File Coverage

blib/lib/CGI/UntaintPatched.pm

Criterion	Covered	Total	%
statement	31	33	93.9
branch	10	18	55.5
condition			n/a
subroutine	5	5	100.0
pod			n/a
total	46	56	82.1

line	stmt	bran	sub	time	code
1					package CGI::UntaintPatched;
2
3	1		1	21958	use strict;
	1			3
	1			39
4	1		1	5	use warnings;
	1			2
	1			43
5					our $VERSION = '0.01';
6	1		1	6	use base 'CGI::Untaint';
	1			5
	1			816
7	1		1	3133	use Carp;
	1			2
	1			370
8
9					=head1 NAME
10
11					CGI::UntaintPatched - CGI::Untaint but it returns a "No input for '$field'\n" error for fields left blank on a web form.
12
13					=head1 SYNOPSIS
14
15					if ($h->error =~ /No input for/) {
16					# caught empty input now handle it
17					}
18
19					See CGI::Untaint.
20
21					=head1 DESCRIPTION
22
23					Instead of passing the empty string to the untaint handlers, which
24					do not like it or updating them all, it seemed better
25					to have CGI::Untaint catch the field left blank exception. So it does.
26					This should be ok I see no point untainting an empty string. But i am open to suggestions and other patches.
27
28					=cut
29
30
31					# offending method ripped from base and patched
32					sub _do_extract {
33	3		3	1116	my $self = shift;
34
35	3			9	my %param = @_;
36
37					#----------------------------------------------------------------------
38					# Make sure we have a valid data handler
39					#----------------------------------------------------------------------
40	3			16	my @as = grep /^-as_/, keys %param;
41	3	50		9	croak "No data handler type specified" unless @as;
42	3	50		7	croak "Multiple data handler types specified" unless @as == 1;
43
44	3			6	my $field = delete $param{ $as[0] };
45	3			7	my $skip_valid = $as[0] =~ s/^(-as_)like_/$1/;
46	3			15	my $module = $self->_load_module($as[0]);
47
48					#----------------------------------------------------------------------
49					# Do we have a sensible value? Check the default untaint for this
50					# type of variable, unless one is passed.
51					#----------------------------------------------------------------------
52
53					################# PETER'S PATCH #####################
54	3			2994	my $raw = $self->{__data}->{$field} ;
55	3	100		12	die "No parameter for '$field'\n" if !defined($raw);
56	2	100		12	die "No input for '$field'\n" if $raw eq '';
57					#####################################################
58
59
60					# 'False' values get returned as themselves with no warnings.
61					# return $self->{__lastval} unless $self->{__lastval};
62
63	1			6	my $handler = $module->_new($self, $raw);
64
65	1			8	my $clean = eval { $handler->_untaint };
	1			3
66	1	50		35	if ($@) { # Give sensible death message
67	0	0		0	die "$field ($raw) does not untaint with default pattern\n"
68					if $@ =~ /^Died at/;
69	0			0	die $@;
70					}
71
72					#----------------------------------------------------------------------
73					# Are we doing a validation check?
74					#----------------------------------------------------------------------
75	1	50		3	unless ($skip_valid) {
76	1	50		8	if (my $ref = $handler->can('is_valid')) {
77	1	50		3	die "$field ($raw) does not pass the is_valid() check\n"
78					unless $handler->$ref();
79					}
80					}
81
82	1			10	return $handler->untainted;
83					}
84
85					=head1 BUGS
86
87					None known yet.
88
89					=head1 SEE ALSO
90
91					L. L. L.
92
93					=head1 AUTHOR
94
95					Peter Speltz but most code was ripped from CGI::Untaint.
96
97					=head1 BUGS and QUERIES
98
99					Please direct all correspondence regarding this module to:
100					peterspeltz@cafes.net or bug-CGI-UntaintPatched@rt.cpan.org
101
102					=head1 COPYRIGHT and LICENSE
103
104					Copyright (C) 2005 Peter Speltz. All rights reserved.
105
106					This module is free software; you can redistribute it and/or modify
107					it under the same terms as Perl itself.
108
109					=cut
110
111					1;