Merge pull request #347 from perladvent/2023-12-07

2023 12 07
perladvent · Dec 6, 2023 · 37d70c8 · 37d70c8
2 parents e7c4b95 + 0cf428f
commit 37d70c8
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 9 deletions.
diff --git a/...nd-file-upload-validation-in-catalyst.pod → 2023/articles/2023-12-07.pod b/...nd-file-upload-validation-in-catalyst.pod → 2023/articles/2023-12-07.pod
@@ -7,11 +7,17 @@ Topic: Catalyst::Plugin::CheckFileUploadTypes
 At work, we needed to tighten up the security of our Catalyst-powered
 API, with two main requirements:
 
-=for list
-* Stripping HTML/XSS attempts from incoming parameters
-* Validating that file uploads are expected and are the expected type
+=over
+
+=item *
+
+Stripping HTML/XSS attempts from incoming parameters
+
+=item *
 
-=cut
+Validating that file uploads are expected and are the expected type
+
+=back
 
 =head2 Catalyst::Plugin::HTML::Scrubber
 
@@ -25,10 +31,10 @@ particular parameters from scrubbing, by name or regex match - and raised a pull
 request to share that upstream.  Unfortunately, the original author doesn't seem
 to be active in the Perl community any more, and several attempts of contact
 failed - so I followed the usual steps to L<adopt a module|https://neilb.org/2013/07/24/adopt-a-module.html>,
-approaching our friendly CPAN admins for help, obtained co-maint, and released 
+approaching our friendly CPAN admins for help, obtained co-maint, and released
 a new version.
 
-Since then we added more - including recursive scrubbing of parameters within 
+Since then we added more - including recursive scrubbing of parameters within
 serialised POSTed/PUTted request bodies.
 
 =head2 Catalyst::Plugin::CheckFileUploadTypes
@@ -52,10 +58,10 @@ actions to mark that they expect uploads, for instance:
 =begin perl
 
     use Catalyst qw(CheckFileUploadTypes);
-    
+
     # Actions can declare that they expect to receive file uploads:
     sub upload_file : Local ExpectUploads { ... }
-    
+
     # They can also specify that any uploaded files must be of expected types
     # (determined from file content by File::MMagic, not what the client said,
     # as they could lie to us)
@@ -87,7 +93,7 @@ More options to provide more control over how unexpected uploads are handled
 
 =item Callbacks
 
-Callbacks to fire for each uploaded file to perform additional checks on it - 
+Callbacks to fire for each uploaded file to perform additional checks on it -
 for example, running it through a virus checker, generating a hash and checking
 online services for matches, or other checks on the content of the file.
 

diff --git a/2023/share/static/placeholder.txt b/2023/share/static/placeholder.txt