1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
#------------------------------------------------------------------------------
#$Author: andrius $
#$Date: 2020-02-12 05:49:29 -0500 (Wed, 12 Feb 2020) $
#$Revision: 138 $
#$URL: svn://saulius-grazulis.lt/libraries/trunk/perl/CGIParameters/lib/CGIParameters.pm $
#------------------------------------------------------------------------------
#*
# Process CGI parameters with specified defaults.
#**
package CGIParameters;
use strict;
use warnings;
use URI::Escape;
use URL::Encode qw( url_params_multi );
our $VERSION = '0.1.0-dev';
require Exporter;
our @ISA = qw( Exporter );
our @EXPORT = qw( read_cgi_parameters hash2get );
# Process CGI parameters, extracting and sanitizing known ones and using
# default values for not supplied keys.
# Accepts:
# -- CGI handle, as returned by CGI.pm
# -- hash, describing required CGI parameters, for example:
# { sessid => { re => '[0-9a-f]+',
# errmsg => 'session %s does not exist' },
# method => { re => 'direct|babel|immediate',
# default => 'babel' },
# smiles => { re => '[^\s\;\'"]+' } }
sub read_cgi_parameters
{
my( $cgi, $description, $options ) = @_;
my $par;
my $par_hash = $cgi->Vars;
$options = {} unless $options;
# A temporary hash must be used due to some Perl gotchas:
my $split = {};
for my $key ( sort keys %$par_hash ) {
$split->{$key} = [ split( "\0", $par_hash->{$key} ) ];
}
$par_hash = $split;
my $QS_hash = {};
if( $options->{query_string} ) {
$QS_hash = url_params_multi( $options->{query_string} );
}
# Form parameters have precedence over query string ones:
$par_hash = { %$QS_hash, %$par_hash };
# Passing through (without untainting) variables that match
# provided RE:
if( $options->{passthrough_re} ) {
for my $key ( sort keys %$par_hash ) {
next if $key !~ $options->{passthrough_re};
my @values = @{$par_hash->{$key}};
if( !@values ) {
$par->{$key} = ''; # restoring the original value
} elsif( @values == 1 ) {
$par->{$key} = shift @values;
} else {
$par->{$key} = \@values;
}
}
}
my @changed;
for my $key ( sort keys %$description ) {
next if !exists $description->{$key}{re};
next if exists $par->{$key};
if( !exists $par_hash->{$key} ||
!defined $par_hash->{$key} ||
@{$par_hash->{$key}} == 0 ) {
next if !exists $description->{$key}{default};
$par->{$key} = $description->{$key}{default};
next;
}
my $re = $description->{$key}{re};
my @values = @{$par_hash->{$key}};
my @values_now;
foreach( @values ) {
if( /^($re)$/ ) {
push @values_now, $1;
} else {
my $errmsg = "Malformed query variable '$key' " .
"(should match regular expression '^($re)\$')";
if( exists $description->{$key}{errmsg} ) {
$errmsg = $description->{$key}{errmsg};
my @sprintf_parameters = ( $_, $key, $re );
my @replacements = $errmsg =~ /%s/g;
@sprintf_parameters = @sprintf_parameters[0..@replacements-1];
$errmsg = sprintf $errmsg, @sprintf_parameters;
}
die $errmsg . "\n";
}
}
if( $description->{$key}{multiple} ) {
$par->{$key} = \@values_now;
push @changed, $key;
} else {
$par->{$key} = $values_now[0];
if( !exists $description->{$key}{default} ||
(defined $par->{$key} &&
$description->{$key}{default} ne $par->{$key}) ) {
push @changed, $key;
}
}
}
if( wantarray ) {
return $par, { map { $_ => 1 } @changed };
} else {
return $par;
}
}
# Converts Perl hash into GET query string.
sub hash2get
{
my( $h, $exclude, $overwrite ) = @_;
my %copy = map { $_ => $h->{$_} } keys %$h;
$exclude = {} unless $exclude;
$overwrite = {} unless $overwrite;
foreach( keys %$exclude ) {
delete $copy{$_};
}
foreach( keys %$overwrite ) {
$copy{$_} = $overwrite->{$_};
}
my @kv_pairs;
for my $key ( sort keys %copy ) {
if( ref $copy{$key} eq 'ARRAY' ) {
@kv_pairs = ( @kv_pairs, map { "$key=" . uri_escape( $_ ) }
@{ $copy{$key} } );
} else {
push @kv_pairs, "$key=" . uri_escape( $copy{$key} );
}
}
return join( '&', @kv_pairs );
}
1;
|
