summaryrefslogtreecommitdiff
path: root/lib/VNDB/Func.pm
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2010-11-22 11:04:56 +0100
committerYorhel <git@yorhel.nl>2010-11-22 11:04:56 +0100
commit1c545349e9c17c9d1b7800c3b085ce6a0cff186a (patch)
treeb21cf89f3aa26356d8de383caea9535ad8bcce79 /lib/VNDB/Func.pm
parent8395dc9db24ebd4814e7dd5cade08ce1e41b559b (diff)
Added basic validation of the filter string
fil_parse() now checks for proper formatting of the string and ignores key/value pairs that are not the list of allowed keys. This makes it impossible to provide extra, unintended, arguments to dbReleaseGet(), such as 'results'.
Diffstat (limited to 'lib/VNDB/Func.pm')
-rw-r--r--lib/VNDB/Func.pm14
1 files changed, 10 insertions, 4 deletions
diff --git a/lib/VNDB/Func.pm b/lib/VNDB/Func.pm
index 810fe622..11d442f4 100644
--- a/lib/VNDB/Func.pm
+++ b/lib/VNDB/Func.pm
@@ -95,13 +95,19 @@ sub minage {
}
+# arguments: $filter_string, @allowed_keys
sub fil_parse {
- return { map {
- my($f, $v) = split /-/, $_, 2;
+ my $str = shift;
+ my %keys = map +($_,1), @_;
+ my %r;
+ for (split /\./, $str) {
+ next if !/^([a-z0-9_]+)-([a-zA-Z0-9_~]+)$/ || !$keys{$1};
+ my($f, $v) = ($1, $2);
my @v = split /~/, $v;
s/_([0-9]{2})/$1 > $#fil_escape ? '' : $fil_escape[$1]/eg for(@v);
- $f => @v > 1 ? \@v : @v
- } split /\./, scalar shift };
+ $r{$f} = @v > 1 ? \@v : $v[0]
+ }
+ return \%r;
}