Mercurial > pub > Impl
changeset 325:34a110d1f06c
added security check for the query transformation
| author | cin |
|---|---|
| date | Mon, 27 May 2013 02:49:58 +0400 |
| parents | b1e7b55b4a38 |
| children | 793cc7f0a7e7 |
| files | Lib/IMPL/DOM/Transform/QueryToDOM.pm |
| diffstat | 1 files changed, 14 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/Lib/IMPL/DOM/Transform/QueryToDOM.pm Sat May 25 01:57:49 2013 +0400 +++ b/Lib/IMPL/DOM/Transform/QueryToDOM.pm Mon May 27 02:49:58 2013 +0400 @@ -3,6 +3,9 @@ use IMPL::Const qw(:prop); use IMPL::declare { + require => { + OutOfRangeException => '-IMPL::OutOfRangeException' + }, base => [ 'IMPL::DOM::Transform::ObjectToDOM' => '@_' ], @@ -12,6 +15,8 @@ ] }; +our $MAX_INDEX = 1024; + sub CTOR { my ($this) = @_; @@ -59,12 +64,14 @@ if (my ($name,$index) = ($part =~ m/^(\w+)(?:\[(\d+)\])?$/) ) { if (@parts) { if(defined $index) { + $this->ValidateIndex($index); $node = ($node->{$name}[$index] ||= {}); } else { $node = ($node->{$name} ||= {}); } } else { if(defined $index) { + $this->ValidateIndex($index); $node->{$name}[$index] = (@value == 1 ? $value[0] : \@value); } else { $node->{$name} = (@value == 1 ? $value[0] : \@value); @@ -77,6 +84,13 @@ return $this->Transform($data); } +sub ValidateIndex { + my ($this,$index) = @_; + + die OutOfRangeException->new() + unless $index >= 0 and $index <= $MAX_INDEX; +} + sub TransformAction { my ($this,$action) = @_;