dcovington
/
asp-classic-unified-framework
1
0
フォーク 0
コード 課題 0 プルリクエスト 0 リリース 0 Wiki アクティビティ
Consolidated ASP Classic MVC framework from best components
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
6 コミット
1 ブランチ
207KB
ブランチ: master
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'master' から
${ noResults }
asp-classic-unified-framework/core/lib.ControllerRegistry.asp

111 行
4.5KB
Raw パーマリンク Blame 履歴 

  1. <%

  2. '=======================================================================================================================

  3. ' Controller Registry

  4. ' Provides a whitelist of valid controllers to prevent code injection attacks

  5. '=======================================================================================================================

  6. 

  7. Class ControllerRegistry_Class

  8.     Private m_controllers

  9. 

  10.     Private Sub Class_Initialize()

  11.         Set m_controllers = Server.CreateObject("Scripting.Dictionary")

  12.         m_controllers.CompareMode = 1 ' vbTextCompare for case-insensitive

  13. 

  14.         ' Register all valid controllers here

  15.         ' Format: m_controllers.Add "controllername", True

  16.         RegisterController "homecontroller"

  17.         RegisterController "errorcontroller"

  18.     End Sub

  19. 

  20.     Private Sub Class_Terminate()

  21.         Set m_controllers = Nothing

  22.     End Sub

  23. 

  24.     '---------------------------------------------------------------------------------------------------------------------

  25.     ' Register a controller as valid

  26.     '---------------------------------------------------------------------------------------------------------------------

  27.     Public Sub RegisterController(controllerName)

  28.         Dim key : key = LCase(Trim(controllerName))

  29.         If Not m_controllers.Exists(key) Then

  30.             m_controllers.Add key, True

  31.         End If

  32.     End Sub

  33. 

  34.     '---------------------------------------------------------------------------------------------------------------------

  35.     ' Check if a controller is registered (valid)

  36.     '---------------------------------------------------------------------------------------------------------------------

  37.     Public Function IsValidController(controllerName)

  38.         Dim key : key = LCase(Trim(controllerName))

  39.         IsValidController = m_controllers.Exists(key)

  40.     End Function

  41. 

  42.     '---------------------------------------------------------------------------------------------------------------------

  43.     ' Get list of all registered controllers

  44.     '---------------------------------------------------------------------------------------------------------------------

  45.     Public Function GetRegisteredControllers()

  46.         GetRegisteredControllers = m_controllers.Keys()

  47.     End Function

  48. 

  49.     '---------------------------------------------------------------------------------------------------------------------

  50.     ' Validate controller name format (alphanumeric and underscore only)

  51.     '---------------------------------------------------------------------------------------------------------------------

  52.     Public Function IsValidControllerFormat(controllerName)

  53.         If IsEmpty(controllerName) Or Len(controllerName) = 0 Then

  54.             IsValidControllerFormat = False

  55.             Exit Function

  56.         End If

  57. 

  58.         Dim i, ch

  59.         For i = 1 To Len(controllerName)

  60.             ch = Mid(controllerName, i, 1)

  61.             ' Allow a-z, A-Z, 0-9, and underscore

  62.             If Not ((ch >= "a" And ch <= "z") Or _

  63.                     (ch >= "A" And ch <= "Z") Or _

  64.                     (ch >= "0" And ch <= "9") Or _

  65.                     ch = "_") Then

  66.                 IsValidControllerFormat = False

  67.                 Exit Function

  68.             End If

  69.         Next

  70. 

  71.         IsValidControllerFormat = True

  72.     End Function

  73. 

  74.     '---------------------------------------------------------------------------------------------------------------------

  75.     ' Validate action name format (alphanumeric and underscore only)

  76.     '---------------------------------------------------------------------------------------------------------------------

  77.     Public Function IsValidActionFormat(actionName)

  78.         If IsEmpty(actionName) Or Len(actionName) = 0 Then

  79.             IsValidActionFormat = False

  80.             Exit Function

  81.         End If

  82. 

  83.         Dim i, ch

  84.         For i = 1 To Len(actionName)

  85.             ch = Mid(actionName, i, 1)

  86.             ' Allow a-z, A-Z, 0-9, and underscore

  87.             If Not ((ch >= "a" And ch <= "z") Or _

  88.                     (ch >= "A" And ch <= "Z") Or _

  89.                     (ch >= "0" And ch <= "9") Or _

  90.                     ch = "_") Then

  91.                 IsValidActionFormat = False

  92.                 Exit Function

  93.             End If

  94.         Next

  95. 

  96.         IsValidActionFormat = True

  97.     End Function

  98. 

  99. End Class

  100. 

  101. ' Singleton instance

  102. Dim ControllerRegistry_Class__Singleton

  103. Function ControllerRegistry()

  104.     If IsEmpty(ControllerRegistry_Class__Singleton) Then

  105.         Set ControllerRegistry_Class__Singleton = New ControllerRegistry_Class

  106.     End If

  107.     Set ControllerRegistry = ControllerRegistry_Class__Singleton

  108. End Function

  109. 

  110. %>

Powered by TurnKey Linux.