Oh - I don't know if it will work, but try putting the same "plugins" item in
the HTML::Mason::CGIHandler::new() parameters. Good luck!
On 7 Jun 2011, at 1:15 PM, Shane McCarron wrote:
> Clever. Does that work in CGI mode too?
>
> On Mon, Jun 6, 2011 at 4:35 PM, Nic Wolff <n...@angel.net> wrote:
>
>> You can add a class to the ApacheHandler's "plugins" arrayref, for example
>>
>> sub handler {
>> my $r = shift; # Apache2::RequestRec object;
>> my $ah = HTML::Mason::ApacheHandler->new(
>> plugins => [ 'MasonX::Plugin::CheckARGS' ]
>> );
>> return $ah->handle_request($r);
>> }
>>
>> where MasonX::Plugin::CheckARGS is in @INC and contains something like
>>
>> package MasonX::Plugin:: CheckARGS;
>> use base qw(HTML::Mason::Plugin);
>>
>> sub start_request_hook {
>> my ( $self, $context ) = @_;
>>
>> my $args_ref = $context->args();
>> for my $arg ( @{$args_ref} ) {
>> # Do something to each $arg, for example:
>> utf8::is_utf8($arg) || utf8::decode($arg);
>> }
>> return;
>> }
>>
>> 1;
>>
>>
>> On 6 Jun 2011, at 4:42 PM, Shane McCarron wrote:
>>> I had a user report that, in some circumstances, it is possible to supply
>>> weird parameters on a request to my Mason app and inject random HTML into
>> my
>>> pages.
>>>
>>> Now, obviously I should be examining all parameters as they are passed
>> in,
>>> and I should be escaping them if I just print them out (via |h). But I
>> am
>>> not. And there are hundreds of pages. So I was wondering.... is there a
>>> way to have my master autohandler examine the ARGS hash and clean out
>>> anything nasty? I don't seem to be able to modify the values in %ARGS
>> in a
>>> way that makes those modifications available globally... Any ideas? Or,
>>> better yet, is there some option that I can just enable that would do
>> magic
>>> CGI parameter cleaning?
>>>
>>> --
>>> Shane McCarron
>>> halindr...@gmail.com
>>>
>> ------------------------------------------------------------------------------
>>> Simplify data backup and recovery for your virtual environment with
>> vRanger.
>>> Installation's a snap, and flexible recovery options mean your data is
>> safe,
>>> secure and there when you need it. Discover what all the cheering's
>> about.
>>> Get your free trial download today.
>>> http://p.sf.net/sfu/quest-dev2dev2_______________________________________________
>>> Mason-users mailing list
>>> Mason-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/mason-users
>>
>>
>
>
> --
> Shane McCarron
> halindr...@gmail.com
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Mason-users mailing list
Mason-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mason-users
