File Coverage

blib/lib/CGI/Safe.pm

Criterion	Covered	Total	%
statement	61	63	96.8
branch	16	24	66.6
condition	6	9	66.6
subroutine	11	13	84.6
pod	4	4	100.0
total	98	113	86.7

line	stmt	bran	cond	sub	pod	time	code
1							################################
2							package CGI::Safe;
3							################################
4							$VERSION = 1.25;
5
6	4			4		3653	use strict;
	4					9
	4					210
7	4			4		23	use Carp;
	4					8
	4					353
8	4			4		9871	use CGI;
	4					96103
	4					31
9	4			4		1127	use Exporter;
	4					9
	4					243
10	4			4		24	use vars qw/ @ISA /;
	4					8
	4					253
11							@ISA = qw/ CGI /;
12
13	4			4		149	use vars qw/ $shell $path /;
	4					10
	4					335
14
15							BEGIN {
16
17							# Clean up the environment and establish some defaults
18	4			4		12	$shell = $ENV{'SHELL'};
19	4					10	$path = $ENV{'PATH'};
20	4					80	delete @ENV{qw/ IFS CDPATH ENV BASH_ENV PATH SHELL /};
21	4					16	$CGI::DISABLE_UPLOADS = 1; # Disable uploads
22	4					390	$CGI::POST_MAX = 512 * 1024; # limit posts to 512K max
23							}
24
25							sub import {
26	4	100		4		31	if ( grep { /:(?:standard\|cgi)/ } @_ ) {
	9					53
27	2					5	my $set_sub = caller(0) . '::set';
28	2					4	my $shell_sub = caller(0) . '::get_shell';
29	2					6	my $path_sub = caller(0) . '::get_path';
30							{
31	4			4		25	no strict 'refs';
	4					8
	4					2302
	2					3
32	2					5	*{$set_sub} = \&set;
	2					8
33	2					5	*{$shell_sub} = \&get_shell;
	2					7
34	2					10	*{$path_sub} = \&get_path;
	2					8
35							}
36							}
37
38	4					9	my $index;
39
40							# restore untainted path and shell if the list 'admin' in import list
41	4					17	my %args = map { $_ => 1 } @_[ 1 .. $#_ ];
	5					19
42
43	4	100				16	if ( exists $args{'admin'} ) {
44
45							# If 'admin' is specified, we'll reset the PATH and SHELL. These will still
46							# be tainted and require untainting by the CGI program.
47	2	50				17	$ENV{'PATH'} = $path if defined $path;
48	2	50				7	$ENV{'SHELL'} = $shell if defined $shell;
49	2					4	delete $args{'admin'};
50	2					10	splice @_, 1, $#_, keys %args;
51							}
52
53							# TODO: Future releases will allow untainting to occur at the time that CGI
54							# data is grabbed. We include this so that people will know that future
55							# versions will require 'taint' in the import list to allow their scripts to
56							# run with minimal changes
57	4	100				16	if ( exists $args{'taint'} ) {
58	1					2	delete $args{'taint'};
59	1					3	splice @_, 1, $#_, keys %args;
60							}
61
62							# using goto to avoid updating caller
63	4					26	goto &CGI::import;
64							}
65
66							sub new {
67	2			2	1	33	my ( $class, %args ) = @_;
68	2	50				9	$CGI::DISABLE_UPLOADS = $args{'DISABLE_UPLOADS'}
69							if exists $args{'DISABLE_UPLOADS'};
70	2	50				10	$CGI::POST_MAX = $args{'POST_MAX'} if exists $args{'POST_MAX'};
71	2	50				7	$ENV{'PATH'} = $args{'PATH'} if exists $args{'PATH'};
72	2	50				8	$ENV{'SHELL'} = $args{'SHELL'} if exists $args{'SHELL'};
73
74	2	50				16	return CGI::new( $class,
75							( exists $args{'source'} ? $args{'source'} : () ) );
76							}
77
78							sub set {
79	8			8	1	142	my ( $self, %args ) = CGI::self_or_default(@_);
80	8	100	66			28244	if ( exists $args{'DISABLE_UPLOADS'}
81							and defined $args{'DISABLE_UPLOADS'} )
82							{
83	4					12	$CGI::DISABLE_UPLOADS = $args{'DISABLE_UPLOADS'};
84							}
85	8	50	66			107	if ( exists $args{'POST_MAX'}
			66
86							and defined $args{'POST_MAX'}
87							and $args{'POST_MAX'} =~ /^\d+$/ )
88							{
89	4					17	$CGI::POST_MAX = $args{'POST_MAX'};
90							}
91							}
92
93	0			0	1		sub get_path { $path }
94
95	0			0	1		sub get_shell { $shell }
96
97							"Ovid";
98
99							__END__