Re: [Maypole] Inserting or editing blank fields
[prev] [thread] [next] [Date index for 2005/06/09]
From: Peter Speltz
Subject: Re: [Maypole] Inserting or editing blank fields
Date: 23:59 on 09 Jun 2005
Subject: Re: [Maypole] Inserting or editing blank fields
Date: 23:59 on 09 Jun 2005
--- Tony Bowden <tony.bowden@xxxxx.xxx> wrote:
> On 07/06/05, Peter Speltz <peterspeltz@xxxxx.xxx> wrote:
> > Here is a patch for FromCGI's validate that seems to do the trick when
> using
> > the aforementioned CGI::Untaint patch (way below) It needs some testing.
>
> If you add this at rt.cpan, preferably with a test, I'll apply it when
> I get a chance.
>
Added it. Writing the test revealed a bug in my patch. It was a good first
test experience. I wasn't aware that FromCGI tries to untaint fields that are
not in the params hash the CGI::Untaint object is created with. So the previous
patch blanked out any fields not in params as well as blank fields in the
params. Not what we want i don't think.
So heres the new patch. Hopefully bug free. It checks the field exists in the
untaint objects raw data before setting it to ''. NOte -- i didn't see an
acceessor for the raw data in the Untaint object.
--- FromCGI.orig.pm 2005-06-09 12:24:44.000000000 -0500
+++ FromCGI.pm 2005-06-09 19:37:21.002373952 -0500
@@ -196,6 +196,7 @@
sub validate {
my ($me, $them, $h, $wanted, $extra_ignore) = @_;
+ my $updating = 1 if ref $them; #pjs
my %wanted = $me->parse_columns($them => @$wanted);
my %required = map { $_ => 1 } @{$wanted{required}};
@@ -213,8 +214,15 @@
if ($required{$field} and not $value) {
$them->{_cgi_update_error}->{$field} = "You must supply '$field'"
} elsif ($err) {
- $them->{_cgi_update_error}->{$field} = $err
- unless $err =~ /^No parameter for/;
+ if ( $err !~ /^No parameter for/ ) {
+ $them->{_cgi_update_error}->{$field} = $err;
+ } elsif ($updating &&
+ ( # exists {$h->raw_data}->{$field} ||
+ exists $h->{__data}{$field} # need accssr to raw data
+ ))
+ {
+ $fields->{$field} = '' if defined $them->$field;
+ }
} else {
$fields->{$field} = $value
}
pjs
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
 |
Re: [Maypole] Inserting or editing blank fields
|