CGI input: Filter dict.update() unwanted variables
Miki Tebeka
miki.tebeka at gmail.com
Mon Aug 22 11:39:47 EDT 2011
> Is there an easy way to limit updates to
> ONLY variables in the allowedVariables dict?
allowedVariables = ['eeny', 'meeny', 'miny', 'mo']
form = cgi.FieldStorage()
safe_input = dict((key, form.getvalue(key)) for key in allowedVariables)
> And in addition, maybe return an error so the attacker can be blocked?
You can check if there is a "non-allowed variable" and then return HTTP error.
if set(form) - set(allowedVariables):
print('Status: 406\n\n')
raise SystemExit()
HTH
--
Miki Tebeka <miki.tebeka at gmail.com>
http://pythonwise.blogspot.com
More information about the Python-list
mailing list