diff options
author | Kenichi Ishigaki <ishigaki@cpan.org> | 2014-10-08 08:48:43 +0900 |
---|---|---|
committer | Kenichi Ishigaki <ishigaki@cpan.org> | 2014-10-08 08:48:43 +0900 |
commit | 205325bae9acefc0abf3b562b5c621005bd40b3d (patch) | |
tree | b94a16e4514cac5fdf4922bfcf4be223ce7ddf93 /lib/Parse | |
parent | efbf5183da5bb501d1b9dc833c9c709272d332a9 (diff) |
added UNSAFE option as the last resort for older perls
Diffstat (limited to 'lib/Parse')
-rw-r--r-- | lib/Parse/PMFile.pm | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/Parse/PMFile.pm b/lib/Parse/PMFile.pm index 6c34951..a9300f8 100644 --- a/lib/Parse/PMFile.pm +++ b/lib/Parse/PMFile.pm @@ -12,6 +12,7 @@ our $VERSION = '0.26'; our $VERBOSE = 0; our $ALLOW_DEV_VERSION = 0; our $FORK = 0; +our $UNSAFE = $] < 5.010000 ? 1 : 0; sub new { my ($class, $meta, $opts) = @_; @@ -215,7 +216,7 @@ sub _parse_version { $comp->deny(qw/enteriter iter unstack goto/); # minimum protection against Acme::BadExample { no strict; - $v = $comp->reval($eval); + $v = ($self->{UNSAFE} || $UNSAFE) ? eval $eval : $comp->reval($eval); } if ($@){ # still in the child process, out of Safe::reval my $err = $@; @@ -224,7 +225,7 @@ sub _parse_version { if ($err->{line} =~ /([\$*])([\w\:\']*)\bVERSION\b.*?\=(.*)/) { local($^W) = 0; $self->_restore_overloaded_stuff if version->isa('version::vpp'); - $v = $comp->reval($3); + $v = ($self->{UNSAFE} || $UNSAFE) ? eval $3 : $comp->reval($3); $v = $$v if $1 eq '*' && ref $v; } if ($@ or !$v) { @@ -844,6 +845,10 @@ As of version 0.17, Parse::PMFile stops forking while parsing a version for bett As of version 0.21, Parse::PMFile checks permissions of a package if both USERID and PERMISSIONS (which should be an instance of L<PAUSE::Permissions>) are provided. Unauthorized packages are removed. +=item UNSAFE + +Parse::PMFile usually parses a module version in a Safe compartment. However, this approach doesn't work smoothly under older perls (prior to 5.10) plus some combinations of recent versions of Safe.pm (2.24 and above) and version.pm (0.9905 and above) for various reasons. As of version 0.27, Parse::PMFile simply uses C<eval> to parse a version under older perls. If you want it to use always C<eval> (even under recent perls), set this to true. + =back =head2 parse |