From d459a70719ef2247c197bc401f40bf0a207176b1 Mon Sep 17 00:00:00 2001
From: Xavier Guimard <xavier.guimard@laposte.net>
Date: Sat, 30 Dec 2006 21:22:28 +0000
Subject: [PATCH]  * delete old comments  * using Safe instead of eval for
 external expressions

---
 .../lib/Lemonldap/NG/Portal/SharedConf.pm     | 44 ++++++++-----------
 1 file changed, 18 insertions(+), 26 deletions(-)

diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/SharedConf.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/SharedConf.pm
index 41fb4f2ee..a520e9565 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/SharedConf.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/SharedConf.pm
@@ -3,6 +3,7 @@ package Lemonldap::NG::Portal::SharedConf;
 use strict;
 use Lemonldap::NG::Portal::Simple qw(:all);
 use Lemonldap::NG::Manager::Conf;
+use Safe;
 
 *EXPORT_OK   = *Lemonldap::NG::Portal::Simple::EXPORT_OK;
 *EXPORT_TAGS = *Lemonldap::NG::Portal::Simple::EXPORT_TAGS;
@@ -11,14 +12,18 @@ use Lemonldap::NG::Manager::Conf;
 our $VERSION = "0.31";
 our @ISA     = qw(Lemonldap::NG::Portal::Simple);
 
+# Secure jail
+our $safe = new Safe;
+
 sub getConf {
     my $self = shift;
     $self->SUPER::getConf(@_);
-    $self->{lmConf} = Lemonldap::NG::Manager::Conf->new( $self->{configStorage} ) unless $self->{lmConf};
-    return 0 unless (ref($self->{lmConf}));
+    $self->{lmConf} = Lemonldap::NG::Manager::Conf->new( $self->{configStorage} )
+      unless $self->{lmConf};
+    return 0 unless ( ref( $self->{lmConf} ) );
     my $tmp = $self->{lmConf}->getConf;
     return 0 unless $tmp;
-    $self->{$_} = $tmp->{$_} foreach(keys %$tmp);
+    $self->{$_} = $tmp->{$_} foreach ( keys %$tmp );
     1;
 }
 
@@ -55,28 +60,17 @@ sub setGroups {
     PE_OK;
 }
 
-#sub getConf {
-
-# MUST BE WRITTEN and contain
-# my $self = shift;
-# $self->SUPER::new(@_);
-# See Lemonldap::NG::Portal::SharedConf for example
-#
-# return true or false
-#}
-
 sub scanexpr {
     my $self = shift;
     local $_ = shift;
-    my $r;
+    my $result;
 
     # Perl expressions
-    if (s/^{(.*)}$/$1/) {
+    if ( s/^{(.*)}$/$1/ or $_ !~ /^\(.*\)$/ ) {
         s/\$(\w+)/\$self->{sessionInfo}->{$1}/g;
-        eval "\$r=($_);";
-        die "Incorrect Perl expression: $_ ($@)" if $@;
-        return "1"                               if $r;
-        return "0";
+	$safe->share ( '$self', '$result' );
+        $result = $safe->reval($_);
+        return $result ? "1" : "0";
     }
 
     # Simple LDAP expression
@@ -85,14 +79,12 @@ sub scanexpr {
     }
 
     # Node
-    die "Incorrect expression $_" unless /^\(.*\)$/;
-    my @r;
     my $brackets  = 0;
     my $exprCount = 0;
     my $tmp;
     my $subexpr;
     my $esc = 0;
-    $r = "";
+    $result = "";
     my $cond = substr $_, 1, 1;
     my $or = ( $cond eq '|' );
 
@@ -116,15 +108,15 @@ sub scanexpr {
             }
             else {
                 $exprCount++;
-                $r .= $subexpr;
+                $result .= $subexpr;
             }
             $subexpr = '';
         }
     }
     die "Incorrect expression" if $brackets;
-    return $r if ( $r eq "0" or $r eq "1" );
-    return $r if ( $exprCount == 1 );
-    return "($cond$r)";
+    return $result if ( $result eq "0" or $result eq "1" );
+    return $result if ( $exprCount == 1 );
+    return "($cond$result)";
 }
 
 1;