From 36b4d5978b9784a537abd371960cfe834655850e Mon Sep 17 00:00:00 2001 From: Olaf Alders Date: Wed, 6 Dec 2023 10:37:24 -0500 Subject: [PATCH 1/4] 2023-12-07 --- .../2023-12-07.pod} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename 2023/{incoming/html-xss-scrubbing-and-file-upload-validation-in-catalyst.pod => articles/2023-12-07.pod} (100%) diff --git a/2023/incoming/html-xss-scrubbing-and-file-upload-validation-in-catalyst.pod b/2023/articles/2023-12-07.pod similarity index 100% rename from 2023/incoming/html-xss-scrubbing-and-file-upload-validation-in-catalyst.pod rename to 2023/articles/2023-12-07.pod From b56d85db5697b0bc0d87869170718e248746e7af Mon Sep 17 00:00:00 2001 From: Olaf Alders Date: Wed, 6 Dec 2023 10:37:39 -0500 Subject: [PATCH 2/4] Remove placeholder file --- 2023/share/static/placeholder.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 2023/share/static/placeholder.txt diff --git a/2023/share/static/placeholder.txt b/2023/share/static/placeholder.txt deleted file mode 100644 index e69de29bb..000000000 From 875edb3cfe15ce93d330750ff664ff0659619d62 Mon Sep 17 00:00:00 2001 From: Olaf Alders Date: Wed, 6 Dec 2023 10:42:27 -0500 Subject: [PATCH 3/4] Fix "list regions must be pod (=begin :list)" --- 2023/articles/2023-12-07.pod | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/2023/articles/2023-12-07.pod b/2023/articles/2023-12-07.pod index 52202d913..58cc09432 100644 --- a/2023/articles/2023-12-07.pod +++ b/2023/articles/2023-12-07.pod @@ -7,11 +7,17 @@ Topic: Catalyst::Plugin::CheckFileUploadTypes At work, we needed to tighten up the security of our Catalyst-powered API, with two main requirements: -=for list -* Stripping HTML/XSS attempts from incoming parameters -* Validating that file uploads are expected and are the expected type +=over + +=item * + +Stripping HTML/XSS attempts from incoming parameters -=cut +=item * + +Validating that file uploads are expected and are the expected type + +=back =head2 Catalyst::Plugin::HTML::Scrubber From 0cf428f2bf05fd0eca8fe9a51f741f721301eaa7 Mon Sep 17 00:00:00 2001 From: Olaf Alders Date: Wed, 6 Dec 2023 10:43:04 -0500 Subject: [PATCH 4/4] Remove trailing whitespace --- 2023/articles/2023-12-07.pod | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/2023/articles/2023-12-07.pod b/2023/articles/2023-12-07.pod index 58cc09432..a49e53733 100644 --- a/2023/articles/2023-12-07.pod +++ b/2023/articles/2023-12-07.pod @@ -31,10 +31,10 @@ particular parameters from scrubbing, by name or regex match - and raised a pull request to share that upstream. Unfortunately, the original author doesn't seem to be active in the Perl community any more, and several attempts of contact failed - so I followed the usual steps to L, -approaching our friendly CPAN admins for help, obtained co-maint, and released +approaching our friendly CPAN admins for help, obtained co-maint, and released a new version. -Since then we added more - including recursive scrubbing of parameters within +Since then we added more - including recursive scrubbing of parameters within serialised POSTed/PUTted request bodies. =head2 Catalyst::Plugin::CheckFileUploadTypes @@ -58,10 +58,10 @@ actions to mark that they expect uploads, for instance: =begin perl use Catalyst qw(CheckFileUploadTypes); - + # Actions can declare that they expect to receive file uploads: sub upload_file : Local ExpectUploads { ... } - + # They can also specify that any uploaded files must be of expected types # (determined from file content by File::MMagic, not what the client said, # as they could lie to us) @@ -93,7 +93,7 @@ More options to provide more control over how unexpected uploads are handled =item Callbacks -Callbacks to fire for each uploaded file to perform additional checks on it - +Callbacks to fire for each uploaded file to perform additional checks on it - for example, running it through a virus checker, generating a hash and checking online services for matches, or other checks on the content of the file.