LinkBack URL
About LinkBacks
Alrighty chaps,
I think it's just best if I show you what I'm trying to do here rather than trying to explain it in words.
Basically I'm writing web apps. What I need to work on still is the cleaning of variables sent by the users. In my programs, user variables are accessed like below:
Note: user parameters are stored internally as a map<string,string>; CGI::param() retrieves them
I was planning on using PCRE for the cleaning - that's not the issue here - but as to how I get the clean() function to work like that I'm stuck.Code:#include <string> #include <cgipm.h> int main() { CGI q; // imitates CGI.pm string cmd = q.param("cmd"); // as it works atm (insecure though) // What I was hoping to be able to do is to have it set up // something like this instead: string cmd = q.param("cmd"); // illegal: return not of type string string cmdRaw = q.param("cmd").raw(); // ok - just returns parameter as is string cmdCleaned = q.param("cmd").clean("/[a-z]*/"); // returns string if matches RegExp return 0; }
What I was thinking would be ideal is if the function CGI::param() could only return values either by calling raw() on it, or by clean()-ing it. Sort of like taint checking of user variables. That's why I'd rather do it like this than through seperate function calls.
Thing is I've not actually made a derived class before (I understand the basic setup of them though, I think) and although this isn't just asking for you to do it for me, I wanted to know what sort of effort this would take. Also where do I start? It seemed a lot more straight forward when I thought of it.
