S-139: Persits Software XUpload 'AddFile()' Method ActiveX Control Vulnerability
XUpload is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. The risk is MEDIUM. An attacker may exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
Method::Signatures::Modifiers(3pm) User Contributed Perl Documentation Method::Signatures::Modifiers(3pm)NAME
Method::Signatures::Modifiers - use Method::Signatures from within MooseX::Declare
SYNOPSIS
use MooseX::Declare;
use Method::Signatures::Modifiers;
class Foo
{
method bar (Int $thing) {
# this method is declared with Method::Signatures instead of MooseX::Method::Signatures
}
}
# -- OR --
use MooseX::Declare;
class My::Declare extends MooseX::Declare
{
use Method::Signatures::Modifiers;
}
# ... later ...
use My::Declare;
class Fizz
{
method baz (Int $thing) {
# this method also declared with Method::Signatures instead of MooseX::Method::Signatures
}
}
DESCRIPTION
Allows you to use Method::Signatures from within MooseX::Declare, both for the "method" keyword and also for any method modifiers
("before", "after", "around", "override", and "augment"). Typically method signatures within MooseX::Declare are provided by
MooseX::Method::Signatures. Using Method::Signatures instead provides several advantages:
o MooseX::Method::Signatures has a known bug with Perl 5.12.x which does not plague Method::Signatures.
o Method::Signatures may provide substantially better performance when calling methods, depending on your circumstances.
o Method::Signatures error messages are somewhat easier to read (and can be overridden more easily).
However, Method::Signatures cannot be considered a drop-in replacement for MooseX::Method::Signatures. Specifically, the following
features of MooseX::Method::Signatures are not available to you (or work differently) if you substitute Method::Signatures:
Types for Invocants
MooseX::Method::Signatures allows code such as this:
method foo (ClassName $class: Int $bar) {
}
Method::Signatures does not allow you to specify a type for the invocant, so your code would change to:
method foo ($class: Int $bar) {
}
"where" Constraints
MooseX::Method::Signatures allows code like this:
# only allow even integers
method foo (Int $bar where { $_ % 2 == 0 }) {
}
Method::Signatures does not currently allow this, although it is a planned feature for a future release.
Parameter Aliasing (Labels)
MooseX::Method::Signatures allows code like this:
# call this as $obj->foo(bar => $baz)
method foo (Int :bar($baz)) {
}
This feature is not currently planned for Method::Signatures.
Placeholders
MooseX::Method::Signatures allows code like this:
method foo (Int $bar, $, Int $baz)) {
# second parameter not available as a variable here
}
This feature is not currently planned for Method::Signatures.
Traits
In MooseX::Method::Signatures, "does" is a synonym for "is". Method::Signatures does not honor this.
Method::Signatures supports several traits that MooseX::Method::Signatures does not.
MooseX::Method::Signatures supports the "coerce" trait. Method::Signatures does not currently support this, although it is a planned
feature for a future release, potentially using the "does coerce" syntax.
BUGS, CAVEATS and NOTES
Note that although this module causes all calls to MooseX::Method::Signatures from within MooseX::Declare to be completely replaced by
calls to Method::Signatures (or calls to Method::Signatures::Modifiers), MooseX::Method::Signatures is still loaded by MooseX::Declare.
It's just never used.
The "compile_at_BEGIN" flag to Method::Signatures is ignored by Method::Signatures::Modifiers. This is because parsing at compile-time can
cause method modifiers to be added before the methods they are modifying are composed into the Moose classes. Parsing of methods at run-
time is compatible with MooseX::Method::Signatures.
THANKS
This code was written by Buddy Burden (barefootcoder).
The import code for replacing MooseX::Method::Signatures is based on a suggestion from Nick Perez.
LICENSE
Copyright 2011 by Michael G Schwern <schwern@pobox.com>.
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
See http://www.perl.com/perl/misc/Artistic.html
SEE ALSO
MooseX::Declare, Method::Signatures, MooseX::Method::Signatures.
perl v5.14.2 2012-06-03 Method::Signatures::Modifiers(3pm)