[Po4a-devel] po4a against untrusted content
intrigeri
intrigeri at boum.org
Wed Nov 12 12:22:24 UTC 2008
Hello,
Nicolas François wrote (08 Nov 2008 20:27:22 GMT) :
>> > I had some failure with WrapI18N (endless loops), which might cause DOS.
>> > http://bugs.debian.org/470250
>> > It is just used to have a better formating of the output error/warning
>> > mesages.
>> > You probably do not need this feature.
>>
>> I'll try to disable its use, and report back.
> Currently, it is used if present.
> It should thus be easy to add an option to always disable it.
Well, Joey came up with a patch (see below) that adds a nowrapi18n
option to Locale::Po4a::Common, but I now realize it's not enough, as
almost every po4a module runs its own 'use Locale::Po4a::Common;'.
I guess the "obvious" solution (i.e. adding support in every module
for the nowrapi18n option Joey implemented) is not desirable.
Any other idea?
Here are Joey comments, and his patch:
> That doesn't really need to be in a BEGIN. This patch moves it to
> `import`, and makes this disable wrap18n:
> `use Locale::Po4a::Common q{nowrapi18n}` --[[Joey]]
<patch>
--- /usr/share/perl5/Locale/Po4a/Common.pm 2008-07-21 14:54:52.000000000 -0400
+++ Common.pm 2008-11-11 18:27:34.000000000 -0500
@@ -30,8 +30,16 @@
use strict;
use warnings;
-BEGIN {
- if (eval { require Text::WrapI18N }) {
+sub import {
+ my $class=shift;
+ my $wrapi18n=1;
+ if ($_[0] eq 'nowrapi18n') {
+ shift;
+ $wrapi18n=0;
+ }
+ $class->export_to_level(1, $class, @_);
+
+ if ($wrapi18n && eval { require Text::WrapI18N }) {
# Don't bother determining the wrap column if we cannot wrap.
my $col=$ENV{COLUMNS};
</patch>
Bye,
--
intrigeri <intrigeri at boum.org>
| gnupg key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| So what?
More information about the Po4a-devel
mailing list