Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re: Untainting input to CGI::Application

by dragonchild (Archbishop)
on May 18, 2005 at 18:58 UTC ( #458397=note: print w/ replies, xml ) Need Help??


in reply to Untainting input to CGI::Application

CGI::Application is meant to be subclassed. This means that you're supposed to write a class that uses it as a starting point. When I write C::A apps, I actually have 2-3 levels of baseclasses. The first one is my global baseclass. It's my version of what C::A should do. This includes providing a print() method that dispatches between HTML::Template, Excel::Template, and PDF::Template. I see no reason why you shouldn't go ahead and provide a param()-type method in your global baseclass that will untaint the parameters as you need them. You could even link it with CGI::Untaint as so:

sub cgiapp_prerun { my $self = shift; $self->param( handler => CGI::Untaint->new( $self->query->Vars ) ) +; return $self->SUPER::prerun( @_ ); } sub extract { my $self = shift; my ($method, $name) = @_; my $handler = $self->param( 'taint_handler' ); return $handler->extract( $method => $name ); }
Now, your calls to $self->extract() are wrappers around CGI::Untaint's extract(). Done.

  • In general, if you think something isn't in Perl, try it out, because it usually is. :-)
  • "What is the sound of Perl? Is it not the sound of a wall that people have stopped banging their heads against?"


Comment on Re: Untainting input to CGI::Application
Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://458397]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (14)
As of 2015-07-07 18:03 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (93 votes), past polls