summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJason Woodward2010-05-16 16:02:26 -0400
committerJason Woodward2010-05-16 16:02:26 -0400
commit3298353d3be1399a65b5d01a6b20ca717c8e739c (patch)
tree07a877697075674f229a3ead1ed90900e0ac83d2
parent71ceb59a2980e7ee9260ce694cef615ecc6d6c27 (diff)
downloadJaos-WebApp-3298353d3be1399a65b5d01a6b20ca717c8e739c.tar.gz
add ability to specify advanced validation options for CleanParams
-rw-r--r--lib/Jaos/WebApp/Plugin/CleanParams.pm46
1 files changed, 35 insertions, 11 deletions
diff --git a/lib/Jaos/WebApp/Plugin/CleanParams.pm b/lib/Jaos/WebApp/Plugin/CleanParams.pm
index 9200057..187dc86 100644
--- a/lib/Jaos/WebApp/Plugin/CleanParams.pm
+++ b/lib/Jaos/WebApp/Plugin/CleanParams.pm
@@ -1,4 +1,6 @@
package Jaos::WebApp::Plugin::CleanParams;
+use strict;
+use warnings;
sub encode_html {
my $str = shift;
@@ -12,24 +14,45 @@ sub encode_html {
sub register
{
- my ($self, $app) = @_;
+ my ($self, $app, $conditions) = @_;
+
+ my $discard_unknown = $conditions->{discard_unknown} || 0;
+ my $valid = $conditions->{params} || {};
$app->add_run_hook(
pre_dispatch => sub {
my ($ctx) = @_;
if (my $params = $ctx->req->parameters) {
+
my @keys = $params->keys;
for my $key (@keys) {
- my @values = $params->get_all($key);
my @cleaned;
- for my $value (@values) {
- push @cleaned, encode_html($value);
+ my $validation = $valid->{$key};
+
+ if ($validation || !$discard_unknown) {
+ my @values = $params->get_all($key);
+
+ for my $value (@values) {
+ if ($validation) {
+ $app->log->debug("validationg $key = $value against $validation");
+ if (ref $validation eq 'Regexp') {
+ next unless $value =~ $validation;
+ } else {
+ next unless $value eq $validation;
+ }
+ }
+ push @cleaned, encode_html($value);
+ }
+
+ } else {
+ $app->log->error("discarding unknown parameter: $key");
}
$params->remove($key);
- $params->add($key, @cleaned);
+ $params->add($key, @cleaned) if @cleaned;
}
+
}
}
@@ -40,7 +63,7 @@ sub register
=head1 NAME
-Jaos::WebApp::Plugin::CleanParams - html encode all parameters
+Jaos::WebApp::Plugin::CleanParams - parameter cleaning and validation
=head1 SYNOPSIS
@@ -49,22 +72,23 @@ Jaos::WebApp::Plugin::CleanParams - html encode all parameters
sub startup
{
my $app = shift;
- $app->load_plugin('Jaos::WebApp::Plugin::CleanParams');
+ my $validation = { id => qr/^\d+$/, name => qr/^\w+$/, app_key => $mysecret };
+ $app->load_plugin('Jaos::WebApp::Plugin::CleanParams', { discard_unknown => 1, params => $validation);
}
1;
=head1 DESCRIPTION
-Jaos::WebApp::Plugin::CleanParams is a simple plugin using Plack::Util::encode_html
-on each parameter.
+Jaos::WebApp::Plugin::CleanParams is a simple plugin using Plack::Util::encode_html on each parameter.
+
+Optionally, a hashref can be passed that defines a params key to a hashref of names and patterns/strings to validate against. If 'discard_unknown' is set, anything not listed in params is discarded.
=head1 METHODS
=head2 register
-register adds callbacks to the pre_dispatch and post_dispatch hooks.
-Each callback is passed the application object.
+register adds callbacks to the pre_dispatch and post_dispatch hooks. Each callback is passed the application object.
=head1 AUTHOR