dcovington
/
asp-classic-unified-framework
1
0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Consolidated ASP Classic MVC framework from best components
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
6 Révisions
1 Branche
207KB
Branche: master
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de 'master'
${ noResults }
asp-classic-unified-framework/core/lib.ControllerRegistry.asp

111 lignes
4.5KB
Brut Lien permanent Annotations Historique 

  1. <%

  2. '=======================================================================================================================

  3. ' Controller Registry

  4. ' Provides a whitelist of valid controllers to prevent code injection attacks

  5. '=======================================================================================================================

  6. 

  7. Class ControllerRegistry_Class

  8.     Private m_controllers

  9. 

  10.     Private Sub Class_Initialize()

  11.         Set m_controllers = Server.CreateObject("Scripting.Dictionary")

  12.         m_controllers.CompareMode = 1 ' vbTextCompare for case-insensitive

  13. 

  14.         ' Register all valid controllers here

  15.         ' Format: m_controllers.Add "controllername", True

  16.         RegisterController "homecontroller"

  17.         RegisterController "errorcontroller"

  18.     End Sub

  19. 

  20.     Private Sub Class_Terminate()

  21.         Set m_controllers = Nothing

  22.     End Sub

  23. 

  24.     '---------------------------------------------------------------------------------------------------------------------

  25.     ' Register a controller as valid

  26.     '---------------------------------------------------------------------------------------------------------------------

  27.     Public Sub RegisterController(controllerName)

  28.         Dim key : key = LCase(Trim(controllerName))

  29.         If Not m_controllers.Exists(key) Then

  30.             m_controllers.Add key, True

  31.         End If

  32.     End Sub

  33. 

  34.     '---------------------------------------------------------------------------------------------------------------------

  35.     ' Check if a controller is registered (valid)

  36.     '---------------------------------------------------------------------------------------------------------------------

  37.     Public Function IsValidController(controllerName)

  38.         Dim key : key = LCase(Trim(controllerName))

  39.         IsValidController = m_controllers.Exists(key)

  40.     End Function

  41. 

  42.     '---------------------------------------------------------------------------------------------------------------------

  43.     ' Get list of all registered controllers

  44.     '---------------------------------------------------------------------------------------------------------------------

  45.     Public Function GetRegisteredControllers()

  46.         GetRegisteredControllers = m_controllers.Keys()

  47.     End Function

  48. 

  49.     '---------------------------------------------------------------------------------------------------------------------

  50.     ' Validate controller name format (alphanumeric and underscore only)

  51.     '---------------------------------------------------------------------------------------------------------------------

  52.     Public Function IsValidControllerFormat(controllerName)

  53.         If IsEmpty(controllerName) Or Len(controllerName) = 0 Then

  54.             IsValidControllerFormat = False

  55.             Exit Function

  56.         End If

  57. 

  58.         Dim i, ch

  59.         For i = 1 To Len(controllerName)

  60.             ch = Mid(controllerName, i, 1)

  61.             ' Allow a-z, A-Z, 0-9, and underscore

  62.             If Not ((ch >= "a" And ch <= "z") Or _

  63.                     (ch >= "A" And ch <= "Z") Or _

  64.                     (ch >= "0" And ch <= "9") Or _

  65.                     ch = "_") Then

  66.                 IsValidControllerFormat = False

  67.                 Exit Function

  68.             End If

  69.         Next

  70. 

  71.         IsValidControllerFormat = True

  72.     End Function

  73. 

  74.     '---------------------------------------------------------------------------------------------------------------------

  75.     ' Validate action name format (alphanumeric and underscore only)

  76.     '---------------------------------------------------------------------------------------------------------------------

  77.     Public Function IsValidActionFormat(actionName)

  78.         If IsEmpty(actionName) Or Len(actionName) = 0 Then

  79.             IsValidActionFormat = False

  80.             Exit Function

  81.         End If

  82. 

  83.         Dim i, ch

  84.         For i = 1 To Len(actionName)

  85.             ch = Mid(actionName, i, 1)

  86.             ' Allow a-z, A-Z, 0-9, and underscore

  87.             If Not ((ch >= "a" And ch <= "z") Or _

  88.                     (ch >= "A" And ch <= "Z") Or _

  89.                     (ch >= "0" And ch <= "9") Or _

  90.                     ch = "_") Then

  91.                 IsValidActionFormat = False

  92.                 Exit Function

  93.             End If

  94.         Next

  95. 

  96.         IsValidActionFormat = True

  97.     End Function

  98. 

  99. End Class

  100. 

  101. ' Singleton instance

  102. Dim ControllerRegistry_Class__Singleton

  103. Function ControllerRegistry()

  104.     If IsEmpty(ControllerRegistry_Class__Singleton) Then

  105.         Set ControllerRegistry_Class__Singleton = New ControllerRegistry_Class

  106.     End If

  107.     Set ControllerRegistry = ControllerRegistry_Class__Singleton

  108. End Function

  109. 

  110. %>

Powered by TurnKey Linux.