Merge branch 'thh-checkinput' into next

[usenet/newsstats.git] / NewsStats.pm

diff --git a/NewsStats.pm b/NewsStats.pm
index bfcb37b..fd4843b 100644 (file)
--- a/NewsStats.pm
+++ b/NewsStats.pm
@@ -574,6 +574,7 @@ sub SQLGroupList {
   my ($Newsgroups) = @_;
   # substitute '*' wildcard with SQL wildcard character '%'
   $Newsgroups =~ s/\*/%/g;
+  return (undef,undef) if !CheckValidNewsgroups($Newsgroups);
   # just one newsgroup?
   return (SQLGroupWildcard($Newsgroups),$Newsgroups) if $Newsgroups !~ /:/;
   # list of newsgroups separated by ':'
@@ -595,7 +596,6 @@ sub SQLGroupWildcard {
 ###                  (group.name or group.name.%)
 ### OUT: SQL code to become part of a 'WHERE' clause
   my ($Newsgroup) = @_;
-  # FIXME: check for validity
   if ($Newsgroup !~ /%/) {
     return 'newsgroup = ?';
   } else {
@@ -698,6 +698,19 @@ sub SQLBuildClause {
   return $SQLClause;
 };
 
+#####--------------------------- Verifications ----------------------------#####
+
+################################################################################
+sub CheckValidNewsgroups {
+################################################################################
+### syntax check of newgroup list
+### IN : $Newsgroups: list of newsgroups (group.one.*:group.two:group.three.*)
+### OUT: boolean
+  my ($Newsgroups) = @_;
+  my $InvalidCharRegExp = ',; ';
+  return ($Newsgroups =~ /[$InvalidCharRegExp]/) ? 0 : 1;
+};
+
 
 #####------------------------------- done ---------------------------------#####
 1;