From bed43bb9880622d0c911336ad8b1c266eca244fc Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Fri, 31 Aug 2007 02:43:03 +0000 Subject: Implement argument checking. Stop explicitly including the MySQL driver since DBI doesn't require it. --- server/wallet-backend | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/server/wallet-backend b/server/wallet-backend index e8617cd..6fed995 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -14,11 +14,37 @@ our $ID = q$Id$; use strict; use DBI; -use DBD::MySQL; use Sys::Syslog qw(openlog syslog); use Wallet::Config; use Wallet::Server; +############################################################################## +# Parameter checking +############################################################################## + +# Check all arguments against a very restricted set of allowed characters and +# to ensure the right number of arguments are taken. The arguments are the +# number of arguments expected, a reference to an array of which argument +# numbers shouldn't be checked, and then the arguments. +# +# This function is probably temporary and will be replaced with something that +# knows more about the syntax of each command and can check more things. +sub check_args { + my ($count, $exclude, @args) = @_; + if (@args < $count) { + die "insufficient arguments\n"; + } elsif (@args > $count) { + die "too many arguments\n"; + } + my %exclude = map { $_ => 1 } @$exclude; + for (my $i = 1; $i <= @args; $i++) { + next if $exclude{$i}; + unless ($args[$i - 1] =~ m,^[\w_/.-]+\z,) { + die "invalid characters in argument: $args[$i - 1]\n"; + } + } +} + ############################################################################## # Implementation ############################################################################## -- cgit v1.2.3