Add blacklist and whitelist support to Locale::Maketext.
authorJohn Lightsey <jd@cpanel.net>
Thu, 17 Mar 2016 16:06:09 +0000 (16:06 +0000)
committerTony Cook <tony@develop-help.com>
Tue, 10 May 2016 01:49:45 +0000 (11:49 +1000)
commit6a810bd43dcf7de311a8b308e7f58bbb7c0f758e
tree71a010ce82b1435a810edd1857229d618b8dff72
parentf54530a43a9d4dd069e26aefc7ae572ac4e299cf
Add blacklist and whitelist support to Locale::Maketext.

Format string attacks against Locale::Maketext have been discovered in
several popular web applications and addresed by pre-filtering maketext
strings before they are fed into the maketext() method. It is now
possible to restrict the allowed bracked notation methods directly in
Maketext.

This commit also introduces a default blacklist that prevents using the
object and class methods in the Locale::Maketext namespace that were not
intended as bracked notation methods.
dist/Locale-Maketext/lib/Locale/Maketext.pm
dist/Locale-Maketext/lib/Locale/Maketext.pod
dist/Locale-Maketext/t/92_blacklist.t [new file with mode: 0644]
dist/Locale-Maketext/t/93_whitelist.t [new file with mode: 0644]