[LON-CAPA-cvs] cvs: loncom /interface loncommon.pm

albertel lon-capa-cvs@mail.lon-capa.org
Tue, 26 Feb 2002 20:59:28 -0000 

albertel		Tue Feb 26 15:59:28 2002 EDT

  Modified files:              
    /loncom/interface	loncommon.pm 
  Log:
  - add_to_env() added, adds a $value to $name entry in %ENV, makes it an array if it already existed
  - get_unprocessed_cgi now accepts a arrayref of names that are allowed to be set in %ENV, preventing external abuse
  
  
Index: loncom/interface/loncommon.pm
diff -u loncom/interface/loncommon.pm:1.24 loncom/interface/loncommon.pm:1.25
--- loncom/interface/loncommon.pm:1.24	Wed Jan 30 12:40:39 2002
+++ loncom/interface/loncommon.pm	Tue Feb 26 15:59:28 2002
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # a pile of common routines
 #
-# $Id: loncommon.pm,v 1.24 2002/01/30 17:40:39 albertel Exp $
+# $Id: loncommon.pm,v 1.25 2002/02/26 20:59:28 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -358,12 +358,17 @@
 }
 
 sub get_unprocessed_cgi {
-  my ($query)= @_;
+  my ($query,$possible_names)= @_;
+  $Apache::lonxml::debug=1;
   foreach (split(/&/,$query)) {
     my ($name, $value) = split(/=/,$_);
-    $value =~ tr/+/ /;
-    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
-    if (!defined($ENV{'form.'.$name})) { $ENV{'form.'.$name}=$value; }
+    $name = &Apache::lonnet::unescape($name);
+    if (!defined($possible_names) || (grep {$_ eq $name} @$possible_names)) {
+      $value =~ tr/+/ /;
+      $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
+      &Apache::lonxml::debug("Seting :$name: to :$value:");
+      &add_to_env('form.'.$name,$value);
+    }
   }
 }
 
@@ -384,6 +389,23 @@
   $r->header_out("Pragma" => "no-cache");
   #$r->header_out("Expires" => $date);
 }
+
+sub add_to_env {
+  my ($name,$value)=@_;
+  if ($ENV{$name}) {
+    if (defined(@{ $ENV{$name} })) {
+      #already have multiple values
+      push(@{ $ENV{$name} },$value);
+    } else {
+      #first time seeing multiple values, convert hash entry to an arrayref
+      my $first=$ENV{$name};
+      undef($ENV{$name});
+      push(@{ $ENV{$name} },$first,$value);
+    }
+  } else {
+    $ENV{$name}=$value;
+  }
+}
 1;
 __END__;
 
@@ -487,6 +509,12 @@
 =item *
 
 nocache() : specifies header code to not have cache
+
+=item *
+
+add_to_env($name,$value) : adds $name to the %ENV hash with value
+$value, if $name already exists, the entry is converted to an array
+reference and $value is added to the array.
 
 =back