dcovington
/
ASPBlogBrainOrdure
1
0
Çatalla 0
Kod Konular 6 Değişiklik İstekleri 0 Sürümler 0 Wiki Aktivite
ASP Classic blog framework - BrainOrdure
25'ten fazla konu seçemezsiniz Konular bir harf veya rakamla başlamalı, kısa çizgiler ('-') içerebilir ve en fazla 35 karakter uzunluğunda olabilir.
60 İşlemeler
1 Dal
1.9MB
Ağaç: b30cb2fae1
Dallar Biçim İmleri
${ item.name }
Branş ${ searchTerm } oluştur
'b30cb2fae1'den
${ noResults }
ASPBlogBrainOrdure/core/lib.ControllerRegistry.asp

115 satır
4.7KB
Ham Suçlama Geçmiş 

  1. <%

  2. '=======================================================================================================================

  3. ' Controller Registry

  4. ' Provides a whitelist of valid controllers to prevent code injection attacks

  5. '=======================================================================================================================

  6. 

  7. Class ControllerRegistry_Class

  8.     Private m_controllers

  9. 

  10.     Private Sub Class_Initialize()

  11.         Set m_controllers = Server.CreateObject("Scripting.Dictionary")

  12.         m_controllers.CompareMode = 1 ' vbTextCompare for case-insensitive

  13. 

  14.         ' Register all valid controllers here

  15.         ' Format: m_controllers.Add "controllername", True

  16.         RegisterController "homecontroller"

  17.         RegisterController "errorcontroller"

  18.         RegisterController "categoriescontroller"

  19.         RegisterController "postscontroller"

  20.         RegisterController "commentscontroller"

  21.         RegisterController "admincontroller"

  22.     End Sub

  23. 

  24.     Private Sub Class_Terminate()

  25.         Set m_controllers = Nothing

  26.     End Sub

  27. 

  28.     '---------------------------------------------------------------------------------------------------------------------

  29.     ' Register a controller as valid

  30.     '---------------------------------------------------------------------------------------------------------------------

  31.     Public Sub RegisterController(controllerName)

  32.         Dim key : key = LCase(Trim(controllerName))

  33.         If Not m_controllers.Exists(key) Then

  34.             m_controllers.Add key, True

  35.         End If

  36.     End Sub

  37. 

  38.     '---------------------------------------------------------------------------------------------------------------------

  39.     ' Check if a controller is registered (valid)

  40.     '---------------------------------------------------------------------------------------------------------------------

  41.     Public Function IsValidController(controllerName)

  42.         Dim key : key = LCase(Trim(controllerName))

  43.         IsValidController = m_controllers.Exists(key)

  44.     End Function

  45. 

  46.     '---------------------------------------------------------------------------------------------------------------------

  47.     ' Get list of all registered controllers

  48.     '---------------------------------------------------------------------------------------------------------------------

  49.     Public Function GetRegisteredControllers()

  50.         GetRegisteredControllers = m_controllers.Keys()

  51.     End Function

  52. 

  53.     '---------------------------------------------------------------------------------------------------------------------

  54.     ' Validate controller name format (alphanumeric and underscore only)

  55.     '---------------------------------------------------------------------------------------------------------------------

  56.     Public Function IsValidControllerFormat(controllerName)

  57.         If IsEmpty(controllerName) Or Len(controllerName) = 0 Then

  58.             IsValidControllerFormat = False

  59.             Exit Function

  60.         End If

  61. 

  62.         Dim i, ch

  63.         For i = 1 To Len(controllerName)

  64.             ch = Mid(controllerName, i, 1)

  65.             ' Allow a-z, A-Z, 0-9, and underscore

  66.             If Not ((ch >= "a" And ch <= "z") Or _

  67.                     (ch >= "A" And ch <= "Z") Or _

  68.                     (ch >= "0" And ch <= "9") Or _

  69.                     ch = "_") Then

  70.                 IsValidControllerFormat = False

  71.                 Exit Function

  72.             End If

  73.         Next

  74. 

  75.         IsValidControllerFormat = True

  76.     End Function

  77. 

  78.     '---------------------------------------------------------------------------------------------------------------------

  79.     ' Validate action name format (alphanumeric and underscore only)

  80.     '---------------------------------------------------------------------------------------------------------------------

  81.     Public Function IsValidActionFormat(actionName)

  82.         If IsEmpty(actionName) Or Len(actionName) = 0 Then

  83.             IsValidActionFormat = False

  84.             Exit Function

  85.         End If

  86. 

  87.         Dim i, ch

  88.         For i = 1 To Len(actionName)

  89.             ch = Mid(actionName, i, 1)

  90.             ' Allow a-z, A-Z, 0-9, and underscore

  91.             If Not ((ch >= "a" And ch <= "z") Or _

  92.                     (ch >= "A" And ch <= "Z") Or _

  93.                     (ch >= "0" And ch <= "9") Or _

  94.                     ch = "_") Then

  95.                 IsValidActionFormat = False

  96.                 Exit Function

  97.             End If

  98.         Next

  99. 

  100.         IsValidActionFormat = True

  101.     End Function

  102. 

  103. End Class

  104. 

  105. ' Singleton instance

  106. Dim ControllerRegistry_Class__Singleton

  107. Function ControllerRegistry()

  108.     If IsEmpty(ControllerRegistry_Class__Singleton) Then

  109.         Set ControllerRegistry_Class__Singleton = New ControllerRegistry_Class

  110.     End If

  111.     Set ControllerRegistry = ControllerRegistry_Class__Singleton

  112. End Function

  113. 

  114. %>

Powered by TurnKey Linux.