While
CGI::Untaint would be good for untainting a mass of variables. It is basicaly more like data validation. To me after looking at
CGI::Untaint's documentation it bears a resemblance to a
very basic version of
Data::FormValidator and is obsoleted by it.
Data::FormValidator can be given a regex as a rule to check the input value of a form field. For example:
use strict;
use CGI;
use Data::FormValidator;
my $q = new CGI;
# hashref of data
my $UnsafeData = $q->Vars;
my $validator = new Data::FormValidator( "input_profiles.pl" );
my ( $valid, $missing, $invalid, $unknown ) = $validator->validate( $
+UnsafeData, "customer_infos" );
An example of input_profiles.pl taken from the documentation
{
customer_infos => {
optional =>
[ qw( company fax country password password_con
+firmation file_path) ],
required =>
[ qw( fullname phone email address) ],
required_regexp => '/city|state|zipcode/',
optional_regexp => '/_province$/',
constraints =>
{
file_path => '/([-\w.\/]*)/',
email => "email",
fax => "american_phone",
phone => "american_phone",
zipcode => '/^\s*\d{5}(?:[-]\d{4})?\s*$
+/',
state => "state",
},
constraint_regexp_map => {
'/_postcode$/' => 'postcode',
'/_province$/' => 'province,
},
dependency_groups => {
password_group => [qw/password password_confirm
+ation/]
}
defaults => {
country => "USA",
},
}
}
The data in $valid is now considered untainted and all unexpected fields are put in $unknown as an array ref. Read the documentation on
Data::FormValidator as this module will not only allow you to set the rules of the data coming in but also weed out the data that you don't want.
BMaximus
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.