=head1 SYNOPSIS
-use Debbugs::Text qw(:templates);
-print fill_in_template(template => 'cgi/foo');
+ use Debbugs::Text qw(:templates);
+ print fill_in_template(template => 'cgi/foo');
=head1 DESCRIPTION
@EXPORT_OK = ();
Exporter::export_ok_tags(qw(templates));
$EXPORT_TAGS{all} = [@EXPORT_OK];
+ push @ISA,qw(Safe::Hole::User);
}
use Safe;
+use Safe::Hole;
use Text::Template;
use Storable qw(dclone);
use IO::File;
use Data::Dumper;
+our %tt_templates;
+our %filled_templates;
+our $safe;
+our $hole = Safe::Hole->new({});
+our $language;
+
+# This function is what is called when someone does include('foo/bar')
+# {include('foo/bar')}
+
+sub include {
+ my $template = shift;
+ $filled_templates{$template}++;
+ print STDERR "include template $template language $language safe $safe\n" if $DEBUG;
+ # Die if we're in a template loop
+ die "Template loop with $template" if $filled_templates{$template} > 10;
+ my $filled_tmpl = '';
+ eval {
+ $filled_tmpl = fill_in_template(template => $template,
+ variables => {},
+ language => $language,
+ safe => $safe,
+ );
+ };
+ if ($@) {
+ print STDERR "failed to fill template $template: $@";
+ }
+ print STDERR "failed to fill template $template\n" if $filled_tmpl eq '' and $DEBUG;
+ print STDERR "template $template '$filled_tmpl'\n" if $DEBUG;
+ $filled_templates{$template}--;
+ return $filled_tmpl;
+};
+
+
=head2 fill_in_template
print fill_in_template(template => 'template_name',
=cut
-our %tt_templates;
-our %filled_templates;
-our $safe;
-our $language;
+
sub fill_in_template{
my %param = validate_with(params => \@_,
spec => {template => SCALAR|HANDLE|SCALARREF,
safe => {type => OBJECT,
optional => 1,
},
+ hole_var => {type => HASHREF,
+ optional => 1,
+ },
},
);
- return _fill_in_template(@param{qw(template variables language safe output)});
-}
-
-
-sub include {
- my $template = shift;
- $filled_templates{$template}++;
- print STDERR "include template $template language $language safe $safe\n" if $DEBUG;
- # Die if we're in a template loop
- die "Template loop with $template" if $filled_templates{$template} > 10;
- my $filled_tmpl;
- eval {
- $filled_tmpl = Debbugs::Text::_fill_in_template($template,
- {},
- $language,
- $safe,
- undef,
- 1
- );
- };
- if ($@) {
- print STDERR "failed to fill template $template: $@";
+ #@param{qw(template variables language safe output hole_var no_safe)} = @_;
+ if ($DEBUG) {
+ print STDERR "fill_in_template ";
+ print STDERR join(" ",map {exists $param{$_}?"$_:$param{$_}":()} keys %param);
+ print STDERR "\n";
}
- print STDERR "failed to fill template $template\n" if $filled_tmpl eq '' and $DEBUG;
- print STDERR "template $template '$filled_tmpl'\n" if $DEBUG;
- $filled_templates{$template}--;
- return $filled_tmpl;
-};
-
-sub _fill_in_template{
- my %param;
- @param{qw(template variables language safe output nosafe)} = @_;
- print STDERR "_fill template $param{template} language $param{language} safe $param{safe}\n"
- if $DEBUG;
# Get the text
my $tt_type = '';
else {
print STDERR "Created new safe\n" if $DEBUG;
$safe = Safe->new() or die "Unable to create safe compartment";
- $safe->deny_only();
- my @modules = ('Text::Template' => undef,
- );
- while (my ($module,$param) = splice (@modules,0,2)) {
- print STDERR "Eval $module\n" if $DEBUG;
- $safe->reval("use $module;");
- print STDERR "Error while attempting to 'use $module;' $@" if $@;
- }
- $safe->permit_only(':base_core',':base_io',':base_mem',':base_loop',
+ $safe->permit_only(':base_core',':base_loop',':base_mem',
qw(padsv padav padhv padany),
qw(rv2gv refgen srefgen ref),
+ qw(caller require entereval),
+ qw(gmtime time sprintf prtf),
);
- $safe->share('$language','%tt_templates','$safe','$variables','%filled_templates');
$safe->share('*STDERR');
- $safe->share('&_fill_in_template');
$safe->share('%config');
- $safe->share('&include');
+ $hole->wrap(\&Debbugs::Text::include,$safe,'&include');
my $root = $safe->root();
# load variables into the safe
for my $key (keys %{$param{variables}||{}}) {
${"${root}::$key"} = $param{variables}{$key};
}
}
+ for my $key (keys %{exists $param{hole_var}?$param{hole_var}:{}}) {
+ print STDERR "Wraping $key as $param{hole_var}{$key}\n" if $DEBUG;
+ $hole->wrap($param{hole_var}{$key},$safe,$key);
+ }
}
- #$safe->deny_only();
- # perldoc Opcode; for details
$language = $param{language};
my $tt;
if ($tt_type eq 'FILE' and
defined $tt_templates{$tt_source} and
- (stat $tt_source)[9] > $tt_templates{$tt_source}{mtime}
+ (stat $tt_source)[9] <= $tt_templates{$tt_source}{mtime}
) {
$tt = $tt_templates{$tt_source}{template};
}
}
$tt = Text::Template->new(TYPE => $tt_type,
SOURCE => $tt_source,
+ UNTAINT => 1,
);
if ($tt_type eq 'FILE') {
$tt_templates{$tt_source}{template} = $tt;
if (not defined $tt) {
die "Unable to create Text::Template for $tt_type:$tt_source";
}
- my $ret = $tt->fill_in(#(defined $param{nosafe} and $param{nosafe})?():(HASH=>$param{variables}),
- (defined $param{nosafe} and $param{nosafe})?():(SAFE=>$safe),
- #SAFE => $safe,
- (defined $param{nosafe} and $param{nosafe})?(PACKAGE => 'main'):(),
+ my $ret = $tt->fill_in(SAFE => $safe,
defined $param{output}?(OUTPUT=>$param{output}):(),
);
if (not defined $ret) {
my $temp = $param{nosafe}?'main':$safe->{Root};
print STDERR "Variables for $param{template}\n";
print STDERR "Safe $temp\n";
- print STDERR map {"$_:${$_}\n"} keys %{"${temp}::"};
- print STDERR ${"${temp}::search_value"},qq(\n);
+ print STDERR map {"$_: ".*{$_}."\n"} keys %{"${temp}::"};
}
return $ret;
projects / debbugs.git / blobdiff