[interchange-cvs] interchange - heins modified lib/Vend/Dispatch.pm

interchange-cvs at icdevgroup.org interchange-cvs at icdevgroup.org
Wed Oct 19 10:15:44 EDT 2005 

User:      heins
Date:      2005-10-19 14:15:43 GMT
Modified:  lib/Vend Dispatch.pm
Log:
* Allow checkboxes for mv_order_* and other options in a "stacked" array.
  Mechanism is to name the variable with mv[0-9][0-9]?_*, which is changed
  into an array of values.

  <input type=hidden name="mv1_order_item" value="os28004">
  <input type=hidden name="mv3_order_item" value="os28008">
  <input type=hidden name="mv9_order_item" value="os29000">

  Is the equivalent of:

  <input type=hidden name="mv_order_item" value="">
  <input type=hidden name="mv_order_item" value="os28004">
  <input type=hidden name="mv_order_item" value="">
  <input type=hidden name="mv_order_item" value="os28008">
  <input type=hidden name="mv_order_item" value="">
  <input type=hidden name="mv_order_item" value="">
  <input type=hidden name="mv_order_item" value="">
  <input type=hidden name="mv_order_item" value="">
  <input type=hidden name="mv_order_item" value="">
  <input type=hidden name="mv_order_item" value="os29000">

* One potential problem is that the numbering starts from zero while [loop-
  increment] starts from one.

Revision  Changes    Path
1.59      +30 -4     interchange/lib/Vend/Dispatch.pm


rev 1.59, prev_rev 1.58
Index: Dispatch.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Dispatch.pm,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59
--- Dispatch.pm	4 Oct 2005 10:53:34 -0000	1.58
+++ Dispatch.pm	19 Oct 2005 14:15:43 -0000	1.59
@@ -1,6 +1,6 @@
 # Vend::Dispatch - Handle Interchange page requests
 #
-# $Id: Dispatch.pm,v 1.58 2005/10/04 10:53:34 racke Exp $
+# $Id: Dispatch.pm,v 1.59 2005/10/19 14:15:43 mheins Exp $
 #
 # Copyright (C) 2002-2005 Interchange Development Group
 # Copyright (C) 2002 Mike Heins <mike at perusion.net>
@@ -26,7 +26,7 @@
 package Vend::Dispatch;
 
 use vars qw($VERSION);
-$VERSION = substr(q$Revision: 1.58 $, 10);
+$VERSION = substr(q$Revision: 1.59 $, 10);
 
 use POSIX qw(strftime);
 use Vend::Util;
@@ -578,7 +578,33 @@
 
 sub do_process {
 
-    my @filters = grep /^[mu][vi]_filter:/, keys %CGI::values;
+	# Prevent using keys operation more than once
+    my @cgikeys = keys %CGI::values;
+
+    my @multis = grep /^mv\d\d?_/, @cgikeys;
+
+	## Only operates on up to 100 items to prevent "amplification"
+	## which could result in DOS attacks
+	MULTIS:
+	if(@multis) {
+		my %hash;
+		for(@multis) {
+			my $val = delete $CGI::values{$_};
+			# Have to handle nulls somehow....
+			$val =~ s/\0/::/g;
+			m{^mv\d+\d?_(.*)};
+			my $idx = $1;
+			my $key = $2;
+			$hash{$key} ||= [];
+			$hash{$key}[$idx] = $val;
+		}
+		while (my ($k, $v) = each %hash) {
+			$CGI::values{$k} = join "\0", @$v;
+		}
+	}
+
+    my @filters = grep /^[mu][vi]_filter:/, @cgikeys;
+
 	FILTERS: {
 		last FILTERS unless @filters;
 		foreach my $key (@filters) {
@@ -624,7 +650,7 @@
 		# by Jeff Carnahan
 		$todo = action_map($x,$y,$map);
 	}
-	elsif( my @todo = grep /^mv_todo\.\w+(?:\.x)?$/, keys %CGI::values ) {
+	elsif( my @todo = grep /^mv_todo\.\w+(?:\.x)?$/, @cgikeys ) {
 		# Only one todo!
 		for(@todo) {
 			delete $CGI::values{$_};

More information about the interchange-cvs mailing list