Hi Robert On Wed, 2011-06-15 at 14:40 +0200, Robert Mills wrote: > Hi everyone, > I remember reading about Brannigan on these lists a while back so thought I > would give it try.
I mentioned it. Don't know if anyone else is using it. > Seems simple enough, and fast too. I was using CGI::Formbuilder before but > it seems overkill. > > My query is about untainting input. Use case is for a simple web app I am > developing with the classic admin style add/edit subs for each applicable > module. User input is validated and then added to a db. > CGI::Untaint looks good but then I get confused as there will be overlap > between the modules with regards to validation. > > How do you normally handle this. Do I really need to untaint if all input is > checked anyway? There's plenty of sample code on CPAN, in App::Office::CMS (lib/App/Office/CMS/Util/Validator.pm) and Business::Cart::Generic (lib/Business/Cart/Generic/Util/Validator.pm). It all looks like: sub validate_page { my($self) = @_; $self -> log(debug => 'validate_page()'); my($handler) = CGI::Untaint -> new(map{$_ => $self -> query -> param($_)} $self -> query -> param); my($data) = {}; my($key); for $key (qw/action asset_type_id/) { $$data{$key} = $handler -> extract(-as_integer => $key); } for $key (qw/sid/) { $$data{$key} = $handler -> extract(-as_hex => $key); } for $key (qw/homepage name new_name submit_add_menu submit_delete_page submit_extend_menu_left submit_extend_menu_right submit_extend_submenu_down submit_extend_submenu_up submit_update_page/) { $$data{$key} = $handler -> extract(-as_printable => $key); } my($validator) = Brannigan -> new ({ name => 'validate_page', params => { action => { required => 1, value_between => [1, 7], }, asset_type_id => # Template type. { required => 1, value_between => [1, 2], }, homepage => # 'Yes' or ''. { default => 'No', length_between => [0, 3], required => 0, }, name => # Page name. { length_between => [1, 255], required => 1, }, new_name => # New page name for duplication. { length_between => [1, 255], required => 0, }, sid => { exact_length => 32, required => 1, }, submit_child => # 'Add page as a child of the current page'. { exact_length => 39, required => 0, }, submit_delete_page => # 'Delete current page'. { exact_length => 19, required => 0, }, submit_sibling_above => # 'Add page as a sibling above the current page'. { exact_length => 44, required => 0, }, submit_sibling_below => # 'Add page as a sibling below the current page'. { exact_length => 44, required => 0, }, submit_update_page => # 'Save'. { exact_length => 4, required => 0, }, }, }); return $validator -> process('validate_page', $data); } # End of validate_page. -- Ron Savage http://savage.net.au/ Ph: 0421 920 622 ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################