Hi Robert
On Wed, 2011-06-15 at 14:40 +0200, Robert Mills wrote:
> Hi everyone,
> I remember reading about Brannigan on these lists a while back so thought I
> would give it try.
I mentioned it. Don't know if anyone else is using it.
> Seems simple enough, and fast too. I was using CGI::Formbuilder before but
> it seems overkill.
>
> My query is about untainting input. Use case is for a simple web app I am
> developing with the classic admin style add/edit subs for each applicable
> module. User input is validated and then added to a db.
> CGI::Untaint looks good but then I get confused as there will be overlap
> between the modules with regards to validation.
>
> How do you normally handle this. Do I really need to untaint if all input is
> checked anyway?
There's plenty of sample code on CPAN, in App::Office::CMS
(lib/App/Office/CMS/Util/Validator.pm) and Business::Cart::Generic
(lib/Business/Cart/Generic/Util/Validator.pm).
It all looks like:
sub validate_page
{
my($self) = @_;
$self -> log(debug => 'validate_page()');
my($handler) = CGI::Untaint -> new(map{$_ => $self -> query ->
param($_)} $self -> query -> param);
my($data) = {};
my($key);
for $key (qw/action asset_type_id/)
{
$$data{$key} = $handler -> extract(-as_integer => $key);
}
for $key (qw/sid/)
{
$$data{$key} = $handler -> extract(-as_hex => $key);
}
for $key (qw/homepage name new_name submit_add_menu submit_delete_page
submit_extend_menu_left submit_extend_menu_right
submit_extend_submenu_down submit_extend_submenu_up submit_update_page/)
{
$$data{$key} = $handler -> extract(-as_printable => $key);
}
my($validator) = Brannigan -> new
({
name => 'validate_page',
params =>
{
action =>
{
required => 1,
value_between => [1, 7],
},
asset_type_id => # Template type.
{
required => 1,
value_between => [1, 2],
},
homepage => # 'Yes' or ''.
{
default => 'No',
length_between => [0, 3],
required => 0,
},
name => # Page name.
{
length_between => [1, 255],
required => 1,
},
new_name => # New page name for duplication.
{
length_between => [1, 255],
required => 0,
},
sid =>
{
exact_length => 32,
required => 1,
},
submit_child => # 'Add page as a child of the current page'.
{
exact_length => 39,
required => 0,
},
submit_delete_page => # 'Delete current page'.
{
exact_length => 19,
required => 0,
},
submit_sibling_above => # 'Add page as a sibling above the
current
page'.
{
exact_length => 44,
required => 0,
},
submit_sibling_below => # 'Add page as a sibling below the
current
page'.
{
exact_length => 44,
required => 0,
},
submit_update_page => # 'Save'.
{
exact_length => 4,
required => 0,
},
},
});
return $validator -> process('validate_page', $data);
} # End of validate_page.
--
Ron Savage
http://savage.net.au/
Ph: 0421 920 622
##### CGI::Application community mailing list ################
## ##
## To unsubscribe, or change your message delivery options, ##
## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ##
## ##
## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ##
## Wiki: http://cgiapp.erlbaum.net/ ##
## ##
################################################################
