Difference: TWikiSandboxDotPm (1 vs. 4)
Revision 42008-01-22 - TWikiContributor
Package
This object provides an interface to the outside world. All calls to
system functions, or handling of file names, should be brokered by
this object. | ||||||||
| Added: | ||||||||
| > > | NOTE: TWiki creates a singleton sandbox that is shared by all TWiki runs under a single mod_perl instance. If any TWiki run modifies the sandbox, that modification will carry over in to subsequent runs. Be very, very careful! | |||||||
| Added: | ||||||||
| > > | ||||||||
On this page:
ClassMethod new ($os,$realOS)Construct a new sandbox suitable for $os, setting flags for platform features that help. $realOS distinguishes Perl variants on platforms such as Windows. | ||||||||
| Added: | ||||||||
| > > |
ObjectMethod finish ()Break circular references. | |||||||
StaticMethod untaintUnchecked ($string) -> $untaintedUntaints $string without any checks (dangerous). If $string is undefined, return undef. The intent is to use this routine to be able to find all untainting places using grep.StaticMethod normalizeFileName ($string) -> $filenameErrors out if $string contains filtered characters. The returned string is not tainted, but it may contain shell metacharacters and even control characters.StaticMethod sanitizeAttachmentName ($fname) -> ($fileName,$origName)Given a file name received in a query parameter, sanitise it. Returns the sanitised name together with the basename before sanitisation. Sanitisation includes filtering illegal characters and mapping client file names to legal server names.ObjectMethod sysCommand ($template,@params) -> ($data,$exit)Invokes the program described by $template and @params , and returns the output of the program and an exit code.
STDOUT is returned. STDERR is THROWN AWAY.
The caller has to ensure that the invoked program does not react in a
harmful way to the passed arguments. sysCommand merely
ensures that the shell does not interpret any of the passed arguments.
| ||||||||
Revision 32007-01-16 - TWikiContributor
Package | ||||||||
| Added: | ||||||||
| > > | ||||||||
| This object provides an interface to the outside world. All calls to
system functions, or handling of file names, should be brokered by
this object.
On this page:
ClassMethod new ($os,$realOS)Construct a new sandbox suitable for $os, setting flags for platform features that help. $realOS distinguishes Perl variants on platforms such as Windows.StaticMethod untaintUnchecked ($string) -> $untaintedUntaints $string without any checks (dangerous). If $string is undefined, return undef. The intent is to use this routine to be able to find all untainting places using grep.StaticMethod normalizeFileName ($string) -> $filenameErrors out if $string contains filtered characters. The returned string is not tainted, but it may contain shell metacharacters and even control characters.StaticMethod sanitizeAttachmentName ($fname) -> ($fileName,$origName)Given a file name received in a query parameter, sanitise it. Returns the sanitised name together with the basename before sanitisation. Sanitisation includes filtering illegal characters and mapping client file names to legal server names.ObjectMethod sysCommand ($template,@params) -> ($data,$exit)Invokes the program described by $template and @params, and returns the output of the program and an exit code.
STDOUT is returned. STDERR is THROWN AWAY.
The caller has to ensure that the invoked program does not react in a
harmful way to the passed arguments. sysCommand merely
ensures that the shell does not interpret any of the passed arguments.
| ||||||||
Revision 22006-10-25 - TWikiContributor
Package
This object provides an interface to the outside world. All calls to
system functions, or handling of file names, should be brokered by
this object.
| ||||||||
| Changed: | ||||||||
| < < | STATIC Errors out if $string contains filtered characters. | |||||||
| > > | Errors out if $string contains filtered characters. | |||||||
| The returned string is not tainted, but it may contain shell metacharacters and even control characters. | ||||||||
| Added: | ||||||||
| > > |
StaticMethod sanitizeAttachmentName ($fname) -> ($fileName,$origName)Given a file name received in a query parameter, sanitise it. Returns the sanitised name together with the basename before sanitisation. Sanitisation includes filtering illegal characters and mapping client file names to legal server names. | |||||||
ObjectMethod sysCommand ($template,@params) -> ($data,$exit)Invokes the program described by $template and @params, and returns the output of the program and an exit code.
STDOUT is returned. STDERR is THROWN AWAY.
The caller has to ensure that the invoked program does not react in a
harmful way to the passed arguments. sysCommand merely
ensures that the shell does not interpret any of the passed arguments.
| ||||||||
Revision 12006-02-01 - TWikiContributor
Package
This object provides an interface to the outside world. All calls to
system functions, or handling of file names, should be brokered by
this object.
|
View topic | History: r4 < r3 < r2 < r1 | More topic actions...
Copyright &© 1999-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.TWikiSandboxDotPm.