All the Perl that's Practical to Extract and Report

1st Dec 2003

advent on 2003-12-01T02:15:27

Comments for Perl Advent Calendar Entry 1st Dec 2003. Comments posted below may be displayed on perladvent.org.

what about multiple values?

podmaster on 2003-12-01T12:53:53

Maybe i'm missing it, but they don't seem to be handled at all (which is a shortcoming)

E:\>perl - 1=a 1=b 1=c 1=d
use CGI qw[ param Vars ];
use CGI::Untaint;
my $u = CGI::Untaint->new( Vars() );
print "$_\n" for $u->extract(-as_printable => 1);
warn 1;
print "$_\n" for param(1);
__END__
1 at - line 5.
a
b
c
d

Re:what about multiple values?

podmaster on 2003-12-01T12:58:40

*sigh* i really wish I hit preview a couple more times

I was talking about the 1st, CGI::Untaint (obviously). I think it does hit the hammer, but not exactly on the head :)(face maybe, shoulder?)

Re:what about multiple values?

2shortplanks on 2003-12-01T23:40:03

Mutliple values do work, though it's not quite how you might expect. Since you're populating your instance of CGI::Untaint using CGI's Vars method, things that have multiple values are seperated by NUL (\0), as documented in the CGI perldoc.

What I normally do in this situation is have my _untaint_re check that each of the things seperated by \0 match what I'm checking, and then have my is_valid do a quick

$self->valid([split /\0/, $self->value]);

Re:what about multiple values?

2shortplanks on 2003-12-01T23:45:12

  $self->value([split /\0/, $self->value]);
even.

Re:what about multiple values?

podmaster on 2003-12-02T20:33:43

Sure you could do that, but i don't think you should need to. I think CGI::Untaint could be more, you know, convenient :)

Re:what about multiple values?

tmtm on 2003-12-08T17:20:14

Patches welcome :)

SEE ALSO: Data::FormValidator

markjugg on 2003-12-01T19:49:24

I think Data::FormValidator is also a very strong contender in this problem space. It handles multiple values, something podmaster brought up in another post. It also integrates with CGI.pm, Regexp::Common and is generally very powerful and flexible.

The current version includes a nice file upload validator as well.

http://search.cpan.org/perldoc?Data::FormValidator
http://mark.stosberg.com/d fv/

disclaimer: I maintain Data::FormValidator

Re:SEE ALSO: Data::FormValidator

markjugg on 2003-12-01T19:50:08

I should have also mentioned it can do untainting in many cases as well.