Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

tmtm (2563)

  (email not shown publicly)

Journal of tmtm (2563)

Sunday December 16, 2001
03:38 PM

Untainting dates

[ #1679 ]

One of my personal bugbears is web forms which make you jump through lots of hoops to enter dates - particularly the ones which make you guess what those hoops are.

So, for a client job recently which needed a date field, I wrote a 'date' plugin for CGI::Untaint which used Date::Manip to parse the date in whichever format you entered it ("2001-12-12", "12th December", "last Monday", "third tuesday in March", etc.) and then feed it to Date::Simple, so we'd end up with a standard format (with a nicely overloaded stringification for easy entry straight into a database - through Class::DBI, of course). [with credit to Simon Burns for the original idea].

The client loved it. Everything seemed great. I uploaded the module to CPAN.

Then I installed it on one my own sites, and everything fell over. Because ironically, the resulting value wasn't taint safe!

It turns out that Date::Manip isn't taint safe at all, doing lots of shell-type things to work out your timezone.

This puzzled me for quite some time. And then yesterday I had a brainwave. Recalling Damian's diary entry on locally replacing subs, I threw in a:
  local *Date::Manip::Date_TimeZone = sub { 'GMT' };
and everything was rosy again! (We only need dates, not times, so this shouldn't even cause any problems anywhere...)

Which got me to wondering about how to ensure that all my test suites work in a taint clean manner. Although make test can handle the -T option on the shebang line, running the test manually with perl -Ilib gives us the old Too late for "-T" option error.

I really need to read up on all the deep magic I can do with ExtUtils::MakeMaker to see if there's some nice way of adding something in there ...



All I need to do, of course, is perl -TIlib.

Of course, I still want to read up more on the magic of MakeMaker ...

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.