# HG changeset patch
# User cin
# Date 1369608598 -14400
# Node ID 34a110d1f06c7b5fdfb0b3a9b67b03b04d4e8e47
# Parent  b1e7b55b4a38935ccae360bf219608ec7e2d1516
added security check for the query transformation

diff -r b1e7b55b4a38 -r 34a110d1f06c Lib/IMPL/DOM/Transform/QueryToDOM.pm
--- a/Lib/IMPL/DOM/Transform/QueryToDOM.pm	Sat May 25 01:57:49 2013 +0400
+++ b/Lib/IMPL/DOM/Transform/QueryToDOM.pm	Mon May 27 02:49:58 2013 +0400
@@ -3,6 +3,9 @@
 
 use IMPL::Const qw(:prop);
 use IMPL::declare {
+    require => {
+        OutOfRangeException => '-IMPL::OutOfRangeException'
+    },
 	base => [
 	   'IMPL::DOM::Transform::ObjectToDOM' => '@_'
 	],
@@ -12,6 +15,8 @@
 	]
 };
 
+our $MAX_INDEX = 1024;
+
 sub CTOR {
 	my ($this) = @_;
 	
@@ -59,12 +64,14 @@
             if (my ($name,$index) = ($part =~ m/^(\w+)(?:\[(\d+)\])?$/) ) {
                 if (@parts) {
                     if(defined $index) {
+                        $this->ValidateIndex($index);
                         $node = ($node->{$name}[$index] ||= {});
                     } else {
                         $node = ($node->{$name} ||= {});
                     }
                 } else {
                     if(defined $index) {
+                        $this->ValidateIndex($index);
                         $node->{$name}[$index] = (@value == 1 ? $value[0] : \@value);
                     } else {
                         $node->{$name} = (@value == 1 ? $value[0] : \@value);
@@ -77,6 +84,13 @@
     return $this->Transform($data);
 }
 
+sub ValidateIndex {
+    my ($this,$index) = @_;
+    
+    die OutOfRangeException->new()
+        unless $index >= 0 and $index <= $MAX_INDEX;
+}
+
 sub TransformAction {
 	my ($this,$action) = @_;