After you run check_rm you'll want to use items from $res->valid to put into the DB to get the untainted entries.
See perldoc Data::FormValidator for the correct syntax. Cheers ======================================================================== ===== Fred Kleindenst [EMAIL PROTECTED] Internet Platforms 310.302.3801 -----Original Message----- From: Wojciech Pietron [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2003 3:41 AM To: [EMAIL PROTECTED] Subject: [cgiapp] Untaiting in C::A::ValidateRM Hi, I have my script running in taint mode. I found CGI::Application::ValidateRM module very useful and tried to take advantage of it and its untaiting capabilities. Here is a simple example: ============================================================== use CGI::Application::ValidateRM; # [...] $profile = {required => 'USER', constraint => { 'USER' => 'login' }, untaint_constraint_fields => [qw|USER|], validator_packages => [qw|My::Constraints|] # with match_login definition }; my ($res, $err_page) = $self->check_rm('login', $profile); # My match_login looks like: sub match_login { my $login = shift; if ($login =~ /^([\d\w]{3,10})$/) { return $1; } else { return undef; } } ============================================================== Validation is successful. After that I try to execute DBI fetch procedure with binding variables: $res = $dbh->selectall_arrayref($sth, {}, $self->query->param('USER')); And script complains, that $self->query->param('USER') is tainted. Why? I will appreciate any help. Best regards, Wojciech Pietron --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
