From: Thomas Hochstein Date: Mon, 2 Sep 2013 10:59:45 +0000 (+0200) Subject: Merge branch 'thh-checkinput' into next X-Git-Tag: 0.01~1^2~4 X-Git-Url: https://code.th-h.de/?p=usenet%2Fnewsstats.git;a=commitdiff_plain;h=5cfcb1c0610d925a14cc01e45de4af1b36d1b637;hp=439c85a28071a8b44b1710926e471399a71cfd1c Merge branch 'thh-checkinput' into next * thh-checkinput: Check for invalid newsgroup names. --- diff --git a/NewsStats.pm b/NewsStats.pm index bfcb37b..fd4843b 100644 --- a/NewsStats.pm +++ b/NewsStats.pm @@ -574,6 +574,7 @@ sub SQLGroupList { my ($Newsgroups) = @_; # substitute '*' wildcard with SQL wildcard character '%' $Newsgroups =~ s/\*/%/g; + return (undef,undef) if !CheckValidNewsgroups($Newsgroups); # just one newsgroup? return (SQLGroupWildcard($Newsgroups),$Newsgroups) if $Newsgroups !~ /:/; # list of newsgroups separated by ':' @@ -595,7 +596,6 @@ sub SQLGroupWildcard { ### (group.name or group.name.%) ### OUT: SQL code to become part of a 'WHERE' clause my ($Newsgroup) = @_; - # FIXME: check for validity if ($Newsgroup !~ /%/) { return 'newsgroup = ?'; } else { @@ -698,6 +698,19 @@ sub SQLBuildClause { return $SQLClause; }; +#####--------------------------- Verifications ----------------------------##### + +################################################################################ +sub CheckValidNewsgroups { +################################################################################ +### syntax check of newgroup list +### IN : $Newsgroups: list of newsgroups (group.one.*:group.two:group.three.*) +### OUT: boolean + my ($Newsgroups) = @_; + my $InvalidCharRegExp = ',; '; + return ($Newsgroups =~ /[$InvalidCharRegExp]/) ? 0 : 1; +}; + #####------------------------------- done ---------------------------------##### 1; diff --git a/groupstats.pl b/groupstats.pl index f0e4278..a6e54ba 100755 --- a/groupstats.pl +++ b/groupstats.pl @@ -100,8 +100,13 @@ my ($CaptionPeriod,$SQLWherePeriod) = &GetTimePeriod($OptMonth); "please use 'YYYY-MM', 'YYYY-MM:YYYY-MM' or 'ALL'!") if !$CaptionPeriod; # get list of newsgroups and set expression for SQL 'WHERE' clause # with placeholders as well as a list of newsgroup to bind to them -my ($SQLWhereNewsgroups,@SQLBindNewsgroups) = &SQLGroupList($OptNewsgroups) - if $OptNewsgroups;; +my ($SQLWhereNewsgroups,@SQLBindNewsgroups); +if ($OptNewsgroups) { + ($SQLWhereNewsgroups,@SQLBindNewsgroups) = &SQLGroupList($OptNewsgroups); + # bail out if --newsgroups is invalid + &Bleat(2,"--newsgroups option has an invalid format!") + if !$SQLWhereNewsgroups; +} ### build SQL WHERE clause (and HAVING clause, if needed) my ($SQLWhereClause,$SQLHavingClause); @@ -194,8 +199,8 @@ if ($OptBoundType and $OptBoundType ne 'default') { $DBQuery = $DBHandle->prepare(sprintf('SELECT %s FROM %s.%s %s %s %s', $SQLSelect, $Conf{'DBDatabase'},$Conf{'DBTableGrps'}, - $SQLWhereClause,$SQLGroupClause,$ - SQLOrderClause)); + $SQLWhereClause,$SQLGroupClause, + $SQLOrderClause)); # execute query $DBQuery->execute(@SQLBindNewsgroups)