You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Harald Meier <me...@rts.at> on 2004/09/29 15:19:41 UTC
how to parse arguments
Dear list members,
I am using Apache-2.0.50 and mod_perl-1.99_16.
I would like to know the most secure, best, and fastest way to parse
arguments.
I tried libapreq, but got some strange errors, arguments stayed persistent
from one request to the next and other strange things happened.
Now I am using the following function and I am happy with it,
but I dont think that it is really the best way to go.
Thanks for your help!
Harald.
$$g_hSession and $$g_hArgs are global hashrefs
#------------------------------------------------------------------------------------------------
sub untaintString
{
$_[0] =~ tr/+/ /;
$_[0] =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$_[0] =~ s/[\;\|\\ ]/ /ig;
$_[0] =~ s/\r//g;
$_[0] =~ s/\n/\r\n/g;
$_[0] =~ s/{LF}/\n/g;
$_[0] =~ s/'/ยด/g;
}
#------------------------------------------------------------------------------------------------
sub parseArgs
{
my $hENV=$$g_hSession->{REQUEST}->subprocess_env;
my $sParams;
if ($hENV->{REQUEST_METHOD} eq 'GET' ) {
$sParams=$hENV->{QUERY_STRING}; }
elsif ($hENV->{REQUEST_METHOD} eq 'POST') { read (STDIN, $sParams,
$hENV->{CONTENT_LENGTH}); }
else
{
logging($LOG_ERR, "error: invalid REQUEST_METHOD:
[".$hENV->{REQUEST_METHOD}."]");
}
if ($sParams =~ /-{28,29}(\w+)/)
# if multipart -> parse version number
{
my $sVerNum=$1;
foreach my $sParam (split( /-{28,29}$sVerNum-*[\r]\n/g, $sParams ))
# and split param string using version number
{
if ($sParam =~ /^.*;
name=\"(.*)\"[\r]\n[\r]\n((.|\r|\n)*)[\r]\n/) #
normal parameter -> add key/value pair to $$g_hArgs
{
untaintString($a=$1);
untaintString($b=$2);
$$g_hArgs->{$a}=$b;
} else {
if ($sParam =~ /^.*; name=\"(.*)\";
filename=\"(.*)\"[\r]\n.*[\r]\n[\r]\n((.|\r|\n)*)/) # parameter is a
file -> add key/value pair to $$g_hArgs
{
$_=substr($2, rindex($2, '\\')+1);
untaintString($_);
$$g_hArgs->{$1}->{NAME}=$_;
# parse file name
$$g_hArgs->{$1}->{CONTENT}=substr($3,0,length($3)-2);
# parse file content
}
}
}
} else
# if not multipart -> normal split param1=value1¶m2=value2&...
{
map { ($a,$b)=split /=/; untaintString($a); untaintString($b);
$$g_hArgs->{$a}=$b; } (split /&/, $sParams);
}
}
1;
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: how to parse arguments
Posted by Tom Schindl <to...@gmx.at>.
Harald Meier wrote:
> Dear list members,
>
> I am using Apache-2.0.50 and mod_perl-1.99_16.
> I would like to know the most secure, best, and fastest way to parse
> arguments.
> I tried libapreq, but got some strange errors, arguments stayed
> persistent from one request to the next and other strange things happened.
>
That happens when creating closures and has **nothing** todo with
libapreq but is most of time an "error" in your application code (show
us the app-code where libapreq caches params). I'd advise you to not use
any param functions yourself. You could also use CGI.pm.
> Now I am using the following function and I am happy with it,
> but I dont think that it is really the best way to go.
>
[...]
Tom
Reclaim Your Inbox!
http://www.mozilla.org/products/thunderbird
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html