File Coverage

line	stmt	bran	sub	pod	time	code
1						package CGI::ValidOp::Check::sql;
2	1		1		6	use strict;
	1				2
	1				42
3	1		1		5	use warnings;
	1				2
	1				41
4
5	1		1		6	use base qw/ CGI::ValidOp::Check /;
	1				10
	1				478
6
7						sub default {
8						(
9	8		8	1	41	qr\|^[\w\s\.:\[\]_\^\*/%+<>=~!@#&\\|`\?\$,;'"-]+$\|,
10						q{Only letters, numbers, and the following punctuation are allowed for $label: . : [ ] _ ^ * / % + - <> = ~ ! @ # & \| ` ? $ ( ) , ; ' "},
11						)
12						}
13
14						sub safer {
15	10		10	1	17	my $self = shift;
16						sub {
17	10		10		28	my( $value ) = @_;
18
19	10				27	my $error = _safer( $value );
20	10	100			44	return $self->fail( $error )
21						if $error;
22
23	4	100			23	return $self->fail( "SELECT statement not allowed for \$label" )
24						if $value =~ /select/i;
25	1				4	$value =~ /^(.*)$/s;
26	1				8	return $self->pass( $1 );
27						}
28	10				64	}
29
30						sub safer_select {
31	1		1	1	3	my $self = shift;
32						sub {
33	1		1		5	my( $value ) = @_;
34
35	1				5	my $error = _safer( $value );
36	1	50			4	return $self->fail( $error )
37						if $error;
38
39	1				5	$value =~ /^(.*)$/s;
40	1				6	return $self->pass( $1 );
41						}
42	1				9	}
43
44						sub _safer {
45	11		11		24	my( $value ) = @_;
46
47	11	100			42	return "Semicolons not allowed for \$label"
48						if $value =~ /[;]/;
49	10	100			29	return "Dashes not allowed for \$label"
50						if $value =~ /[-]/;
51	9	100			29	return "DELETE statement not allowed for \$label"
52						if $value =~ /delete/i;
53	8	100			26	return "DROP statement not allowed for \$label"
54						if $value =~ /drop/i;
55	7	100			25	return "UPDATE statement not allowed for \$label"
56						if $value =~ /update/i;
57	6	100			22	return "INTO statement not allowed for \$label"
58						if $value =~ /into/i;
59	5				13	return;
60						}
61
62						1;
63
64						__END__