Skip Menu |

This queue is for tickets about the CGI-Untaint CPAN distribution.

Report information
The Basics
Id: 4627
Status: resolved
Priority: 0/
Queue: CGI-Untaint
People
Owner: Nobody in particular
Requestors: mark [...] twoshortplanks.com
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 1.00
Fixed in: (no value)

History Show all quoted text
  Wed Dec 10 10:23:55 2003 Guest - Ticket created
Subject: Unable to untaint false values
I can't untaint false values. This means that this doesn't work: #!/usr/bin/perl use strict; use warnings; use CGI::Untaint; my $untaint = CGI::Untaint->new(foo => "0"); my $bar = $untaint->extract(-as_printable => "foo"); print "'$bar'\n"; (it prints '' not '0') The problem is in CGI::Untaint::object, where you;re testing the value rather than testing it's definedness 64c64 < unless ($self->value and $self->value =~ $self->_untaint_re) { --- Show quoted text
> unless (defined($self->value) and $self->value =~ $self->_untaint_re) {
  Mon Dec 27 09:18:55 2004 TMTM [...] cpan.org - Status changed from 'new' to 'resolved'
  Mon Dec 27 09:18:55 2004 TMTM [...] cpan.org - Correspondence added
Show quoted text
> I can't untaint false values.... > The problem is in CGI::Untaint::object, where you;re > testing the value rather than testing it's definedness > 64c64 > < unless ($self->value and $self->value =~ $self->_untaint_re) {
Actually, the real problem was in sub value where I set the new value back into the object if it passed as an argument. |- $self->{_clean} = shift if @_; |+ $self->{_clean} = shift if defined $_[0]; (the variables are different because I've refactored this since the last live CPAN release, but this is the basic problem) I'm not sure I've ever come across this particular version of the true vs defined bug before... There are a whole series of new releases today. This fix will be in 1.24. Tony