Re: FromCGI warnings for non-required values

[prev] [thread] [next] [Date index for 2005/02/03]

I have same problem. Since i upgraded to CGI::Untaint 1.25 any blank fields
causes FromCGI to spit the ("<field> does not untaint with default pattern")
message. I looked at CGI::Untaint. I think this may be the offending line in
_do_extract sub , line 167.

    #----------------------------------------------------------------------
    # Do we have a sensible value? Check the default untaint for this
    # type of variable, unless one is passed.
    #----------------------------------------------------------------------
    defined(my $raw = $self->{__data}->{$field})
        or die "No parameter for '$field'\n";


--- patrick_paskvan@xxxxx.xxx wrote:

> I have looked at the code for this, and I think I have the answer, but just
> wanted to be sure that I'm not missing something.  When using FromCGI, I set
> up the "all," "required" and "ignore" lists.  All works as described, except
> I was wasn't expecting to find that values that were not required, generate a
> warning if they exist in the input data and are blank ("<field> does not
> untaint with default pattern").
> 
> It's clear that CGI::Untaint would generate this message, I just didn't
> expect FromCGI to pass it along, in the same way it screens the "No parameter
> for..." error.  Not that it's difficult to screen later.  I suppose that
> "<field> does not untaint with default pattern" has a wider meaning.  Anyway,
> this behaviour is intended, correct?
> 
> Thanks,
> Pat
> 


=====
pjs


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - now with 250MB free storage. Learn more.
http://info.mail.yahoo.com/mail_250