X-Git-Url: http://git.rot13.org/?p=perl-cwmp.git;a=blobdiff_plain;f=lib%2FCWMP%2FServer.pm;h=055e265dad014e3e6c7954949dd005c85f290c61;hp=78f4328be56ad224dd7a8767d30c0ef9944c6434;hb=5a913f2c18fe1894cda0144870684e9d559352d2;hpb=c3e3a10c037b3b0fb7d531d226464e19c9d9e18f

diff --git a/lib/CWMP/Server.pm b/lib/CWMP/Server.pm
index 78f4328..055e265 100644
--- a/lib/CWMP/Server.pm
+++ b/lib/CWMP/Server.pm
@@ -25,6 +25,8 @@ use IO::Socket::INET;
 use File::Path qw/mkpath/;
 use File::Slurp;
 
+use URI::Escape;
+
 =head1 NAME
 
 CWMP::Server - description
@@ -146,6 +148,20 @@ sub sock_session {
 
 	warn "$body\n<<<< $ip END\n";
 
+
+	# XXX evil security hole to eval code over web to inspect it
+	if ( $self->debug && $headers->{'user-agent'} =~ m{Mozilla} ) {
+		my $out = '';
+		if ( $request =~ m{^GET /(\$.+) HTTP/} ) {
+			my $eval = uri_unescape $1;
+			$out = dump( eval $eval );
+			$out .= "ERROR: $@\n" if $@;
+			warn "EVAL $eval = $out\n";
+		}
+		print $sock "HTTP/1.1 200 OK\r\nContent-type: text/plain\r\nConnection: close\r\n\r\n$out";
+		return 0;
+	}
+
 	my $response = $session->process_request( $ip, $body );
 
 	my $dump_nr = $dump_by_ip->{$ip}++;