Thanks for that Ron, lots to check out! So basically your using CGI::Untaint to do basic validation (ie int,hex,text) and untainting, while Brannigan handles the more specific validation depending on requirements.
2011/6/16 Ron Savage <[email protected]> > Hi Robert > > On Wed, 2011-06-15 at 14:40 +0200, Robert Mills wrote: > > Hi everyone, > > I remember reading about Brannigan on these lists a while back so thought > I > > would give it try. > > I mentioned it. Don't know if anyone else is using it. > > > Seems simple enough, and fast too. I was using CGI::Formbuilder before > but > > it seems overkill. > > > > My query is about untainting input. Use case is for a simple web app I am > > developing with the classic admin style add/edit subs for each applicable > > module. User input is validated and then added to a db. > > CGI::Untaint looks good but then I get confused as there will be overlap > > between the modules with regards to validation. > > > > How do you normally handle this. Do I really need to untaint if all input > is > > checked anyway? > > There's plenty of sample code on CPAN, in App::Office::CMS > (lib/App/Office/CMS/Util/Validator.pm) and Business::Cart::Generic > (lib/Business/Cart/Generic/Util/Validator.pm). > > It all looks like: > > sub validate_page > { > my($self) = @_; > > $self -> log(debug => 'validate_page()'); > > my($handler) = CGI::Untaint -> new(map{$_ => $self -> query -> > param($_)} $self -> query -> param); > my($data) = {}; > > my($key); > > for $key (qw/action asset_type_id/) > { > $$data{$key} = $handler -> extract(-as_integer => $key); > } > > for $key (qw/sid/) > { > $$data{$key} = $handler -> extract(-as_hex => $key); > } > > for $key (qw/homepage name new_name submit_add_menu > submit_delete_page > submit_extend_menu_left submit_extend_menu_right > submit_extend_submenu_down submit_extend_submenu_up submit_update_page/) > { > $$data{$key} = $handler -> extract(-as_printable => $key); > } > > my($validator) = Brannigan -> new > ({ > name => 'validate_page', > params => > { > action => > { > required => 1, > value_between => [1, 7], > }, > asset_type_id => # Template type. > { > required => 1, > value_between => [1, 2], > }, > homepage => # 'Yes' or ''. > { > default => 'No', > length_between => [0, 3], > required => 0, > }, > name => # Page name. > { > length_between => [1, 255], > required => 1, > }, > new_name => # New page name for duplication. > { > length_between => [1, 255], > required => 0, > }, > sid => > { > exact_length => 32, > required => 1, > }, > submit_child => # 'Add page as a child of the current page'. > { > exact_length => 39, > required => 0, > }, > submit_delete_page => # 'Delete current page'. > { > exact_length => 19, > required => 0, > }, > submit_sibling_above => # 'Add page as a sibling above the > current > page'. > { > exact_length => 44, > required => 0, > }, > submit_sibling_below => # 'Add page as a sibling below the > current > page'. > { > exact_length => 44, > required => 0, > }, > submit_update_page => # 'Save'. > { > exact_length => 4, > required => 0, > }, > }, > }); > > return $validator -> process('validate_page', $data); > > } # End of validate_page. > > -- > Ron Savage > http://savage.net.au/ > Ph: 0421 920 622 > > > ##### CGI::Application community mailing list ################ > ## ## > ## To unsubscribe, or change your message delivery options, ## > ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## > ## ## > ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## > ## Wiki: http://cgiapp.erlbaum.net/ ## > ## ## > ################################################################ > > ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################
