Hello everyone,
I have put together quite a few pages using CGI and HTML::Template and I really like it. It works. When I took the little perl knowledge that I had and comined it with Ovid's CGI Course I felt that I had a simple and secure application. I am trying to expand my sites and add more functionality so I have decided to start using CGI::Application. This is a realy cool module and fun to use. I have an issue though. I am not sure how I can untaint input from users. Take the following for example:
sub login{
my $self = shift;
my ($nick, $pass) = @_;
my $session = $self->param('session');
if(defined $nick and defined $pass){
if($nick eq $pass){
#REPLACE THIS WITH A REAL CHECK!!!!
#DO STUFF
}else{
#DO OTHER THINGS
}
}
I have been using CGI::Untaint when I was using just CGI, but now that I am modularizing the site, I am not sure how to go about this. Should I be looking to "$self" and asking for $nick and $pass and then untaint them? Is there a better way to do this now the I am using CGI::Application?
My thanks to all,
ghettofinger