#!/usr/bin/perl use strict; use warnings; use CGI::Lite; my %fd; my $DO_DIE=0; my $VALID_NAME='[^0-9a-zA-Z_]'; my $BOUNDARY=2; my %REGS; ####regs $REGS{'b_'}='[^0-1]'; #bool $REGS{'i_'}='[^0-9\.]'; #int,float? $REGS{'a_'}='[^0-9a-zA-Z_\.]'; #alphanumeric $REGS{'c_'}='[^0-9a-zA-Z_:\.]'; #cmd $REGS{'p_'}='[^0-9a-zA-Z_\.\/]'; #path $REGS{'t_'}='[.*]'; #text #... ####/regs %fd=&get_form_data; # use Data::Dumper; # print Dumper(\%fd); sub get_form_data { my $cgi = new CGI::Lite; my %_fd=$cgi->parse_form_data; foreach (keys(%_fd)) { if (&is_valid_name($_)) { $_fd{$_}=$_fd{$_}[0] if ref($_fd{$_}; my $chk=&is_valid_value($_,$_fd{$_}); if ($chk == undef) { die "wrong value" if $DO_DIE; delete $_fd{$_}; } } else { die "wrong variable name" if $DO_DIE; delete $_fd{$_}; } } return %_fd; } sub is_valid_value { my $n=shift; my $v=shift; my $v_id=substr($n,0,$BOUNDARY); #empty errror #or is empty value okay? if ($n && $v_id && $REGS{$v_id}) { return ($v=~/$REGS{$v_id}/)?undef:1; } else { return undef; } } sub is_valid_name { return (shift =~/$VALID_NAME/)?0:1; }
In reply to Web Security by eternius
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |