lib/openwfe/expressions/fe_misc.rb in openwferu-0.9.6 vs lib/openwfe/expressions/fe_misc.rb in openwferu-0.9.7

@@ -46,10 +46,12 @@
 
 module OpenWFE
 
     class PrintExpression < FlowExpression
 
+        names :print
+
         #
         # apply / reply
 
         def apply (workitem)
 
@@ -78,20 +80,33 @@
     # <reval/>
     #
     # Evals some Ruby code contained within the process definition 
     # or within the workitem.
     # 
-    # The code is evaluated at a SAFE level of 1.
+    # The code is evaluated at a SAFE level of 3.
     #
+    # If the :ruby_eval_allowed isn't set to true 
+    # (<tt>engine.application_context[:ruby_eval_allowed] = true</tt>), this
+    # expression will throw an exception at apply.
+    #
     class RevalExpression < FlowExpression
 
+        names :reval
+
         #
         # See for an explanation on Ruby safety levels :
         # http://www.rubycentral.com/book/taint.html
         #
         SAFETY_LEVEL = 3
 
         def apply (workitem)
+
+            if @application_context[:ruby_eval_allowed] != true
+                #lwarn { "apply() :ruby_eval_allowed not set to true" }
+                #reply_to_parent(workitem)
+                #return
+                raise "evaluation of ruby code is not allowed"
+            end
 
             escape = lookup_boolean_attribute('escape', workitem, false)
 
             code = OpenWFE::lookup_vf_attribute(self, workitem, 'code')