Skip Menu |

This queue is for tickets about the Class-DBI-FromCGI CPAN distribution.

Report information
The Basics
Id: 11798
Status: open
Priority: 0/
Queue: Class-DBI-FromCGI
People
Owner: Nobody in particular
Requestors: mreece [...] sacbee.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Mon Mar 07 18:00:39 2005 Guest - Ticket created
Subject: cgi_update_errors from empty field of untaint type printable
this is related to a possible bug in CGI::Untaint, where errors are given for empty values. see http://rt.cpan.org/NoAuth/Bug.html?id=11796 % cat test2.pl #!/usr/bin/perl package TestObj; use base 'Class::DBI::FromCGI'; sub create { "create called with @_" } sub untaint_type { 'printable' } package TestApp; use CGI::Untaint; my %params = ( foo => 'bar', baz => ''); my $h = CGI::Untaint->new( %params ); my $o = TestObj->create_from_cgi($h => { all => [ qw/foo baz/ ] }); my %errors = $o->cgi_update_errors; use Data::Dumper; print Dumper \%errors; % perl test2.pl $VAR1 = { 'baz' => 'baz () does not untaint with default pattern' }; (create, of course, is never called if there are cgi_update_errors) imo, errors on empty strings should only matter if the field is 'required'
  Wed May 04 17:00:23 2005 Guest - Correspondence added
From: finlay [...] scoop.co.nz
[guest - Mon Mar 7 18:00:39 2005]: I ran into this problem too, and have applied a patch: http://qaix.com/perl-web-programming/248-214-re-re-fromcgi-warnings-for-non-required-values-read.shtml --- FromCGI.orig.pm 2005-03-16 11:02:37.000000000 -0500 +++ FromCGI.pm 2005-03-16 11:08:19.000000000 -0500 @@ -214,7 +214,8 @@ $them->{_cgi_update_error}->{$field} = "You must supply '$field'" } elsif ($err) { $them->{_cgi_update_error}->{$field} = $err - unless $err =~ /^No parameter for/; + unless ( $err =~ /^No parameter for/ || + $err =~ /\(\) does not untaint with default pattern/ ); } else { $fields->{$field} = $value } This has fixed the problem for me, however, it maybe nicer to have the error fixed in CGI::Untaint. Show quoted text
> this is related to a possible bug in CGI::Untaint, where errors are > given for empty values. see > http://rt.cpan.org/NoAuth/Bug.html?id=11796 > > % cat test2.pl > #!/usr/bin/perl > > package TestObj; > use base 'Class::DBI::FromCGI'; > sub create { "create called with @_" } > sub untaint_type { 'printable' } > > package TestApp; > use CGI::Untaint; > > my %params = ( foo => 'bar', baz => ''); > > my $h = CGI::Untaint->new( %params ); > my $o = TestObj->create_from_cgi($h => { all => [ qw/foo baz/ ] }); > > my %errors = $o->cgi_update_errors; > use Data::Dumper; print Dumper \%errors; > > > % perl test2.pl > $VAR1 = { > 'baz' => 'baz () does not untaint with default pattern' > }; > > (create, of course, is never called if there are cgi_update_errors) > > imo, errors on empty strings should only matter if the field is > 'required' > >
  Tue May 23 06:28:58 2006 Guest - Correspondence added
Subject: yellow pages main<a href='http://www.dirare.com'
From: http://www.dirare.com
<a href='http://www.yahoo.com'></a>Welcome! http://www.dirare.com/India/ <a href='http://www.dirare.com'>business yellowpages</a>. <a href="http://www.dirare.com ">international directory</a>: About DIRare, Search in Business Category, Yellowpages search. Also [url]http://www.dirare.com/China/[/url] and [link=http://www.dirare.com]companies of the world[/link] from yellow pages .
  Tue May 23 06:29:04 2006 The RT System itself - Status changed from 'new' to 'open'
  Tue May 23 06:29:07 2006 Guest - Correspondence added
Subject: online directory main<a href='http://www.dirare.com'
From: http://www.dirare.com
hello! http://www.dirare.com/Sweden/ online directory. About DIRare, Search in Business Category, Yellowpages search. From online directory .