On Thu, 19 Dec 2002 05:03:56 +0800, Franki wrote:
>Hi again folks.
Hi Fanki
>Since there is such a wealth of knowledge here, I thought I'd ask
>for some
>advice..
Another way to clean data is to scrub every byte from your users'
submissions (tab = 4 spaces & sorry about the wrap):
sub _clean_form_data
{
my($self) = @_;
$$self{'_data'} = {};
my(@param) = $$self{'_q'} -> param();
for my $field (@param)
{
@{$$self{'_data'}{$field} } = $$self{'_q'} -> param($field);
$$self{'_data'}{$field}[$_] = $self ->
_clean_form_field($$self{'_data'}{$field}[$_], 200, 0) for (0 ..
$#{$$self{'_data'}{$field} });
}
scalar keys %{$$self{'_data'} };
} # End of _clean_form_data.
sub _clean_form_field
{
my($self, $data, $max_length, $integer) = @_;
$data = '' if (! defined($data) || ($data !~
/^([^`\x00-\x1F\x7F-\x9F]+)$/) || (length($1) == 0) || (length($1) >
$max_length) );
$data = '' if ($data =~ /<script\s*>.+<\s*\/?\s*script\s*>/i); #
http://www.perl.com/pub/a/2002/02/20/css.html.
$data = '' if ($data =~ /<(.+)\s*>.*<\s*\/?\s*\1\s*>/i); # Ditto,
but much more strict.
$data = 0 if ($integer && (! $data || ($data !~ /^[0-9]+$/) ) );
$data;
} # End of _clean_form_field.
--
Ron Savage, suppressed on 19/12/2002
Deakin University, 221 Burwood Highway, Burwood, VIC 3125, Australia
Phone: +61-3-9251 7441, Fax: +61-3-9251 7604
http://www.deakin.edu.au/~rons
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.