ghettofinger has asked for the wisdom of the Perl Monks concerning the following question:

Hello everyone,

I have put together quite a few pages using CGI and HTML::Template and I really like it. It works. When I took the little perl knowledge that I had and comined it with Ovid's CGI Course I felt that I had a simple and secure application. I am trying to expand my sites and add more functionality so I have decided to start using CGI::Application. This is a realy cool module and fun to use. I have an issue though. I am not sure how I can untaint input from users. Take the following for example:

sub login{ my $self = shift; my ($nick, $pass) = @_; my $session = $self->param('session'); if(defined $nick and defined $pass){ if($nick eq $pass){ #REPLACE THIS WITH A REAL CHECK!!!! #DO STUFF }else{ #DO OTHER THINGS } }

I have been using CGI::Untaint when I was using just CGI, but now that I am modularizing the site, I am not sure how to go about this. Should I be looking to "$self" and asking for $nick and $pass and then untaint them? Is there a better way to do this now the I am using CGI::Application?

My thanks to all,