lib/openwfe/util/dollar.rb in openwferu-0.9.5 vs lib/openwfe/util/dollar.rb in openwferu-0.9.6
- old
+ new
@@ -37,18 +37,29 @@
# "made in Japan"
#
# John Mettraux at openwfe.org
#
-#require 'ru/flowexpression'
+require 'openwfe/utils'
+require 'openwfe/util/safe'
#
# 'dollar notation' implementation in Ruby
#
module OpenWFE
+ SAFETY_LEVEL = 3
+ #
+ # Ruby code ${ruby:...} will be evaluated with this
+ # safety level.
+ # (see http://www.rubycentral.com/book/taint.html )
+
+ #
+ # Performs 'dollar substitution' on a piece of text with a given
+ # dictionary.
+ #
def OpenWFE.dsub (text, dict)
#puts "### text is >#{text}<"
#puts "### dict is of class #{dict.class.name}"
@@ -105,10 +116,14 @@
def OpenWFE.unescape (text)
return text.gsub("\\\\\\$\\{", "\\${")
end
+ #
+ # Performs 'dollar substitution' on a piece of text with as input
+ # a flow expression and a workitem (fields and variables).
+ #
def OpenWFE.dosub (text, flow_expression, workitem)
return dsub(text, FlowDict.new(flow_expression, workitem))
end
class FlowDict < Hash
@@ -177,20 +192,26 @@
#binding = @flow_expression.get_binding if @flow_expression
#eval(ruby_code, binding).to_s
wi = @workitem
workitem = @workitem
+
+ fexp = nil
+ flow_expression = nil
+ fei = nil
+
if @flow_expression
fexp = @flow_expression
flow_expression = @flow_expression
fei = @flow_expression.fei
end
#
# some simple notations made available to ${ruby:...}
# notations
#eval(ruby_code, binding).to_s
- eval(ruby_code).to_s
+ #eval(ruby_code).to_s
+ OpenWFE::eval_safely(ruby_code, SAFETY_LEVEL, binding()).to_s
end
end
end