From: Thomas Hochstein Date: Mon, 2 Sep 2013 06:51:45 +0000 (+0200) Subject: Check for invalid newsgroup names. X-Git-Tag: 0.01~1^2~4^2 X-Git-Url: https://code.th-h.de/?p=usenet%2Fnewsstats.git;a=commitdiff_plain;h=c30822b48b896836735cee5144cbfa3c3703001d;hp=-c Check for invalid newsgroup names. Add check to SQLGroupList() and act on it in groupstats.pl. Issue #12. Signed-off-by: Thomas Hochstein --- c30822b48b896836735cee5144cbfa3c3703001d diff --git a/NewsStats.pm b/NewsStats.pm index bfcb37b..fd4843b 100644 --- a/NewsStats.pm +++ b/NewsStats.pm @@ -574,6 +574,7 @@ sub SQLGroupList { my ($Newsgroups) = @_; # substitute '*' wildcard with SQL wildcard character '%' $Newsgroups =~ s/\*/%/g; + return (undef,undef) if !CheckValidNewsgroups($Newsgroups); # just one newsgroup? return (SQLGroupWildcard($Newsgroups),$Newsgroups) if $Newsgroups !~ /:/; # list of newsgroups separated by ':' @@ -595,7 +596,6 @@ sub SQLGroupWildcard { ### (group.name or group.name.%) ### OUT: SQL code to become part of a 'WHERE' clause my ($Newsgroup) = @_; - # FIXME: check for validity if ($Newsgroup !~ /%/) { return 'newsgroup = ?'; } else { @@ -698,6 +698,19 @@ sub SQLBuildClause { return $SQLClause; }; +#####--------------------------- Verifications ----------------------------##### + +################################################################################ +sub CheckValidNewsgroups { +################################################################################ +### syntax check of newgroup list +### IN : $Newsgroups: list of newsgroups (group.one.*:group.two:group.three.*) +### OUT: boolean + my ($Newsgroups) = @_; + my $InvalidCharRegExp = ',; '; + return ($Newsgroups =~ /[$InvalidCharRegExp]/) ? 0 : 1; +}; + #####------------------------------- done ---------------------------------##### 1; diff --git a/groupstats.pl b/groupstats.pl index 14d19c6..8b93559 100755 --- a/groupstats.pl +++ b/groupstats.pl @@ -99,8 +99,13 @@ my ($CaptionPeriod,$SQLWherePeriod) = &GetTimePeriod($OptMonth); "please use 'YYYY-MM', 'YYYY-MM:YYYY-MM' or 'ALL'!") if !$CaptionPeriod; # get list of newsgroups and set expression for SQL 'WHERE' clause # with placeholders as well as a list of newsgroup to bind to them -my ($SQLWhereNewsgroups,@SQLBindNewsgroups) = &SQLGroupList($OptNewsgroups) - if $OptNewsgroups;; +my ($SQLWhereNewsgroups,@SQLBindNewsgroups); +if ($OptNewsgroups) { + ($SQLWhereNewsgroups,@SQLBindNewsgroups) = &SQLGroupList($OptNewsgroups); + # bail out if --newsgroups is invalid + &Bleat(2,"--newsgroups option has an invalid format!") + if !$SQLWhereNewsgroups; +} ### build SQL WHERE clause (and HAVING clause, if needed) my ($SQLWhereClause,$SQLHavingClause); @@ -193,8 +198,8 @@ if ($OptBoundType and $OptBoundType ne 'default') { $DBQuery = $DBHandle->prepare(sprintf('SELECT %s FROM %s.%s %s %s %s', $SQLSelect, $Conf{'DBDatabase'},$Conf{'DBTableGrps'}, - $SQLWhereClause,$SQLGroupClause,$ - SQLOrderClause)); + $SQLWhereClause,$SQLGroupClause, + $SQLOrderClause)); # execute query $DBQuery->execute(@SQLBindNewsgroups)