Thread: Cleaning variables for a CGI app (as a derived class?)

  1. #1
    Registered User
    Join Date
    Oct 2005

    Cleaning variables for a CGI app (as a derived class?)

    Alrighty chaps,

    I think it's just best if I show you what I'm trying to do here rather than trying to explain it in words.

    Basically I'm writing web apps. What I need to work on still is the cleaning of variables sent by the users. In my programs, user variables are accessed like below:

    Note: user parameters are stored internally as a map<string,string>; CGI::param() retrieves them
    #include <string>
    #include <cgipm.h>
    int main()
        CGI q;     // imitates
        string cmd = q.param("cmd");    // as it works atm (insecure though)
        // What I was hoping to be able to do is to have it set up
        // something like this instead:
        string cmd = q.param("cmd");   // illegal: return not of type string
        string cmdRaw = q.param("cmd").raw();   // ok - just returns parameter as is
        string cmdCleaned = q.param("cmd").clean("/[a-z]*/");  // returns string if matches RegExp
        return 0;
    I was planning on using PCRE for the cleaning - that's not the issue here - but as to how I get the clean() function to work like that I'm stuck.

    What I was thinking would be ideal is if the function CGI::param() could only return values either by calling raw() on it, or by clean()-ing it. Sort of like taint checking of user variables. That's why I'd rather do it like this than through seperate function calls.

    Thing is I've not actually made a derived class before (I understand the basic setup of them though, I think) and although this isn't just asking for you to do it for me, I wanted to know what sort of effort this would take. Also where do I start? It seemed a lot more straight forward when I thought of it.

  2. #2
    Registered User
    Join Date
    Jan 2005
    I'm not sure I understand you completely, but I would think you should use a non-member function to do the work. The function would take the raw string and the RegExp expression. The syntax would be a little different: clean(q.param("cmd").raw(), "/[a-z]*/"); but would still do the work just as well.

    You could also just add a second argument to param() that determines whether you should clean the parameter or not.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. base class pointer pointing at derived class
    By mynickmynick in forum C++ Programming
    Replies: 11
    Last Post: 12-01-2008, 12:26 PM
  2. Inheritance: assign base class to derived class
    By MWAAAHAAA in forum C++ Programming
    Replies: 15
    Last Post: 01-22-2007, 04:31 PM
  3. Derived class linking error
    By Enahs in forum C++ Programming
    Replies: 3
    Last Post: 11-12-2005, 10:18 PM
  4. base and derived class
    By Unregistered in forum C++ Programming
    Replies: 2
    Last Post: 12-12-2001, 03:11 PM
  5. Troubles overriding a const in a derived class
    By sh0x in forum C++ Programming
    Replies: 5
    Last Post: 10-05-2001, 08:11 PM
Website Security Test