how to parse arguments

[Harald Meier]

Dear list members,
I am using Apache-2.0.50 and mod_perl-1.99_16.
I would like to know the most secure, best, and fastest way to parse 
arguments.
I tried libapreq, but got some strange errors, arguments stayed persistent 
from one request to the next and other strange things happened.

Now I am using the following function and I am happy with it,
but I dont think that it is really the best way to go.
Thanks for your help!
Harald.
$$g_hSession and $$g_hArgs are global hashrefs
#------------------------------------------------------------------------------------------------
sub untaintString
{
   $_[0] =~ tr/+/ /;
   $_[0] =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
   $_[0] =~ s/[\;\|\\ ]/ /ig;
   $_[0] =~ s/\r//g;
   $_[0] =~ s/\n/\r\n/g;
   $_[0] =~ s/{LF}/\n/g;
   $_[0] =~ s/'/´/g;
}
#------------------------------------------------------------------------------------------------
sub parseArgs
{
   my $hENV=$$g_hSession->{REQUEST}->subprocess_env;
   my $sParams;
   if    ($hENV->{REQUEST_METHOD} eq 'GET' )  { 
$sParams=$hENV->{QUERY_STRING};                  }
   elsif ($hENV->{REQUEST_METHOD} eq 'POST')  { read (STDIN, $sParams, 
$hENV->{CONTENT_LENGTH}); }
   else
   {
       logging($LOG_ERR, "error: invalid REQUEST_METHOD: 
[".$hENV->{REQUEST_METHOD}."]");
   }

   if ($sParams =~ /-{28,29}(\w+)/) 
# if multipart -> parse version number
   {
       my $sVerNum=$1;
       foreach my $sParam (split( /-{28,29}$sVerNum-*[\r]\n/g, $sParams )) 
# and split param string using version number
       {
           if ($sParam =~ /^.*; 
name=\"(.*)\"[\r]\n[\r]\n((.|\r|\n)*)[\r]\n/)                              # 
normal parameter -> add key/value pair to $$g_hArgs
           {
               untaintString($a=$1);
               untaintString($b=$2);
               $$g_hArgs->{$a}=$b;

           } else {
               if ($sParam =~ /^.*; name=\"(.*)\"; 
filename=\"(.*)\"[\r]\n.*[\r]\n[\r]\n((.|\r|\n)*)/)     # parameter is a 
file -> add key/value pair to $$g_hArgs
               {
                   $_=substr($2, rindex($2, '\\')+1);
                   untaintString($_);
                   $$g_hArgs->{$1}->{NAME}=$_; 
# parse file name
                   $$g_hArgs->{$1}->{CONTENT}=substr($3,0,length($3)-2); 
# parse file content
               }
           }
       }
   } else 
# if not multipart -> normal split param1=value1&param2=value2&...
   {
       map { ($a,$b)=split /=/; untaintString($a); untaintString($b); 
$$g_hArgs->{$a}=$b; } (split /&/, $sParams);
   }
}

1; 

--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html