dcovington
/
KCI-KANBAN
1
0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
1 Commit
1 Branche
286KB
Aborescence: aa515624d4
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de 'aa515624d4'
${ noResults }
KCI-KANBAN/core/lib.ControllerRegistry.asp

112 lignes
4.6KB
Brut Annotations Historique 

  1. <%

  2. '=======================================================================================================================

  3. ' Controller Registry

  4. ' Provides a whitelist of valid controllers to prevent code injection attacks

  5. '=======================================================================================================================

  6. 

  7. Class ControllerRegistry_Class

  8.     Private m_controllers

  9. 

  10.     Private Sub Class_Initialize()

  11.         Set m_controllers = Server.CreateObject("Scripting.Dictionary")

  12.         m_controllers.CompareMode = 1 ' vbTextCompare for case-insensitive

  13. 

  14.         ' Register all valid controllers here

  15.         ' Format: m_controllers.Add "controllername", True

  16.         RegisterController "homecontroller"

  17.         RegisterController "errorcontroller"

  18.         RegisterController "authcontroller"

  19.     End Sub

  20. 

  21.     Private Sub Class_Terminate()

  22.         Set m_controllers = Nothing

  23.     End Sub

  24. 

  25.     '---------------------------------------------------------------------------------------------------------------------

  26.     ' Register a controller as valid

  27.     '---------------------------------------------------------------------------------------------------------------------

  28.     Public Sub RegisterController(controllerName)

  29.         Dim key : key = LCase(Trim(controllerName))

  30.         If Not m_controllers.Exists(key) Then

  31.             m_controllers.Add key, True

  32.         End If

  33.     End Sub

  34. 

  35.     '---------------------------------------------------------------------------------------------------------------------

  36.     ' Check if a controller is registered (valid)

  37.     '---------------------------------------------------------------------------------------------------------------------

  38.     Public Function IsValidController(controllerName)

  39.         Dim key : key = LCase(Trim(controllerName))

  40.         IsValidController = m_controllers.Exists(key)

  41.     End Function

  42. 

  43.     '---------------------------------------------------------------------------------------------------------------------

  44.     ' Get list of all registered controllers

  45.     '---------------------------------------------------------------------------------------------------------------------

  46.     Public Function GetRegisteredControllers()

  47.         GetRegisteredControllers = m_controllers.Keys()

  48.     End Function

  49. 

  50.     '---------------------------------------------------------------------------------------------------------------------

  51.     ' Validate controller name format (alphanumeric and underscore only)

  52.     '---------------------------------------------------------------------------------------------------------------------

  53.     Public Function IsValidControllerFormat(controllerName)

  54.         If IsEmpty(controllerName) Or Len(controllerName) = 0 Then

  55.             IsValidControllerFormat = False

  56.             Exit Function

  57.         End If

  58. 

  59.         Dim i, ch

  60.         For i = 1 To Len(controllerName)

  61.             ch = Mid(controllerName, i, 1)

  62.             ' Allow a-z, A-Z, 0-9, and underscore

  63.             If Not ((ch >= "a" And ch <= "z") Or _

  64.                     (ch >= "A" And ch <= "Z") Or _

  65.                     (ch >= "0" And ch <= "9") Or _

  66.                     ch = "_") Then

  67.                 IsValidControllerFormat = False

  68.                 Exit Function

  69.             End If

  70.         Next

  71. 

  72.         IsValidControllerFormat = True

  73.     End Function

  74. 

  75.     '---------------------------------------------------------------------------------------------------------------------

  76.     ' Validate action name format (alphanumeric and underscore only)

  77.     '---------------------------------------------------------------------------------------------------------------------

  78.     Public Function IsValidActionFormat(actionName)

  79.         If IsEmpty(actionName) Or Len(actionName) = 0 Then

  80.             IsValidActionFormat = False

  81.             Exit Function

  82.         End If

  83. 

  84.         Dim i, ch

  85.         For i = 1 To Len(actionName)

  86.             ch = Mid(actionName, i, 1)

  87.             ' Allow a-z, A-Z, 0-9, and underscore

  88.             If Not ((ch >= "a" And ch <= "z") Or _

  89.                     (ch >= "A" And ch <= "Z") Or _

  90.                     (ch >= "0" And ch <= "9") Or _

  91.                     ch = "_") Then

  92.                 IsValidActionFormat = False

  93.                 Exit Function

  94.             End If

  95.         Next

  96. 

  97.         IsValidActionFormat = True

  98.     End Function

  99. 

  100. End Class

  101. 

  102. ' Singleton instance

  103. Dim ControllerRegistry_Class__Singleton

  104. Function ControllerRegistry()

  105.     If IsEmpty(ControllerRegistry_Class__Singleton) Then

  106.         Set ControllerRegistry_Class__Singleton = New ControllerRegistry_Class

  107.     End If

  108.     Set ControllerRegistry = ControllerRegistry_Class__Singleton

  109. End Function

  110. 

  111. %>

Powered by TurnKey Linux.