1 package CGI::Untaint::Maypole;
6 use base 'CGI::Untaint';
11 CGI::Untaint::Maypole - Use instead of CGI::Untaint. Based on CGI::Untaint
15 use CGI::Untaint::Maypole;
16 my $h = CGI::Untaint::Maypole->new($params);
17 $value = $h->extract(-as_printable => 'name);
19 if ($h->error =~ /No input for/) {
20 # caught empty input now handle it
23 if ($h->raw_data->{$field} eq $object->$field) {
24 # Raw data same as database data. Perhaps we should not update field
30 This patches some issues I have with CGI::Untaint. You still need it installed
31 and you install handlers the same.
33 1) Instead of passing the empty string to the untaint handlers and relying on
34 them to handle it to everyone's liking, it seems better
35 to have CGI::Untaint just say "No input for field" if the field is blank.
37 2) It adds the method C<raw_data> to the get back the parameters the handler
44 return shift->{__data};
47 # offending method ripped from base and patched
53 #----------------------------------------------------------------------
54 # Make sure we have a valid data handler
55 #----------------------------------------------------------------------
56 my @as = grep /^-as_/, keys %param;
57 croak "No data handler type specified" unless @as;
58 croak "Multiple data handler types specified" unless @as == 1;
60 my $field = delete $param{ $as[0] };
61 my $skip_valid = $as[0] =~ s/^(-as_)like_/$1/;
62 my $module = $self->_load_module($as[0]);
64 #----------------------------------------------------------------------
65 # Do we have a sensible value? Check the default untaint for this
66 # type of variable, unless one is passed.
67 #----------------------------------------------------------------------
69 ################# PETER'S PATCH #####################
70 my $raw = $self->{__data}->{$field} ;
71 die "No parameter for '$field'\n" if !defined($raw);
72 die "No input for '$field'\n" if $raw eq '';
73 #####################################################
76 my $handler = $module->_new($self, $raw);
78 my $clean = eval { $handler->_untaint };
79 if ($@) { # Give sensible death message
80 die "$field ($raw) is in invalid format.\n"
85 #----------------------------------------------------------------------
86 # Are we doing a validation check?
87 #----------------------------------------------------------------------
88 unless ($skip_valid) {
89 if (my $ref = $handler->can('is_valid')) {
90 die "$field ($raw) is in invalid format.\n"
91 unless $handler->is_valid;
95 return $handler->untainted;
104 L<perlsec>. L<CGI::Untaint>.
110 =head1 BUGS and QUERIES
112 Please direct all correspondence regarding this module to:
113 bug-Maypole@rt.cpan.org
115 =head1 COPYRIGHT and LICENSE
117 Copyright (C) 2006 Peter Speltz. All rights reserved.
119 This module is free software; you can redistribute it and/or modify
120 it under the same terms as Perl itself.