jay at rigadon.com
Tue Nov 15 15:12:23 GMT 2005
Thanks again Peter - I'll have a look at overriding Class::DBI::Untaint
as you suggest...
Peter Speltz wrote:
> On 11/15/05, Jay Hargreaves <jay at rigadon.com> wrote:
>>I have a web application that is using Class::DBI::Untaint to verify a
>>URL is indeed a URL (CGI::Untaint::url).
>>My problem is that the URL field is optional so sometimes the user will
>>not enter any information at all in this field. When they do this they
>>get the usual validate_column_values error!
>>Is there some way to make the validation optional - ie - to check the
>>URL for validity ONLY if the user has entered a value?
> This is one of the "bugs" (or "features") i was referring to of a
> CGI::Untaint system. You basically have 3 choices:
> 1) Override every untaint handler (CGI::Untaint::date/url/...) to
> allow and empty value.
> 2) Override Class::DBI::Untaint to use CGI::UntaintPatched which
> works as you want for all Untaint types.
> 3) Override CGI::Untaint to do what you want.
> There is some archived discussion of this.
bingo, bango, bosh...
More information about the ClassDBI