Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Ovid (2709)

Ovid
  (email not shown publicly)
http://publius-ovidius.livejournal.com/
AOL IM: ovidperl (Add Buddy, Send Message)

Stuff with the Perl Foundation. A couple of patches in the Perl core. A few CPAN modules. That about sums it up.

Journal of Ovid (2709)

Saturday April 22, 2006
07:35 PM

Class::CGI::DateTime

[ #29412 ]

I should have Class::CGI::DateTime uploaded tomorrow. It was really simple to write. Here's the bulk of it:

package Class::CGI::DateTime;

use strict;
use warnings;
use DateTime;

sub new {
    my ( $class, $cgi, $param ) = @_;

    my $args = $cgi->args($param);
    my @params = $args ? @$args : qw(day month year);
    if ( 'date' ne $param ) {
        @params = map {"$param.$_"} @params;
    }

    # original param name and param value (yuck)
    my %args = map { /([[:word:]]+)$/; $1, $cgi->raw_param($_) } @params;

    # untaint them puppies
    while ( my ( $arg, $value ) = each %args ) {
        if ( 'time_zone' eq $arg ) {
            $value =~ /^(floating|local|\+\d+|[[:word:]]+\/[[:word:]]+)$/;
            $args{$arg} = $1;
        }
        else {
            $value =~ /^(\d+)$/;
            $args{$arg} = $1;
        }
    }
    return DateTime->new(%args);
}

1;

How many times do you see folks writing date handling code where they don't bother to untaint it? I see it quite a bit. The validation, by the way, is left to DateTime. It appears to return error messages more suitable for programmers than end users, though.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.