[CDBI] Class::DBI::Untaint

Jay Hargreaves jay at rigadon.com
Tue Nov 15 15:12:23 GMT 2005


Thanks again Peter - I'll have a look at overriding Class::DBI::Untaint 
as you suggest...

Peter Speltz wrote:
> On 11/15/05, Jay Hargreaves <jay at rigadon.com> wrote:
> 
>>Hi all!
>>
>>I have a web application that is using Class::DBI::Untaint to verify a
>>URL is indeed a URL (CGI::Untaint::url).
>>
>>My problem is that the URL field is optional so sometimes the user will
>>not enter any information at all in this field. When they do this they
>>get the usual validate_column_values error!
>>
>>Is there some way to make the validation optional - ie - to check the
>>URL for validity ONLY if the user has entered a value?
>>
> 
> 
> This is one of the "bugs" (or "features")   i was referring to of a
> CGI::Untaint system.  You basically have 3 choices:
> 1) Override every untaint handler (CGI::Untaint::date/url/...) to
> allow and empty value.
>  2) Override Class::DBI::Untaint to use CGI::UntaintPatched which
> works as you want for all Untaint types.
> 3)  Override CGI::Untaint to do what you want.
> 
> There is some archived discussion of this.
> 

-- 
bingo, bango, bosh...




More information about the ClassDBI mailing list