Clever. Does that work in CGI mode too?
On Mon, Jun 6, 2011 at 4:35 PM, Nic Wolff <[email protected]> wrote:
> You can add a class to the ApacheHandler's "plugins" arrayref, for example
>
> sub handler {
> my $r = shift; # Apache2::RequestRec object;
> my $ah = HTML::Mason::ApacheHandler->new(
> plugins => [ 'MasonX::Plugin::CheckARGS' ]
> );
> return $ah->handle_request($r);
> }
>
> where MasonX::Plugin::CheckARGS is in @INC and contains something like
>
> package MasonX::Plugin:: CheckARGS;
> use base qw(HTML::Mason::Plugin);
>
> sub start_request_hook {
> my ( $self, $context ) = @_;
>
> my $args_ref = $context->args();
> for my $arg ( @{$args_ref} ) {
> # Do something to each $arg, for example:
> utf8::is_utf8($arg) || utf8::decode($arg);
> }
> return;
> }
>
> 1;
>
>
> On 6 Jun 2011, at 4:42 PM, Shane McCarron wrote:
> > I had a user report that, in some circumstances, it is possible to supply
> > weird parameters on a request to my Mason app and inject random HTML into
> my
> > pages.
> >
> > Now, obviously I should be examining all parameters as they are passed
> in,
> > and I should be escaping them if I just print them out (via |h). But I
> am
> > not. And there are hundreds of pages. So I was wondering.... is there a
> > way to have my master autohandler examine the ARGS hash and clean out
> > anything nasty? I don't seem to be able to modify the values in %ARGS
> in a
> > way that makes those modifications available globally... Any ideas? Or,
> > better yet, is there some option that I can just enable that would do
> magic
> > CGI parameter cleaning?
> >
> > --
> > Shane McCarron
> > [email protected]
> >
> ------------------------------------------------------------------------------
> > Simplify data backup and recovery for your virtual environment with
> vRanger.
> > Installation's a snap, and flexible recovery options mean your data is
> safe,
> > secure and there when you need it. Discover what all the cheering's
> about.
> > Get your free trial download today.
> > http://p.sf.net/sfu/quest-dev2dev2_______________________________________________
> > Mason-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/mason-users
>
>
--
Shane McCarron
[email protected]
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Mason-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mason-users
