| Subject: | Errors not set on false values, items returned |
Consider:
package CGI::Untaint::twodigit;
use base qw(CGI::Untaint::object);
sub _untaint_re { return qr/^\s*([0-9]{2})\s*$/ }
1;
Now consider these tests:
#!/usr/bin/perl -w
use strict;
use Test::More tests => 2;
unextractable("","twodigit","0 digit");
unextractable("0","twodigit","1 digit zero");
Both of these fail because of this line in the source:
# 'False' values get returned as themselves with no warnings.
return $self->{value} unless $self->{value};
In all other places CGI::Untaint->extract returns an empty list when it can't extract something (this is useful, it allows you to tell returning of undef and returning due to failure apart) and sets an error condition. This does neither, it simply 'approves' all false values without running them through the untaint