vitalif
/
bugzilla-4intranet
mirror of https://github.com/vitalif/bugzilla-4intranet
1
0
Fork 0
Code Issues Releases Wiki Activity
bugzilla-4intranet/Bugzilla/WebService/Util.pm

135 lines
4.0 KiB
Perl
Raw Blame History

# -*- Mode: perl; indent-tabs-mode: nil -*-
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Bugzilla Bug Tracking System.
#
# The Initial Developer of the Original Code is Everything Solved, Inc.
# Portions created by the Initial Developer are Copyright (C) 2008
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
# Max Kanat-Alexander <mkanat@bugzilla.org>
package Bugzilla::WebService::Util;
use strict;
use base qw(Exporter);
# We have to "require", not "use" this, because otherwise it tries to
# use features of Test::More during import().
require Test::Taint;
our @EXPORT_OK = qw(
filter
taint_data
validate
);
sub filter ($$) {
my ($params, $hash) = @_;
my %newhash = %$hash;
my %include = map { $_ => 1 } @{ $params->{'include_fields'} || [] };
my %exclude = map { $_ => 1 } @{ $params->{'exclude_fields'} || [] };
foreach my $key (keys %$hash) {
if (defined $params->{include_fields}) {
delete $newhash{$key} if !$include{$key};
}
if (defined $params->{exclude_fields}) {
delete $newhash{$key} if $exclude{$key};
}
}
return \%newhash;
}
sub taint_data {
my $params = shift;
return if !$params;
# Though this is a private function, it hasn't changed since 2004 and
# should be safe to use, and prevents us from having to write it ourselves
# or require another module to do it.
Test::Taint::_deeply_traverse(\&_delete_bad_keys, $params);
Test::Taint::taint_deeply($params);
}
sub _delete_bad_keys {
foreach my $item (@_) {
next if ref $item ne 'HASH';
foreach my $key (keys %$item) {
# Making something a hash key always untaints it, in Perl.
# However, we need to validate our argument names in some way.
# We know that all hash keys passed in to the WebService will
# match \w+, so we delete any key that doesn't match that.
if ($key !~ /^\w+$/) {
delete $item->{$key};
}
}
}
return @_;
}
sub validate {
my ($self, $params, @keys) = @_;
# If @keys is not empty then we convert any named
# parameters that have scalar values to arrayrefs
# that match.
foreach my $key (@keys) {
if (exists $params->{$key}) {
$params->{$key} = ref $params->{$key}
? $params->{$key}
: [ $params->{$key} ];
}
}
return ($self, $params);
}
__END__
=head1 NAME
Bugzilla::WebService::Util - Utility functions used inside of the WebService
code. These are B<not> functions that can be called via the WebService.
=head1 DESCRIPTION
This is somewhat like L<Bugzilla::Util>, but these functions are only used
internally in the WebService code.
=head1 SYNOPSIS
filter({ include_fields => ['id', 'name'],
exclude_fields => ['name'] }, $hash);
validate(@_, 'ids');
=head1 METHODS
=over
=item C<filter_fields>
This helps implement the C<include_fields> and C<exclude_fields> arguments
of WebService methods. Given a hash (the second argument to this subroutine),
this will remove any keys that are I<not> in C<include_fields> and then remove
any keys that I<are> in C<exclude_fields>.
=item C<validate>
This helps in the validation of parameters passed into the WebSerice
methods. Currently it converts listed parameters into an array reference
if the client only passed a single scalar value. It modifies the parameters
hash in place so other parameters should be unaltered.
=back
Reference in New Issue View Git Blame Copy Permalink