Please vote here.
% if ($msg) {Hint: <% $msg %>
% } <%init> my $allcandidates; my $status; my $msg; my $confirm; $allcandidates = retrieveCandidates(); $confirm = 0; ($status, $msg) = sanitize_user_input(\%ARGS); if ($status) { # User input is valid # Now search and insert the vote as necessary $ARGS{'ip'} = $r->connection->remote_ip(); $status = insert_voter_result(\%ARGS); if ($status) { $confirm = 1; } } # Sanitize user input sub sanitize_user_input { my ($args) = (@_); my ($minid, $maxid, $maxchoice); my $candidates; $minid = 1; $maxid = 8; $maxchoice = 7; if ($args->{action} ne 'Vote') { return (0, ""); # hackers } # check name, email address and comment if (!$args->{name}) { return (0, "Please provide your name"); } my $pat; $pat = '-_a-zA-Z. 0-9'; if ($args->{name} !~ /^[$pat]+$/) { $args->{name} =~ s/[^$pat]+//g; return (0, "Please limit your name to English letters, underscore (_), hypthen (-), spaces, digits and dot (.). \n"); } if (!$args->{email}) { return (0, "Please provide your email address"); } $pat = '-_a-zA-z.0-9@'; if ($args->{email} !~ /^[$pat]+$/) { $args->{email} =~ s/[^$pat]+//g; return (0, "Please limit your email to English letters, underscore (_), hyphen (-), digits, @ and dot (.).\n"); } $args->{email} =~ tr/A-Z/a-z/; if (!check_email_in_list($args->{email})) { return (0, "Sorry, your email address is not in our mailing list. Please join our mailing list first.\n"); } # Check voting code $pat = '0-9a-zA-Z'; if ($args->{code} !~ /^[$pat]+$/) { $args->{code} =~ s/[^$pat]+//g; return (0, "Invalid voting code. Please request one sent to your email address first.\n"); } $args->{code} =~ tr/A-Z/a-z/; if (!check_vote_code_for_email($args->{code}, $args->{email})) { return (0, "Invalid voting code. Please request one sent to your email address first.\n"); } $pat = '-_a-zA-Z.,0-9@ ?'; if ($args->{comment} and $args->{comment} !~ /^([$pat]+|\s+)*$/) { $args->{comment} =~ s/[^$pat]+//g; return (0, "Please limit your comment to English letters, underscore (_), hyphen (-), comma, spaces, digits, question mark (?), @ and dot (.).\n"); } my $maxcomment = 5000; if (length($args->{comment}) > $maxcomment) { return (0, "Please limit your comment to $maxcomment characters.\n"); } $candidates = $args->{candidate}; if (!$candidates) { return (0, "Please choose at least one candidate\n"); } my $count = 0; if (ref($args->{candidate}) eq 'ARRAY') { foreach my $c (@$candidates) { if ($c !~ /^\d+$/) { return (0, ""); # hackers } if ($c<$minid or $c>$maxid) { return (0, ""); # hackers } $count++; } } if ($count > $maxchoice) { return (0, "Please choose at most $maxchoice candidates\n"); } return (1, ""); } % # vim: filetype=mason