar.net/gitweb.cgi/perl/plp/.git/blobdiff_plain/693387f6e6cf5efde73b10242253bb38baf1612a..a3e055f384279c0e88b1063ccc2b417c65f4df07:/PLP.pm

diff --git a/PLP.pm b/PLP.pm
index c78af41..0e2a2f9 100644
--- a/PLP.pm
+++ b/PLP.pm
@@ -120,7 +120,7 @@ sub sendheaders () {
 		    $inB = 0;
 		    $source .= "; print q\cQ";
 		} elsif ($part =~ /^<\((.*?)\)>\z/ and not $inA || $inB) {
-		    my $ipath = File::Spec->rel2abs($1);
+		    my $ipath = File::Spec->rel2abs($1, File::Basename::dirname($path));
 		    $source .= source($1, $level + 1, undef, $ipath) .
 			       qq/\cQ, \n#line $linenr "$file"\nq\cQ/;
 		    push @{ $cached{$path}[0] }, $ipath;
@@ -246,6 +246,7 @@ sub mod_perl_init {
     $ENV{PLP_NAME} = $r->uri;
 
     our $use_cache = $r->dir_config('PLPcache') !~ /^off$/i;
+    our $use_safe  = $r->dir_config('PLPsafe')  =~ /^on$/i;
     my $path = $r->filename();
     my ($file, $dir) = File::Basename::fileparse($path);
     chdir $dir;
@@ -255,9 +256,28 @@ sub mod_perl_init {
     return 0; # OK
 }
 
+# For PLPsafe scripts
+sub safe_eval {
+    my ($r, $code) = @_;
+    $r->send_http_header('text/plain');
+    require Safe;
+    unless ($PLP::safe) {
+	$PLP::safe = Safe->new('PLP::Script');
+	for ( map split, $r->dir_config->get('PLPsafe_module') ) {
+	    $PLP::safe->share('*' . $_ . '::');
+	    s!::!/!g;
+	    require $_ . '.pm';
+	}
+	$PLP::safe->permit(Opcode::full_opset());
+	$PLP::safe->deny(Opcode::opset(':dangerous'));
+    }
+    $PLP::safe->reval($code);
+}
+
 # Let the games begin!
 # No lexicals may exist at this point.
 sub start {
+    my ($r) = @_;
     no strict;
     tie *PLPOUT, 'PLP::Tie::Print';
     select PLPOUT;
@@ -271,9 +291,18 @@ sub start {
 	*cookies = \%cookie;
 	PLP::Functions->import();
 	# No lexicals may exist at this point.
-	eval qq{ package PLP::Script; $PLP::code; };
+	
+ 	if ($PLP::use_safe) {
+ 	    PLP::safe_eval($r, $PLP::code);
+ 	} else {
+	    eval qq{ package PLP::Script; $PLP::code; };
+ 	}
 	PLP::error($@, 1) if $@ and $@ !~ /\cS\cT\cO\cP/;
-	eval   { package PLP::Script; $_->() for reverse @PLP::END };
+ 	if ($PLP::use_safe) {
+ 	    PLP::safe_eval($r, '$_->() for reverse @PLP::END');
+ 	} else {
+	    eval   { package PLP::Script; $_->() for reverse @PLP::END };
+ 	}
 	PLP::error($@, 1) if $@ and $@ !~ /\cS\cT\cO\cP/;
     }
     PLP::sendheaders() unless $PLP::sentheaders;
@@ -294,10 +323,10 @@ sub everything {
 sub handler {
     require Apache::Constants;
     clean();
-    if (my $ret = mod_perl_init(shift)) {
+    if (my $ret = mod_perl_init($_[0])) {
 	return $ret;
     }
-    start();
+    start($_[0]);
     no strict 'subs';
     return Apache::Constants::OK();
 }