use base 'CGI::Untaint';
use Carp;
-=head1 NAME
+=head1 NAME
-CGI::Untaint::Maypole - CGI::Untaint but it returns a "No input for '$field'\n" error for fields left blank on a web form.
+CGI::Untaint::Maypole - Use instead of CGI::Untaint. Based on CGI::Untaint
=head1 SYNOPSIS
+ use CGI::Untaint::Maypole;
+ my $h = CGI::Untaint::Maypole->new($params);
+ $value = $h->extract(-as_printable => 'name);
+
if ($h->error =~ /No input for/) {
- # caught empty input now handle it
+ # caught empty input now handle it
+ ....
+ }
+ if ($h->raw_data->{$field} eq $object->$field) {
+ # Raw data same as database data. Perhaps we should not update field
+ ...
}
-
- See CGI::Untaint.
=head1 DESCRIPTION
-Instead of passing the empty string to the untaint handlers, which
-do not like it or updating them all, it seemed better
-to have CGI::Untaint catch the field left blank exception. So it does.
-This should be ok I see no point untainting an empty string. But i am open to suggestions and other patches.
+This patches some issues I have with CGI::Untaint. You still need it installed
+and you install handlers the same.
+
+1) Instead of passing the empty string to the untaint handlers and relying on
+them to handle it to everyone's liking, it seems better
+to have CGI::Untaint just say "No input for field" if the field is blank.
+
+2) It adds the method C<raw_data> to the get back the parameters the handler
+was created with.
=cut
+=head2 raw_data
+
+Returns the parameters the handler was created with as a hashref
+
+=cut
+
+sub raw_data {
+ return shift->{__data};
+}
# offending method ripped from base and patched
sub _do_extract {
#####################################################
- # 'False' values get returned as themselves with no warnings.
- # return $self->{__lastval} unless $self->{__lastval};
-
my $handler = $module->_new($self, $raw);
my $clean = eval { $handler->_untaint };
if ($@) { # Give sensible death message
- die "$field ($raw) does not untaint with default pattern\n"
+ die "$field ($raw) is in invalid format.\n"
if $@ =~ /^Died at/;
die $@;
}
#----------------------------------------------------------------------
unless ($skip_valid) {
if (my $ref = $handler->can('is_valid')) {
- die "$field ($raw) does not pass the is_valid() check\n"
- unless $handler->$ref();
+ die "$field ($raw) is in invalid format.\n"
+ unless $handler->is_valid;
}
}
=head1 SEE ALSO
-L<CGI>. L<perlsec>. L<CGI::Untaint>.
+L<perlsec>. L<CGI::Untaint>.
=head1 AUTHOR
-Peter Speltz but most code was ripped from CGI::Untaint.
+Peter Speltz.
=head1 BUGS and QUERIES
Please direct all correspondence regarding this module to:
- peterspeltz@cafes.net or bug-CGI-UntaintPatched@rt.cpan.org
+ bug-Maypole@rt.cpan.org
=head1 COPYRIGHT and LICENSE
-Copyright (C) 2005 Peter Speltz. All rights reserved.
+Copyright (C) 2006 Peter Speltz. All rights reserved.
This module is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.
projects / maypole.git / blobdiff