Skip Menu |

This queue is for tickets about the Data-FormValidator CPAN distribution.

Maintainer(s)' notes

This is the bug queue for Data::FormValidator.

Report information
The Basics
Id: 17190
Status: resolved
Priority: 0/
Queue: Data-FormValidator
People
Owner: Nobody in particular
Requestors: william [...] knowmad.com
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in:
  • 3.59
  • 3.63
  • 4.12
Fixed in: (no value)

History Show all quoted text
  Fri Jan 20 16:20:46 2006 Guest - Ticket created
Subject: Side effects of untaint_all_constraints
When using the (now deprecated) constraints key with the following format: 'password' => { 'constraint' => sub { my ($pw1, $pw2) = @_; return 0 unless $pw1 eq $pw2; return 1; }, 'params' => [ qw( password password2 ) ], }, If untaint_all_constraints is set, the return 0 will be interpretted as a true value and the constraint will always pass. Turning off untaint_all_constraints or returning undef will allow the subroutine to work. We haven't tried this with the newer contraint_method key but this behavior is consistent with 3.59, 3.63 and 4.12. William
  Fri Jan 20 17:11:13 2006 mark [...] summersault.com - Correspondence added
Subject: Re: [rt.cpan.org #17190] Side effects of untaint_all_constraints
Date: Fri, 20 Jan 2006 17:10:21 -0500
To: Guest via RT <bug-Data-FormValidator [...] rt.cpan.org>
From: Mark Stosberg <mark [...] summersault.com>
On Fri, Jan 20, 2006 at 04:20:46PM -0500, Guest via RT wrote: Show quoted text
> > When using the (now deprecated) constraints key with the following format: > > 'password' => { > 'constraint' => sub { my ($pw1, $pw2) = @_; return 0 unless $pw1 > eq $pw2; return 1; }, > 'params' => [ qw( password password2 ) ], > }, > > If untaint_all_constraints is set, the return 0 will be interpretted as > a true value and the constraint will always pass. Turning off > untaint_all_constraints or returning undef will allow the subroutine to > work. > > We haven't tried this with the newer contraint_method key but this > behavior is consistent with 3.59, 3.63 and 4.12.
William, I don't see the bug. Untainting implies returning possibly altered values from constraints. "0" is a possibly altered value, and therefore valid. I believe this is desired behavior. If you still feel there's a bug, a simple Test::More test would clarify it for me. Thanks, Mark
  Fri Jan 20 17:11:13 2006 The RT System itself - Status changed from 'new' to 'open'
  Fri Jan 20 18:24:39 2006 william [...] knowmad.com - Correspondence added
Subject: Re: [rt.cpan.org #17190] Side effects of untaint_all_constraints
Date: Fri, 20 Jan 2006 18:23:47 -0500
To: "mark [...] summersault.com via RT" <bug-Data-FormValidator [...] rt.cpan.org>
From: William McKee <william [...] knowmad.com>
On Fri, Jan 20, 2006 at 05:11:14PM -0500, mark@summersault.com via RT wrote: Show quoted text
> I don't see the bug. Untainting implies returning possibly altered > values from constraints. "0" is a possibly altered value, and therefore > valid. > > I believe this is desired behavior.
That could very well be; I need to think on it some more. It just threw us for a loop today when we copied the identical profile from one project to another until we noticed that the default profile was setting the untaint feature. Show quoted text
> If you still feel there's a bug, a simple Test::More test would clarify > it for me.
If, after I think about it, I still think it's a bug, I'll do that. I was mostly just wanting to note the behavior. Thanks for your prompt response, William -- Knowmad Services Inc. http://www.knowmad.com
  Thu Feb 09 21:34:11 2006 MARKSTOS [...] cpan.org - Status changed from 'open' to 'resolved'