thh/newsstats
1
0
Fork 0
Code Issues 4 Pull requests Packages Projects Releases Activity

Merge branch 'thh-checkinput' into next

Browse source 
* thh-checkinput:
  Check for invalid newsgroup names.
This commit is contained in:
Thomas Hochstein 2013-09-02 12:59:45 +02:00
parent 439c85a280 c30822b48b
commit 5cfcb1c061
2 changed files with 23 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
NewsStats.pm
View file

@ -574,6 +574,7 @@ sub SQLGroupList {
my ($Newsgroups) = @_; my ($Newsgroups) = @_;
# substitute '*' wildcard with SQL wildcard character '%' # substitute '*' wildcard with SQL wildcard character '%'
$Newsgroups =~ s/\*/%/g; $Newsgroups =~ s/\*/%/g;
return (undef,undef) if !CheckValidNewsgroups($Newsgroups);
# just one newsgroup? # just one newsgroup?
return (SQLGroupWildcard($Newsgroups),$Newsgroups) if $Newsgroups !~ /:/; return (SQLGroupWildcard($Newsgroups),$Newsgroups) if $Newsgroups !~ /:/;
# list of newsgroups separated by ':' # list of newsgroups separated by ':'
@ -595,7 +596,6 @@ sub SQLGroupWildcard {
### (group.name or group.name.%) ### (group.name or group.name.%)
### OUT: SQL code to become part of a 'WHERE' clause ### OUT: SQL code to become part of a 'WHERE' clause
my ($Newsgroup) = @_; my ($Newsgroup) = @_;
# FIXME: check for validity
if ($Newsgroup !~ /%/) { if ($Newsgroup !~ /%/) {
return 'newsgroup = ?'; return 'newsgroup = ?';
} else { } else {
@ -698,6 +698,19 @@ sub SQLBuildClause {
return $SQLClause; return $SQLClause;
}; };
#####--------------------------- Verifications ----------------------------#####
################################################################################
sub CheckValidNewsgroups {
################################################################################
### syntax check of newgroup list
### IN : $Newsgroups: list of newsgroups (group.one.*:group.two:group.three.*)
### OUT: boolean
my ($Newsgroups) = @_;
my $InvalidCharRegExp = ',; ';
return ($Newsgroups =~ /[$InvalidCharRegExp]/) ? 0 : 1;
};
#####------------------------------- done ---------------------------------##### #####------------------------------- done ---------------------------------#####
1; 1;

13
groupstats.pl
View file

@ -100,8 +100,13 @@ my ($CaptionPeriod,$SQLWherePeriod) = &GetTimePeriod($OptMonth);
"please use 'YYYY-MM', 'YYYY-MM:YYYY-MM' or 'ALL'!") if !$CaptionPeriod; "please use 'YYYY-MM', 'YYYY-MM:YYYY-MM' or 'ALL'!") if !$CaptionPeriod;
# get list of newsgroups and set expression for SQL 'WHERE' clause # get list of newsgroups and set expression for SQL 'WHERE' clause
# with placeholders as well as a list of newsgroup to bind to them # with placeholders as well as a list of newsgroup to bind to them
my ($SQLWhereNewsgroups,@SQLBindNewsgroups) = &SQLGroupList($OptNewsgroups) my ($SQLWhereNewsgroups,@SQLBindNewsgroups);
if $OptNewsgroups;; if ($OptNewsgroups) {
($SQLWhereNewsgroups,@SQLBindNewsgroups) = &SQLGroupList($OptNewsgroups);
# bail out if --newsgroups is invalid
&Bleat(2,"--newsgroups option has an invalid format!")
if !$SQLWhereNewsgroups;
}
### build SQL WHERE clause (and HAVING clause, if needed) ### build SQL WHERE clause (and HAVING clause, if needed)
my ($SQLWhereClause,$SQLHavingClause); my ($SQLWhereClause,$SQLHavingClause);
@ -194,8 +199,8 @@ if ($OptBoundType and $OptBoundType ne 'default') {
$DBQuery = $DBHandle->prepare(sprintf('SELECT %s FROM %s.%s %s %s %s', $DBQuery = $DBHandle->prepare(sprintf('SELECT %s FROM %s.%s %s %s %s',
$SQLSelect, $SQLSelect,
$Conf{'DBDatabase'},$Conf{'DBTableGrps'}, $Conf{'DBDatabase'},$Conf{'DBTableGrps'},
$SQLWhereClause,$SQLGroupClause,$ $SQLWhereClause,$SQLGroupClause,
SQLOrderClause)); $SQLOrderClause));
# execute query # execute query
$DBQuery->execute(@SQLBindNewsgroups) $DBQuery->execute(@SQLBindNewsgroups)