dcovington
/
asp-classic-unified-framework
1
0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Consolidated ASP Classic MVC framework from best components
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
5 Révisions
1 Branche
207KB
Aborescence: 27e1b5a927
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '27e1b5a927'
${ noResults }
asp-classic-unified-framework/core/lib.ControllerRegistry.asp

114 lignes
4.7KB
Brut Annotations Historique 

  1. <%

  2. '=======================================================================================================================

  3. ' Controller Registry

  4. ' Provides a whitelist of valid controllers to prevent code injection attacks

  5. '=======================================================================================================================

  6. 

  7. Class ControllerRegistry_Class

  8.     Private m_controllers

  9. 

  10.     Private Sub Class_Initialize()

  11.         Set m_controllers = Server.CreateObject("Scripting.Dictionary")

  12.         m_controllers.CompareMode = 1 ' vbTextCompare for case-insensitive

  13. 

  14.         ' Register all valid controllers here

  15.         ' Format: m_controllers.Add "controllername", True

  16.         RegisterController "homecontroller"

  17.         RegisterController "errorcontroller"

  18.         RegisterController "territorycontroller"

  19.         RegisterController "householdcontroller"

  20.         RegisterController "householdernamecontroller"

  21.     End Sub

  22. 

  23.     Private Sub Class_Terminate()

  24.         Set m_controllers = Nothing

  25.     End Sub

  26. 

  27.     '---------------------------------------------------------------------------------------------------------------------

  28.     ' Register a controller as valid

  29.     '---------------------------------------------------------------------------------------------------------------------

  30.     Public Sub RegisterController(controllerName)

  31.         Dim key : key = LCase(Trim(controllerName))

  32.         If Not m_controllers.Exists(key) Then

  33.             m_controllers.Add key, True

  34.         End If

  35.     End Sub

  36. 

  37.     '---------------------------------------------------------------------------------------------------------------------

  38.     ' Check if a controller is registered (valid)

  39.     '---------------------------------------------------------------------------------------------------------------------

  40.     Public Function IsValidController(controllerName)

  41.         Dim key : key = LCase(Trim(controllerName))

  42.         IsValidController = m_controllers.Exists(key)

  43.     End Function

  44. 

  45.     '---------------------------------------------------------------------------------------------------------------------

  46.     ' Get list of all registered controllers

  47.     '---------------------------------------------------------------------------------------------------------------------

  48.     Public Function GetRegisteredControllers()

  49.         GetRegisteredControllers = m_controllers.Keys()

  50.     End Function

  51. 

  52.     '---------------------------------------------------------------------------------------------------------------------

  53.     ' Validate controller name format (alphanumeric and underscore only)

  54.     '---------------------------------------------------------------------------------------------------------------------

  55.     Public Function IsValidControllerFormat(controllerName)

  56.         If IsEmpty(controllerName) Or Len(controllerName) = 0 Then

  57.             IsValidControllerFormat = False

  58.             Exit Function

  59.         End If

  60. 

  61.         Dim i, ch

  62.         For i = 1 To Len(controllerName)

  63.             ch = Mid(controllerName, i, 1)

  64.             ' Allow a-z, A-Z, 0-9, and underscore

  65.             If Not ((ch >= "a" And ch <= "z") Or _

  66.                     (ch >= "A" And ch <= "Z") Or _

  67.                     (ch >= "0" And ch <= "9") Or _

  68.                     ch = "_") Then

  69.                 IsValidControllerFormat = False

  70.                 Exit Function

  71.             End If

  72.         Next

  73. 

  74.         IsValidControllerFormat = True

  75.     End Function

  76. 

  77.     '---------------------------------------------------------------------------------------------------------------------

  78.     ' Validate action name format (alphanumeric and underscore only)

  79.     '---------------------------------------------------------------------------------------------------------------------

  80.     Public Function IsValidActionFormat(actionName)

  81.         If IsEmpty(actionName) Or Len(actionName) = 0 Then

  82.             IsValidActionFormat = False

  83.             Exit Function

  84.         End If

  85. 

  86.         Dim i, ch

  87.         For i = 1 To Len(actionName)

  88.             ch = Mid(actionName, i, 1)

  89.             ' Allow a-z, A-Z, 0-9, and underscore

  90.             If Not ((ch >= "a" And ch <= "z") Or _

  91.                     (ch >= "A" And ch <= "Z") Or _

  92.                     (ch >= "0" And ch <= "9") Or _

  93.                     ch = "_") Then

  94.                 IsValidActionFormat = False

  95.                 Exit Function

  96.             End If

  97.         Next

  98. 

  99.         IsValidActionFormat = True

  100.     End Function

  101. 

  102. End Class

  103. 

  104. ' Singleton instance

  105. Dim ControllerRegistry_Class__Singleton

  106. Function ControllerRegistry()

  107.     If IsEmpty(ControllerRegistry_Class__Singleton) Then

  108.         Set ControllerRegistry_Class__Singleton = New ControllerRegistry_Class

  109.     End If

  110.     Set ControllerRegistry = ControllerRegistry_Class__Singleton

  111. End Function

  112. 

  113. %>

Powered by TurnKey Linux.