CGI input: Filter dict.update() unwanted variables

Miki Tebeka miki.tebeka at gmail.com
Mon Aug 22 17:39:47 CEST 2011


> Is there an easy way to limit updates to
> ONLY variables in the allowedVariables dict?

allowedVariables = ['eeny', 'meeny', 'miny', 'mo']
form = cgi.FieldStorage()
safe_input = dict((key, form.getvalue(key)) for key in allowedVariables) 
 
> And in addition, maybe return an error so the attacker can be blocked?
You can check if there is a "non-allowed variable" and then return HTTP error.
if set(form) - set(allowedVariables):
    print('Status: 406\n\n')
    raise SystemExit()

HTH
--
Miki Tebeka <miki.tebeka at gmail.com>
http://pythonwise.blogspot.com




More information about the Python-list mailing list