The way I'd solve this is to explicitly catch an unknown mode via:
my $self = shift;
$self->run_modes(
# default
'index' => 'index',
# user's tag cloud
'tag_cloud' => 'tag_cloud',
'edit_tags' => 'edit_tags',
'tag_find' => 'tag_find',
..
# called on unknown mode.
'AUTOLOAD' => 'unknown_mode',
);
In your unknown mode you can then handle it as you wish - without echoing the mode back to the client and potentially allowing an XSS attack.
My own method is generally:
sub unknown_mode
{
my ( $self, $requested ) = (@_);
my $q = $self->query();
my $session = $self->param('session');
my $username = $session->param('logged_in');
$requested = HTML::Entities::encode_entities($requested);
if ( defined($username) && length($username) )
{
return "<p>unknown mode '$requested' for logged in user $usern
+ame</p>";
}
else
{
return "<p>Unknown mode '$requested' for anonymous user.</p>";
}
}
Obviously the username section is specific to the sites I design .. but the idea of handling the unknown mode yourself should be simple enough to understand?
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|