Skip Menu |

This queue is for tickets about the Data-FormValidator CPAN distribution.

Maintainer(s)' notes

This is the bug queue for Data::FormValidator.

Report information
The Basics
Id: 45593
Status: resolved
Priority: 0/
Queue: Data-FormValidator
People
Owner: MARKSTOS [...] cpan.org
Requestors: KAPPA [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 4.63
Fixed in: (no value)

History Show all quoted text
  Thu Apr 30 08:34:44 2009 KAPPA [...] cpan.org - Ticket created
Subject: 0(zero) is true when returned from custom subs in contraint_methods
This combination doesn't work as expected: constraint_methods => { signcode => sub { $is_signcode_valid }, }, }, untaint_all_constraints => 1, If $is_signcode_valid contrains zero it still is interpreted as true when untainting is requested. This code in Data/FormValidator/Results.pm is at fault: sub _constraint_check_match { ... # We need to make this distinction when untainting, # to allow untainting values that are defined but not true, # such as zero. my $success; if (defined $match) { $success = ($untaint_this) ? length $match : $match; } ... length(0) is obviously true. I don't really understand the intention so I don't know what's the right way to fix it.
  Thu Apr 30 09:03:09 2009 mark [...] summersault.com - Correspondence added
Subject: Re: [rt.cpan.org #45593] 0(zero) is true when returned from custom subs in contraint_methods
Date: Thu, 30 Apr 2009 09:02:46 -0400
To: bug-Data-FormValidator [...] rt.cpan.org
From: Mark Stosberg <mark [...] summersault.com>
Show quoted text
> This combination doesn't work as expected: > > constraint_methods => { > signcode => sub { $is_signcode_valid }, > }, > }, > untaint_all_constraints => 1, > > If $is_signcode_valid contrains zero it still is interpreted as true > when untainting is requested. > > This code in Data/FormValidator/Results.pm is at fault: > > sub _constraint_check_match { > ... > # We need to make this distinction when untainting, > # to allow untainting values that are defined but not true, > # such as zero. > my $success; > if (defined $match) { > $success = ($untaint_this) ? length $match : $match; > } > ... > > length(0) is obviously true. I don't really understand the intention so > I don't know what's the right way to fix it.
Constraints which untaint and those which don't need to be written differntly. Or at least they used to. We added a helper method to make it easier to write constraints which work with and without untainting. Just use the documented helper method in your custom constraint: http://search.cpan.org/~markstos/Data-FormValidator-4.63/lib/Data/FormValidator/Constraints.pm#untainted_constraint_value() Mark -- . . . . . . . . . . . . . . . . . . . . . . . . . . . Mark Stosberg Principal Developer mark@summersault.com Summersault, LLC 765-939-9301 ext 202 database driven websites . . . . . http://www.summersault.com/ . . . . . . . .
  Thu Apr 30 09:03:09 2009 The RT System itself - Status changed from 'new' to 'open'
  Tue Jun 23 15:55:24 2009 MARKSTOS [...] cpan.org - Taken
  Tue Jun 23 15:55:33 2009 MARKSTOS [...] cpan.org - Status changed from 'open' to 'resolved'