Loop through a dict changing keys

[Gnarlodious]

On Oct 16, 5:25 pm, Steven D'Aprano <steve
+comp.lang.pyt... at pearwood.info> wrote:

> How do you sanitize user input?
Thanks for your concern. This is what I now have, which merely expands
each value into its usable type (unquotes them):

# filter each value
try:
   var=int(var)
except ValueError:
   if var in ('False', 'True'):
      var=eval(var) # extract booleans
   else:
      var=cgi.escape(var)

This is really no filtering at all, since all CGI variables are
written to a dictionary without checking. However, if there is no
receiver for the value I should be safe, right?

I am also trapping some input at mod_wsgi, like php query strings. And
that IP address gets quarantined. If you can suggest what attack words
to block I'll thank you for it.

I also have a system to reject variables that are not in a list, but
waiting to see what the logfiles show before deploying it.

-- Gnarlie
http://Gnarlodious.com