my %RULES = (
    'post' => { 'msgid' => '^(\d+|new)$', 'data' => '...', },
    'edit' => { 'msgid' => '^(\d+|new)$', },
    ...,
};

my $allowed = $RULES{ $query->{'action'} };

foreach $key (keys %$query) {
    exists $allowed->{'key'} ? 1 : return 0;
    ...
}