Ah, well, after a five hours of experimentation I thought up a working workaround anyway.
This works with an unpatched version of mp1 ($substr is any perl code fetched from external source):
my(@ops) = split(/\x0a/,$substr); my($cell,$reval);
foreach $cell (@ops) { $cell =~ s/^[\x09\ ]+//g; $cell =~ s/^print\ /\$output\ \.\=\ /; if($cell) { $reval .= $cell . "\n"; } }
my($output);
$reval .= "\$output;\n";
my($compartment) = new Safe("Tempo"); $compartment->permit(qw(:browse)); $output = $compartment->reval($reval); if($@) { $self->{ERROR} = gettext("Security exception: " . $@); $self->{ERRORCODE} = 99; }
print $output;
I just replace all print statements with "$output .= ", and then make sure that the reval results in the final contents of $output, which I then print outside the reval().
Works fine now. So far nothing else has crashed, although I'm somewhat suspicious of a number of rather random events in the code. I'm almost certain this is me having messed up something else though.
Neat. I expect it to work as long as you do simple things, it's going to be much harder to make it working with more complex code. However I was trying to simplify your logic and use IO::String to catch the output:
print "Content-type: text/plain\n\n"; use warnings; use strict;
use Safe;
our $output = ''; my($cmpt) = new Safe 'MyRoot'; $cmpt->share('$output'); $cmpt->permit(qw(leaveeval entereval caller require :browse ));
$cmpt->reval(<<'EOI');
# redirect prints to a buffer use IO::String; my $str_fh = IO::String->new($output); select $str_fh;
# put the normal code here print "gnu\n"; EOI
if($@) { die $@; }
select STDOUT; print $output;
However, if I'm not supposed to use Safe in conjunction with mp, what *am* I supposed to use?
I didn't say that. I just said that if it doesn't work for you... but as you have just shown that TIMTOWTDI ;)
I might be possible to convince to write a version of Safe specifically for mp1, although I expect I shall have to experience more problems with the existing Safe code to be bothered. :-)
You can always give it a try.
__________________________________________________________________ Stas Bekman JAm_pH ------> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com