X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=lib%2FCGI%2FUntaint%2FMaypole.pm;h=d5eab497aaac8eaedf2d074f134b82f12cfc2aaa;hb=213b0e139beb727fa7ef1ba757b41a00cf8437f7;hp=2320a9966467ef9b77ba0e99aeb296914dc7a099;hpb=9c9e81bbde5461ee964c5a129a4ef241463624f3;p=maypole.git diff --git a/lib/CGI/Untaint/Maypole.pm b/lib/CGI/Untaint/Maypole.pm index 2320a99..d5eab49 100644 --- a/lib/CGI/Untaint/Maypole.pm +++ b/lib/CGI/Untaint/Maypole.pm @@ -6,27 +6,48 @@ our $VERSION = '0.01'; use base 'CGI::Untaint'; use Carp; -=head1 NAME +=head1 NAME -CGI::Untaint::Maypole - CGI::Untaint but it returns a "No input for '$field'\n" error for fields left blank on a web form. +CGI::Untaint::Maypole - Use instead of CGI::Untaint. Based on CGI::Untaint =head1 SYNOPSIS + use CGI::Untaint::Maypole; + my $h = CGI::Untaint::Maypole->new($params); + $value = $h->extract(-as_printable => 'name); + if ($h->error =~ /No input for/) { - # caught empty input now handle it + # caught empty input now handle it + .... + } + if ($h->raw_data->{$field} eq $object->$field) { + # Raw data same as database data. Perhaps we should not update field + ... } - - See CGI::Untaint. =head1 DESCRIPTION -Instead of passing the empty string to the untaint handlers, which -do not like it or updating them all, it seemed better -to have CGI::Untaint catch the field left blank exception. So it does. -This should be ok I see no point untainting an empty string. But i am open to suggestions and other patches. +This patches some issues I have with CGI::Untaint. You still need it installed +and you install handlers the same. + +1) Instead of passing the empty string to the untaint handlers and relying on +them to handle it to everyone's liking, it seems better +to have CGI::Untaint just say "No input for field" if the field is blank. + +2) It adds the method C to the get back the parameters the handler +was created with. =cut +=head2 raw_data + +Returns the parameters the handler was created with as a hashref + +=cut + +sub raw_data { + return shift->{__data}; +} # offending method ripped from base and patched sub _do_extract { @@ -57,14 +78,11 @@ sub _do_extract { ##################################################### - # 'False' values get returned as themselves with no warnings. - # return $self->{__lastval} unless $self->{__lastval}; - my $handler = $module->_new($self, $raw); my $clean = eval { $handler->_untaint }; if ($@) { # Give sensible death message - die "$field ($raw) does not untaint with default pattern\n" + die "$field ($raw) is in invalid format.\n" if $@ =~ /^Died at/; die $@; } @@ -74,8 +92,8 @@ sub _do_extract { #---------------------------------------------------------------------- unless ($skip_valid) { if (my $ref = $handler->can('is_valid')) { - die "$field ($raw) does not pass the is_valid() check\n" - unless $handler->$ref(); + die "$field ($raw) is in invalid format.\n" + unless $handler->is_valid; } } @@ -88,20 +106,20 @@ None known yet. =head1 SEE ALSO -L. L. L. +L. L. =head1 AUTHOR -Peter Speltz but most code was ripped from CGI::Untaint. +Peter Speltz. =head1 BUGS and QUERIES Please direct all correspondence regarding this module to: - peterspeltz@cafes.net or bug-CGI-UntaintPatched@rt.cpan.org + bug-Maypole@rt.cpan.org =head1 COPYRIGHT and LICENSE -Copyright (C) 2005 Peter Speltz. All rights reserved. +Copyright (C) 2006 Peter Speltz. All rights reserved. This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.