[cgiapp] Forms - Brannigan and CGI::Untaint
Robert Mills
rjlmills at gmail.com
Thu Jun 16 08:07:24 EDT 2011
Thanks for that Ron, lots to check out!
So basically your using CGI::Untaint to do basic validation (ie
int,hex,text) and untainting, while Brannigan handles the more specific
validation depending on requirements.
2011/6/16 Ron Savage <ron at savage.net.au>
> Hi Robert
>
> On Wed, 2011-06-15 at 14:40 +0200, Robert Mills wrote:
> > Hi everyone,
> > I remember reading about Brannigan on these lists a while back so thought
> I
> > would give it try.
>
> I mentioned it. Don't know if anyone else is using it.
>
> > Seems simple enough, and fast too. I was using CGI::Formbuilder before
> but
> > it seems overkill.
> >
> > My query is about untainting input. Use case is for a simple web app I am
> > developing with the classic admin style add/edit subs for each applicable
> > module. User input is validated and then added to a db.
> > CGI::Untaint looks good but then I get confused as there will be overlap
> > between the modules with regards to validation.
> >
> > How do you normally handle this. Do I really need to untaint if all input
> is
> > checked anyway?
>
> There's plenty of sample code on CPAN, in App::Office::CMS
> (lib/App/Office/CMS/Util/Validator.pm) and Business::Cart::Generic
> (lib/Business/Cart/Generic/Util/Validator.pm).
>
> It all looks like:
>
> sub validate_page
> {
> my($self) = @_;
>
> $self -> log(debug => 'validate_page()');
>
> my($handler) = CGI::Untaint -> new(map{$_ => $self -> query ->
> param($_)} $self -> query -> param);
> my($data) = {};
>
> my($key);
>
> for $key (qw/action asset_type_id/)
> {
> $$data{$key} = $handler -> extract(-as_integer => $key);
> }
>
> for $key (qw/sid/)
> {
> $$data{$key} = $handler -> extract(-as_hex => $key);
> }
>
> for $key (qw/homepage name new_name submit_add_menu
> submit_delete_page
> submit_extend_menu_left submit_extend_menu_right
> submit_extend_submenu_down submit_extend_submenu_up submit_update_page/)
> {
> $$data{$key} = $handler -> extract(-as_printable => $key);
> }
>
> my($validator) = Brannigan -> new
> ({
> name => 'validate_page',
> params =>
> {
> action =>
> {
> required => 1,
> value_between => [1, 7],
> },
> asset_type_id => # Template type.
> {
> required => 1,
> value_between => [1, 2],
> },
> homepage => # 'Yes' or ''.
> {
> default => 'No',
> length_between => [0, 3],
> required => 0,
> },
> name => # Page name.
> {
> length_between => [1, 255],
> required => 1,
> },
> new_name => # New page name for duplication.
> {
> length_between => [1, 255],
> required => 0,
> },
> sid =>
> {
> exact_length => 32,
> required => 1,
> },
> submit_child => # 'Add page as a child of the current page'.
> {
> exact_length => 39,
> required => 0,
> },
> submit_delete_page => # 'Delete current page'.
> {
> exact_length => 19,
> required => 0,
> },
> submit_sibling_above => # 'Add page as a sibling above the
> current
> page'.
> {
> exact_length => 44,
> required => 0,
> },
> submit_sibling_below => # 'Add page as a sibling below the
> current
> page'.
> {
> exact_length => 44,
> required => 0,
> },
> submit_update_page => # 'Save'.
> {
> exact_length => 4,
> required => 0,
> },
> },
> });
>
> return $validator -> process('validate_page', $data);
>
> } # End of validate_page.
>
> --
> Ron Savage
> http://savage.net.au/
> Ph: 0421 920 622
>
>
> ##### CGI::Application community mailing list ################
> ## ##
> ## To unsubscribe, or change your message delivery options, ##
> ## visit: http://lists.openlib.org/mailman/listinfo/cgiapp ##
> ## ##
> ## Web archive: http://lists.openlib.org/pipermail/cgiapp/ ##
> ## Wiki: http://cgiapp.erlbaum.net/ ##
> ## ##
> ################################################################
>
>
More information about the cgiapp
mailing list