NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

use Perl

All the Perl that's Practical to Extract and Report

1st Dec 2003 More | Login | Reply

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Without JavaScript enabled, you might want to use the classic discussion system instead. If you login, you can remember this preference.

what about multiple values? (Score:1)

by podmaster (3169)

Maybe i'm missing it, but they don't seem to be handled at all (which is a shortcoming) E:\>perl - 1=a 1=b 1=c 1=d use CGI qw[ param Vars ]; use CGI::Untaint; my $u = CGI::Untaint->new( Vars() ); print "$_\n" for $u->extract(-as_printable => 1); warn 1; print "$_\n" for param(1); __END__ 1 at - line 5. a b c d
- Re:what about multiple values? (Score:1)
  
  by podmaster (3169)
  
  *sigh* i really wish I hit preview a couple more times
  I was talking about the 1st, CGI::Untaint (obviously). I think it does hit the hammer, but not exactly on the head :)(face maybe, shoulder?)
- Re:what about multiple values? (Score:2)
  
  by 2shortplanks (968)
  
  Mutliple values do work, though it's not quite how you might expect. Since you're populating your instance of CGI::Untaint using CGI's Vars method, things that have multiple values are seperated by NUL (\0), as documented in the CGI perldoc.
  What I normally do in this situation is have my _untaint_re check that each of the things seperated by \0 match what I'm checking, and then have my is_valid do a quick
  
  $self->valid([split /\0/, $self->value]);
  - Re:what about multiple values? (Score:3, Informative)
    
    by 2shortplanks (968)
    
    $self->value([split /\0/, $self->value]);
    even.
    - Re:what about multiple values? (Score:2, Insightful)
      
      by podmaster (3169)
      
      Sure you could do that, but i don't think you should need to. I think CGI::Untaint could be more, you know, convenient :)
      - Re:what about multiple values? (Score:1)
        
        by tmtm (2563)
        
        Patches welcome :)
SEE ALSO: Data::FormValidator (Score:2, Informative)

by markjugg (792)

I think Data::FormValidator is also a very strong contender in this problem space. It handles multiple values, something podmaster brought up in another post. It also integrates with CGI.pm, Regexp::Common and is generally very powerful and flexible.

The current version includes a nice file upload validator as well.

http://search.cpan.org/perldoc?Data::FormValidator
http://mark.stosberg.com/d fv/

disclaimer: I maintain Data::FormValidator
- Re:SEE ALSO: Data::FormValidator (Score:1)
  
  by markjugg (792)
  
  I should have also mentioned it can do untainting in many cases as well.

Get More Comments

Reply

use Perl

All the Perl that's Practical to Extract and Report

Navigation

1st Dec 2003 8 Comments More | Login | Reply /

Please Log In to Continue

what about multiple values? (Score:1)

Re:what about multiple values? (Score:1)

Re:what about multiple values? (Score:2)

Re:what about multiple values? (Score:3, Informative)

Re:what about multiple values? (Score:2, Insightful)

Re:what about multiple values? (Score:1)

SEE ALSO: Data::FormValidator (Score:2, Informative)

Re:SEE ALSO: Data::FormValidator (Score:1)