I have two questions:
1) If I have a.cgi which posts to b.cgi, what is the best way to untaint? I have been using this:
param('firstname') =~ /^([a-zA-Z]+)$/;
my $u_firstname = $1;
param('lastname') =~ /^([a-zA-Z]+)$/;
my $u_lastname = $1;
But I see that lastname could have been bogus, in which case I will have u_lastname be the same as u_firstname, when I'd prefer to let the user know what they entered was bogus.
2) If I have 3 cgi's. a posts to b and b posts to c, how can I make a's params available to c?