Class::DBI::Untaint bug: '0' does not untaint as an integer

[prev] [thread] [next] [Date index for 2005/04/20]

--GvXjxJ+pjyke8COw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hi!

I seem to forget whether you (Tony) perfere patches via RT or via the list,
so I'll send it to the list too:

http://rt.cpan.org/NoAuth/Bug.html?id=12334

When using Class::DBI::Untaint and constraining a column to an integer,
CDBI::Untaint raises  a validate_column_values error if you pass a 0 (zero)
to the restricted column.

The attached patch consists of a test case that fails with
Class-DBI-Untaint-0.01 and a patch to Untaint.pm that removes the bug.

I'm not sure if the real root of the bug might be in CGI::Untaint, though...


        -- 
        #!/usr/bin/perl                               http://domm.zsi.at
for(ref bless{},just'another'perl'hacker){s-:+-$"-g&&print$_.$/}

--GvXjxJ+pjyke8COw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="patch_cdbi_untaint.txt"

diff -r Class-DBI-Untaint-0.01/lib/Class/DBI/Untaint.pm domm_Class-DBI-Untaint-0.01/lib/Class/DBI/Untaint.pm
14c14,18
< 			CGI::Untaint->new({ $col => +shift })->extract("-as_$type" => $col);
---
>             my $val=shift;
>             my $rv=CGI::Untaint->new({ $col => $val })->extract("-as_$type" => $col);
>             return $rv if $rv;
>             return 1 unless $val;
>             return;            
diff -r Class-DBI-Untaint-0.01/t/01.t domm_Class-DBI-Untaint-0.01/t/01.t
9c9
< 	plan $@ ? (skip_all => 'needs DBD::SQLite for testing') : (tests => 3);
---
> 	plan $@ ? (skip_all => 'needs DBD::SQLite for testing') : (tests => 4);
50a51,54
> 
> my $order3 = eval { My::Order->create({ itemid => 14, orders => 0 }) };
> isa_ok $order3 => "My::Order";
> 

--GvXjxJ+pjyke8COw--