Re: Class::DBI::Untaint bug: '0' does not untaint as an integer

[prev] [thread] [next] [Date index for 2005/04/20]

On Wed, Apr 20, 2005 at 11:13:08AM +0200, Thomas Klausner wrote:
> I seem to forget whether you (Tony) perfere patches via RT or via the list,
> so I'll send it to the list too:

Class::DBI patches via the list. Other modules via RT.

> diff -r Class-DBI-Untaint-0.01/lib/Class/DBI/Untaint.pm domm_Class-DBI-Untaint-0.01/lib/Class/DBI/Untaint.pm

and 'diff -Bub' is my preferred format...

Thanks for this,

Tony

> 14c14,18
> < 			CGI::Untaint->new({ $col => +shift })->extract("-as_$type" => $col);
> ---
> >             my $val=shift;
> >             my $rv=CGI::Untaint->new({ $col => $val })->extract("-as_$type" => $col);
> >             return $rv if $rv;
> >             return 1 unless $val;
> >             return;            

I'm skeptical of this patch being enough, but can't think of a
counter-example yet. Leave it with me...

Tony