Hello maypole users and developers,
I finally wrote a test script to show all the bugs with the FromCGI
and CGI::Untaint system.
I was not crazy after all.
I took my version of FromCGI and Untaint and made
Maypole::Model::CDBI::FromCGI
and CGI::Untaint::Maypole. The later is based on CGI::Untaint and the
former just takes all the necessary code to make a compatible
interface but also improved for Maypole ,
Ie you can say "$self->create_from_cgi($r) ; "FromCGI is not required anymore.
To see the tests pass and fail
1) get latest SVN trunk from svn.maypole.perl.org go into trunk.
2) delete t/beerdb.db
3) do the Makefile.PL, make make test.
Only pod coverage test should fail.
4) if you can make install then you can run "./t/crud.t" from trunk by
itself and see it in more detail.
5) To see erros in old FromCGI and Untaint, open up
Maypole::Model::CDBI comment out the "use
Maypole::Model::CDBI::FromCGI , etc lines and uncomment the lines
below those that use the buggy components..
Then run tests again.
The code is far from pretty but it passes all the tests.
CDBI::FromCGI and CGI::Untaint can not function together. One
fundamental problem is that Untaint does not take into account empty
fields. This kind of defeats the purpose of the simple FromCGI
wrapper with required and ignore. It would be possible to hack update
and create_from_cgi to work with CGI::Untaint if CGI::Untaint had
access to the raw data you created the handler with. Then you could
see what fields were empty before you extracted them and handle them
rather than extracting and getting an error. As it is we would be
stuck with having to preprocess data before passing to FromCGI .
Something like:
# lousy code to
# prep form input to make current FromCGI work
my $params = $r->params;
foreach (keys %$params) {
if ($params->{$_} eq '')
push @ignore, $_;
if ($required{$_}) { ... }
if ($updating and $obj->$_ ne undef and $obj->$_ ne '') { ... }
} elsif
...
}
...
Adding a wrapper around FromCGI to do that defeats the purpose i
think. Anywher I want to be able to do:
$self->update_from_cgi($r), # or old style
$self->create_from_cgi($r) ; # or old stylye
$self->add_to_from_cgi($r); # TODO
# ?? How would above work ??? LIKE this: if Brewery->has_many 'beers, then
$brewery->to_field('beers'); # get foreign inputs for beer
# submit form ... and then to process just do:
my ($beer) = $brewery->add_to_from_cgi($r);
my $errors = $beer->cgi_update_errors || $beer->drink;
.
Thats it. Its real simple. I'm gonna work on tests for that and examples soon.
Anyway, I'm happy with the API's for Untaint and FromCGI and its easy
to add custom handlers. And although its not pretty, the code i wrote
works. It seems ok for Maypole to have its own versions of these
optimized for Maypole apps. So unless someone wants to think of a
better system for maypole, I will go ahead with tests and
documentation of these. Thoughts?
cheers,
pjs
_______________________________________________
Maypole-users mailing list
Maypole-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/maypole-users
