dcovington
/
KCI-KANBAN
1
0
Форк 0
Код Проблеми 0 Запити на злиття 0 Релізи 0 Вікі Активність
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
3 Коміти
1 Гілка
286KB
Дерево: 158436081f
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з '158436081f'
${ noResults }
KCI-KANBAN/core/lib.ControllerRegistry.asp

116 рядки
4.8KB
Неформатований Звинувачення Історія 

  1. <%

  2. '=======================================================================================================================

  3. ' Controller Registry

  4. ' Provides a whitelist of valid controllers to prevent code injection attacks

  5. '=======================================================================================================================

  6. 

  7. Class ControllerRegistry_Class

  8.     Private m_controllers

  9. 

  10.     Private Sub Class_Initialize()

  11.         Set m_controllers = Server.CreateObject("Scripting.Dictionary")

  12.         m_controllers.CompareMode = 1 ' vbTextCompare for case-insensitive

  13. 

  14.         ' Register all valid controllers here

  15.         ' Format: m_controllers.Add "controllername", True

  16.         RegisterController "homecontroller"

  17.         RegisterController "errorcontroller"

  18.         RegisterController "authcontroller"

  19.         RegisterController "boardscontroller"

  20.         RegisterController "columnscontroller"

  21.         RegisterController "swimlanescontroller"

  22.         RegisterController "cardscontroller"

  23.     End Sub

  24. 

  25.     Private Sub Class_Terminate()

  26.         Set m_controllers = Nothing

  27.     End Sub

  28. 

  29.     '---------------------------------------------------------------------------------------------------------------------

  30.     ' Register a controller as valid

  31.     '---------------------------------------------------------------------------------------------------------------------

  32.     Public Sub RegisterController(controllerName)

  33.         Dim key : key = LCase(Trim(controllerName))

  34.         If Not m_controllers.Exists(key) Then

  35.             m_controllers.Add key, True

  36.         End If

  37.     End Sub

  38. 

  39.     '---------------------------------------------------------------------------------------------------------------------

  40.     ' Check if a controller is registered (valid)

  41.     '---------------------------------------------------------------------------------------------------------------------

  42.     Public Function IsValidController(controllerName)

  43.         Dim key : key = LCase(Trim(controllerName))

  44.         IsValidController = m_controllers.Exists(key)

  45.     End Function

  46. 

  47.     '---------------------------------------------------------------------------------------------------------------------

  48.     ' Get list of all registered controllers

  49.     '---------------------------------------------------------------------------------------------------------------------

  50.     Public Function GetRegisteredControllers()

  51.         GetRegisteredControllers = m_controllers.Keys()

  52.     End Function

  53. 

  54.     '---------------------------------------------------------------------------------------------------------------------

  55.     ' Validate controller name format (alphanumeric and underscore only)

  56.     '---------------------------------------------------------------------------------------------------------------------

  57.     Public Function IsValidControllerFormat(controllerName)

  58.         If IsEmpty(controllerName) Or Len(controllerName) = 0 Then

  59.             IsValidControllerFormat = False

  60.             Exit Function

  61.         End If

  62. 

  63.         Dim i, ch

  64.         For i = 1 To Len(controllerName)

  65.             ch = Mid(controllerName, i, 1)

  66.             ' Allow a-z, A-Z, 0-9, and underscore

  67.             If Not ((ch >= "a" And ch <= "z") Or _

  68.                     (ch >= "A" And ch <= "Z") Or _

  69.                     (ch >= "0" And ch <= "9") Or _

  70.                     ch = "_") Then

  71.                 IsValidControllerFormat = False

  72.                 Exit Function

  73.             End If

  74.         Next

  75. 

  76.         IsValidControllerFormat = True

  77.     End Function

  78. 

  79.     '---------------------------------------------------------------------------------------------------------------------

  80.     ' Validate action name format (alphanumeric and underscore only)

  81.     '---------------------------------------------------------------------------------------------------------------------

  82.     Public Function IsValidActionFormat(actionName)

  83.         If IsEmpty(actionName) Or Len(actionName) = 0 Then

  84.             IsValidActionFormat = False

  85.             Exit Function

  86.         End If

  87. 

  88.         Dim i, ch

  89.         For i = 1 To Len(actionName)

  90.             ch = Mid(actionName, i, 1)

  91.             ' Allow a-z, A-Z, 0-9, and underscore

  92.             If Not ((ch >= "a" And ch <= "z") Or _

  93.                     (ch >= "A" And ch <= "Z") Or _

  94.                     (ch >= "0" And ch <= "9") Or _

  95.                     ch = "_") Then

  96.                 IsValidActionFormat = False

  97.                 Exit Function

  98.             End If

  99.         Next

  100. 

  101.         IsValidActionFormat = True

  102.     End Function

  103. 

  104. End Class

  105. 

  106. ' Singleton instance

  107. Dim ControllerRegistry_Class__Singleton

  108. Function ControllerRegistry()

  109.     If IsEmpty(ControllerRegistry_Class__Singleton) Then

  110.         Set ControllerRegistry_Class__Singleton = New ControllerRegistry_Class

  111.     End If

  112.     Set ControllerRegistry = ControllerRegistry_Class__Singleton

  113. End Function

  114. 

  115. %>

Powered by TurnKey Linux.