In my last post I learned of the necessity of filtering CGI input, so
what I want to do is set a dict of allowable variable names:
allowedVariables = {'eeny':None, 'meeny':None, 'miny':None, 'mo':None}
# Set up a FieldStorage object:
import cgi
inputVariables = cgi.FieldStorage()
for name, value in {"eeny" : "value1", "meeny" : "value2", "miny" :
"value3", "mofo" : "value4"}.items():
inputVariables.list.append(cgi.MiniFieldStorage(name, value))
allowedVariables.update(((key, inputVariables[key].value) for key in
inputVariables))
allowedVariables
As you can see, the variable 'mofo' gets added to allowedVariables,
which is normal behavior. Is there an easy way to limit updates to
ONLY variables in the allowedVariables dict?
And in addition, maybe return an error so the attacker can be blocked?
-- Gnarlie
--
http://mail.python.org/mailman/listinfo/python-list
