You can add a class to the ApacheHandler's "plugins" arrayref, for example
sub handler {
my $r = shift; # Apache2::RequestRec object;
my $ah = HTML::Mason::ApacheHandler->new(
plugins => [ 'MasonX::Plugin::CheckARGS' ]
);
return $ah->handle_request($r);
}
where MasonX::Plugin::CheckARGS is in @INC and contains something like
package MasonX::Plugin:: CheckARGS;
use base qw(HTML::Mason::Plugin);
sub start_request_hook {
my ( $self, $context ) = @_;
my $args_ref = $context->args();
for my $arg ( @{$args_ref} ) {
# Do something to each $arg, for example:
utf8::is_utf8($arg) || utf8::decode($arg);
}
return;
}
1;
On 6 Jun 2011, at 4:42 PM, Shane McCarron wrote:
> I had a user report that, in some circumstances, it is possible to supply
> weird parameters on a request to my Mason app and inject random HTML into my
> pages.
>
> Now, obviously I should be examining all parameters as they are passed in,
> and I should be escaping them if I just print them out (via |h). But I am
> not. And there are hundreds of pages. So I was wondering.... is there a
> way to have my master autohandler examine the ARGS hash and clean out
> anything nasty? I don't seem to be able to modify the values in %ARGS in a
> way that makes those modifications available globally... Any ideas? Or,
> better yet, is there some option that I can just enable that would do magic
> CGI parameter cleaning?
>
> --
> Shane McCarron
> halindr...@gmail.com
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with vRanger.
> Installation's a snap, and flexible recovery options mean your data is safe,
> secure and there when you need it. Discover what all the cheering's about.
> Get your free trial download today.
> http://p.sf.net/sfu/quest-dev2dev2
> _______________________________________________
> Mason-users mailing list
> Mason-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mason-users
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Mason-users mailing list
Mason-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mason-users
