Enable $ENV{} in rules (#595)

Not that it doesn't make sense except for portal rules
2017-02-09 21:14:12 +00:00 · 2017-02-09 21:14:12 +00:00 · edc713b0ca
commit edc713b0ca
parent 1f2c5a0726
4 changed files with 18 additions and 10 deletions
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/Main.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/Main.pm
@ -248,6 +248,11 @@ sub method {
    return $request->method;
 }

+## Return environment variables as hash
+sub env {
+    return \%ENV;
+}
+
 ## @method void print(string data)
 # write data in HTTP response body
 # @param data Text to add in response body
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm
@ -70,7 +70,7 @@ sub build_jail {
        $api,
        [
            qw( &hostname &remote_ip &uri &uri_with_args
-              &unparsed_uri &args &method &header_in   )
+              &unparsed_uri &args &method &header_in &env )
        ]
    );
    $self->jail->share_from( __PACKAGE__, [ @t, '&encrypt' ] );
@ -90,6 +90,7 @@ sub encrypt {
 # Fake reval method if useSafeJail is off
 sub reval {
    my ( $self, $e ) = @_;
+
    my $res = eval $e;
    if ($@) {
        $self->error($@);
@ -140,19 +141,17 @@ sub share_from {
 sub jail_reval {
    my ( $self, $reval ) = @_;

+    $reval =~ s/\$ENV\{/&env()->\{/g;
+
    # if nothing is returned by reval, add the return statement to
    # the "no safe wrap" reval
-    my $nosw_reval = $reval;
-    if ( $reval !~ /^sub\{return\(.*\}$/ ) {
-        $nosw_reval =~ s/^sub\{(.*)\}$/sub{return($1)}/;
-    }

    my $res;
    eval {
        $res = (
-            SAFEWRAP
+            SAFEWRAP and $self->useSafeJail
            ? $self->jail->wrap_code_ref( $self->jail->reval($reval) )
-            : $self->jail->reval($nosw_reval)
+            : $self->jail->reval($reval)
        );
    };
    if ($@) {
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
@ -170,11 +170,10 @@ sub configReload {
 sub jailInit {
    my ( $class, $conf ) = @_;

-    $class->tsv->{jail} = Lemonldap::NG::Handler::Main::Jail->new(
-        'jail'            => $class->tsv->{jail},
+    $class->tsv->{jail} = Lemonldap::NG::Handler::Main::Jail->new({
        'useSafeJail'     => $conf->{useSafeJail},
        'customFunctions' => $conf->{customFunctions}
-    );
+    });
    $class->tsv->{jail}->build_jail($class);
 }

--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/API.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/API.pm
@ -164,6 +164,11 @@ sub method {
    return $request->method;
 }

+## Return FastCGI environment variables as hash
+sub env {
+    return $request->env;
+}
+
 ## @method void print(string data)
 # write data in HTTP response body
 # @param data Text to add in response body