Re: CGI input: Filter dict.update() unwanted variables

Miki Tebeka Mon, 22 Aug 2011 08:43:18 -0700

> Is there an easy way to limit updates to
> ONLY variables in the allowedVariables dict?


allowedVariables = ['eeny', 'meeny', 'miny', 'mo']
form = cgi.FieldStorage()
safe_input = dict((key, form.getvalue(key)) for key in allowedVariables) 
 
> And in addition, maybe return an error so the attacker can be blocked?
You can check if there is a "non-allowed variable" and then return HTTP error.
if set(form) - set(allowedVariables):
    print('Status: 406\n\n')
    raise SystemExit()

HTH
--
Miki Tebeka <miki.teb...@gmail.com>
http://pythonwise.blogspot.com

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: CGI input: Filter dict.update() unwanted variables

Reply via email to