Bug #8132 for CGI-Untaint-boolean: Empty fields do not return 0

Tue Oct 26 16:06:00 2004 Guest - Ticket created

Subject:

Empty fields do not return 0

Hi, According to the docs, $self->value should be set to 0 if the input i not 'on' but this never happens as the call to $self->value( $value eq 'on' ? 1 : 0 ) never has a chance to run unless $value is actually 'on'. The attached patch seems to give the correct behaviour but I'm getting an odd test failure in is_extractable where passing in '' returns '' when passing in '' later on returns 0. Or am I just doing something stupid ? Simon.

Only in CGI-Untaint-boolean-0.12: blib Only in CGI-Untaint-boolean-0.12: _build Only in CGI-Untaint-boolean-0.12: Build diff -ru CGI-Untaint-boolean-0.12.orig/lib/CGI/Untaint/boolean.pm CGI-Untaint-boolean-0.12/lib/CGI/Untaint/boolean.pm --- CGI-Untaint-boolean-0.12.orig/lib/CGI/Untaint/boolean.pm 2004-07-07 05:49:01.000000000 +0100 +++ CGI-Untaint-boolean-0.12/lib/CGI/Untaint/boolean.pm 2004-10-26 20:43:26.000000000 +0100 @@ -14,10 +14,17 @@ my $self = shift; my $value = $self->value(); - return unless $value and $value =~ $self->_untaint_re(); - - $self->value( $value eq 'on' ? 1 : 0 ); - return 1; + my $is_valid = 0; + if ($value) { + $is_valid++ if $value =~ $self->_untaint_re(); + }else{ + $is_valid++; #nothing or undef is valid + } + #return unless $value and $value =~ $self->_untaint_re(); + + $self->value( $value eq 'on' ? 1 : 0 ); + + return $is_valid; } 1; diff -ru CGI-Untaint-boolean-0.12.orig/t/boolean.t CGI-Untaint-boolean-0.12/t/boolean.t --- CGI-Untaint-boolean-0.12.orig/t/boolean.t 2004-07-07 05:49:01.000000000 +0100 +++ CGI-Untaint-boolean-0.12/t/boolean.t 2004-10-26 20:48:35.000000000 +0100 @@ -9,7 +9,7 @@ use strict; use Scalar::Util 'tainted'; -use Test::More tests => 13; +use Test::More tests => 17; my $module = 'CGI::Untaint::boolean'; my $parent = 'CGI::Untaint::object' ; @@ -30,7 +30,7 @@ unless eval { require Test::CGI::Untaint; $tcu->import(); 1 }; is_extractable( 'on', 1, 'boolean' ); - is_extractable( '', '', 'boolean' ); + is_extractable( '', 0, 'boolean' ); unextractable( 'wibbly', 'boolean' ); } @@ -47,5 +47,10 @@ can_ok( $bool, 'is_valid' ); $bool->value( 'on' ); ok( $bool->is_valid(), "is_valid() should return true if value is 'on'" ); +is( $bool->value(), 1, "value becomes 1" ); $bool->value( 'foo' ); ok( ! $bool->is_valid(), '... or false otherwise' ); +is( $bool->value(), 0, "value becomes 0" ); +$bool->value( '' ); +ok( $bool->is_valid(), '... nothing is a valid state' ); +is( $bool->value(), 0, "value becomes 0" );

Fri Jul 08 03:08:11 2005 chromatic [...] cpan.org - Status changed from 'new' to 'resolved'

Fri Jul 08 03:08:11 2005 chromatic [...] cpan.org - Correspondence added 45 min

[guest - Tue Oct 26 16:06:00 2004]: Show quoted text

> According to the docs, $self->value should be set to 0 if the input i > not 'on' but this never happens as the call to $self->value( $value > eq 'on' ? 1 : 0 ) never has a chance to run unless $value is > actually 'on'.

Yep, good catch. I've fixed this in version 1.00 and I've revised the documentation to promise only returning a true or a false value, not 1 or 0 specifically. Show quoted text

> The attached patch seems to give the correct behaviour but I'm getting > an odd test failure in is_extractable where passing in '' returns > '' when passing in '' later on returns 0. > > Or am I just doing something stupid ?

It's not you. The test was doing something stupid that CGI::Untaint didn't allow. I've revised the test and it appears to do the right thing now. Thanks for the patch!

Fri Jul 08 03:08:12 2005 chromatic [...] cpan.org - Given to CHROMATIC