--- /dev/null
+package CGI::Untaint::Maypole;
+
+use strict;
+use warnings;
+our $VERSION = '0.01';
+use base 'CGI::Untaint';
+use Carp;
+
+=head1 NAME
+
+CGI::Untaint::Maypole - CGI::Untaint but it returns a "No input for '$field'\n" error for fields left blank on a web form.
+
+=head1 SYNOPSIS
+
+ if ($h->error =~ /No input for/) {
+ # caught empty input now handle it
+ }
+
+ See CGI::Untaint.
+
+=head1 DESCRIPTION
+
+Instead of passing the empty string to the untaint handlers, which
+do not like it or updating them all, it seemed better
+to have CGI::Untaint catch the field left blank exception. So it does.
+This should be ok I see no point untainting an empty string. But i am open to suggestions and other patches.
+
+=cut
+
+
+# offending method ripped from base and patched
+sub _do_extract {
+ my $self = shift;
+
+ my %param = @_;
+
+ #----------------------------------------------------------------------
+ # Make sure we have a valid data handler
+ #----------------------------------------------------------------------
+ my @as = grep /^-as_/, keys %param;
+ croak "No data handler type specified" unless @as;
+ croak "Multiple data handler types specified" unless @as == 1;
+
+ my $field = delete $param{ $as[0] };
+ my $skip_valid = $as[0] =~ s/^(-as_)like_/$1/;
+ my $module = $self->_load_module($as[0]);
+
+ #----------------------------------------------------------------------
+ # Do we have a sensible value? Check the default untaint for this
+ # type of variable, unless one is passed.
+ #----------------------------------------------------------------------
+
+ ################# PETER'S PATCH #####################
+ my $raw = $self->{__data}->{$field} ;
+ die "No parameter for '$field'\n" if !defined($raw);
+ die "No input for '$field'\n" if $raw eq '';
+ #####################################################
+
+
+ # 'False' values get returned as themselves with no warnings.
+ # return $self->{__lastval} unless $self->{__lastval};
+
+ my $handler = $module->_new($self, $raw);
+
+ my $clean = eval { $handler->_untaint };
+ if ($@) { # Give sensible death message
+ die "$field ($raw) does not untaint with default pattern\n"
+ if $@ =~ /^Died at/;
+ die $@;
+ }
+
+ #----------------------------------------------------------------------
+ # Are we doing a validation check?
+ #----------------------------------------------------------------------
+ unless ($skip_valid) {
+ if (my $ref = $handler->can('is_valid')) {
+ die "$field ($raw) does not pass the is_valid() check\n"
+ unless $handler->$ref();
+ }
+ }
+
+ return $handler->untainted;
+}
+
+=head1 BUGS
+
+None known yet.
+
+=head1 SEE ALSO
+
+L<CGI>. L<perlsec>. L<CGI::Untaint>.
+
+=head1 AUTHOR
+
+Peter Speltz but most code was ripped from CGI::Untaint.
+
+=head1 BUGS and QUERIES
+
+Please direct all correspondence regarding this module to:
+ peterspeltz@cafes.net or bug-CGI-UntaintPatched@rt.cpan.org
+
+=head1 COPYRIGHT and LICENSE
+
+Copyright (C) 2005 Peter Speltz. All rights reserved.
+
+This module is free software; you can redistribute it and/or modify
+it under the same terms as Perl itself.
+
+=cut
+
+1;
projects / maypole.git / commitdiff