Package
This object provides an interface to the outside world. All calls to
system functions, or handling of file names, should be brokered by
this object. | ||||||||
Added: | ||||||||
> > | NOTE: TWiki creates a singleton sandbox that is shared by all TWiki runs under a single mod_perl instance. If any TWiki run modifies the sandbox, that modification will carry over in to subsequent runs. Be very, very careful! | |||||||
Added: | ||||||||
> > | ||||||||
On this page:
ClassMethod new ($os,$realOS)Construct a new sandbox suitable for $os, setting flags for platform features that help. $realOS distinguishes Perl variants on platforms such as Windows. | ||||||||
Added: | ||||||||
> > |
ObjectMethod finish ()Break circular references. | |||||||
StaticMethod untaintUnchecked ($string) -> $untaintedUntaints $string without any checks (dangerous). If $string is undefined, return undef. The intent is to use this routine to be able to find all untainting places using grep.StaticMethod normalizeFileName ($string) -> $filenameErrors out if $string contains filtered characters. The returned string is not tainted, but it may contain shell metacharacters and even control characters.StaticMethod sanitizeAttachmentName ($fname) -> ($fileName,$origName)Given a file name received in a query parameter, sanitise it. Returns the sanitised name together with the basename before sanitisation. Sanitisation includes filtering illegal characters and mapping client file names to legal server names.ObjectMethod sysCommand ($template,@params) -> ($data,$exit)Invokes the program described by $template and @params![]() |
Package | ||||||||
Added: | ||||||||
> > | ||||||||
This object provides an interface to the outside world. All calls to
system functions, or handling of file names, should be brokered by
this object.
On this page:
ClassMethod new ($os,$realOS)Construct a new sandbox suitable for $os, setting flags for platform features that help. $realOS distinguishes Perl variants on platforms such as Windows.StaticMethod untaintUnchecked ($string) -> $untaintedUntaints $string without any checks (dangerous). If $string is undefined, return undef. The intent is to use this routine to be able to find all untainting places using grep.StaticMethod normalizeFileName ($string) -> $filenameErrors out if $string contains filtered characters. The returned string is not tainted, but it may contain shell metacharacters and even control characters.StaticMethod sanitizeAttachmentName ($fname) -> ($fileName,$origName)Given a file name received in a query parameter, sanitise it. Returns the sanitised name together with the basename before sanitisation. Sanitisation includes filtering illegal characters and mapping client file names to legal server names.ObjectMethod sysCommand ($template,@params) -> ($data,$exit)Invokes the program described by $template and @params![]() |
Package
This object provides an interface to the outside world. All calls to
system functions, or handling of file names, should be brokered by
this object.
| ||||||||
Changed: | ||||||||
< < | STATIC Errors out if $string contains filtered characters. | |||||||
> > | Errors out if $string contains filtered characters. | |||||||
The returned string is not tainted, but it may contain shell metacharacters and even control characters. | ||||||||
Added: | ||||||||
> > |
StaticMethod sanitizeAttachmentName ($fname) -> ($fileName,$origName)Given a file name received in a query parameter, sanitise it. Returns the sanitised name together with the basename before sanitisation. Sanitisation includes filtering illegal characters and mapping client file names to legal server names. | |||||||
ObjectMethod sysCommand ($template,@params) -> ($data,$exit)Invokes the program described by $template and @params![]() |
Package
This object provides an interface to the outside world. All calls to
system functions, or handling of file names, should be brokered by
this object.
|