| Subject: | _untaint_re for integers allows unicode digits |
I think most people don't expect or want string "\N{THAI DIGIT
FOUR}\N{DEVANAGARI DIGIT TWO}" to pass test for integer. Attached patch
fixes the problem.
| Subject: | fix_re.patch |
diff --git a/lib/CGI/Untaint/integer.pm b/lib/CGI/Untaint/integer.pm
index ff514e4..55c2eb3 100644
--- a/lib/CGI/Untaint/integer.pm
+++ b/lib/CGI/Untaint/integer.pm
@@ -2,7 +2,7 @@ package CGI::Untaint::integer;
use strict;
use base 'CGI::Untaint::object';
-sub _untaint_re { qr/^([+-]?\d+)$/ }
+sub _untaint_re { qr/^([+-]?[0-9]+)$/ }
=head1 NAME
diff --git a/t/01.t b/t/01.t
index 5390610..c6a8c57 100644
--- a/t/01.t
+++ b/t/01.t
@@ -1,10 +1,11 @@
#!/usr/bin/perl -w
-use Test::More tests => 24;
+use Test::More tests => 26;
use strict;
use CGI;
use CGI::Untaint;
+use charnames ':full';
my $data = {
name => "Tony Bowden",
@@ -38,11 +39,15 @@ my %type = (
{
local $data->{hex} = "a15g";
+ local $data->{42} = "\N{THAI DIGIT FOUR}\N{DEVANAGARI DIGIT TWO}";
my $q = CGI->new($data);
ok my $h = CGI::Untaint->new($q->Vars), "Create the handler";
my $hex = $h->extract(-as_hex => 'hex');
ok !$hex, "Invalid hex";
like $h->error, qr/does not untaint with default pattern/, $h->error;
+ my $int = $h->extract(-as_integer => '42');
+ ok !$int, "Invalid integer";
+ like $h->error, qr/does not untaint with default pattern/, "Correct error message";
}
{