RE: [cgiapp] Untaiting in C::A::ValidateRM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cgiapp] Untaiting in C::A::ValidateRM

Subject: RE: [cgiapp] Untaiting in C::A::ValidateRM
Date: Fri, 10 Oct 2003 16:28:02 -0400
From: "Kleindenst, Fred" <suppressed>

After you run check_rm you'll want to use items from $res->valid to put
into the DB to get the untainted entries.

See perldoc Data::FormValidator for the correct syntax.

Cheers

========================================================================
=====
Fred Kleindenst			suppressed
Internet Platforms
310.302.3801 


-----Original Message-----
From: Wojciech Pietron [mailto:suppressed
Sent: Friday, October 10, 2003 3:41 AM
To: suppressed
Subject: [cgiapp] Untaiting in C::A::ValidateRM


Hi,

I have my script running in taint mode. I found 
CGI::Application::ValidateRM module very useful and tried to take
advantage
of it and its untaiting capabilities.

Here is a simple example:

==============================================================
use CGI::Application::ValidateRM;
# [...]

$profile = {required => 'USER', 
            constraint => {
	                   'USER' => 'login'
			  },
	   untaint_constraint_fields => [qw|USER|],
	   validator_packages => [qw|My::Constraints|] # with
match_login definition
	   };

my ($res, $err_page) = $self->check_rm('login', $profile);

# My match_login looks like:
sub match_login {
    my $login = shift;
    if ($login =~ /^([\d\w]{3,10})$/) {
       return $1;
    } else {
       return undef;
    }
}
==============================================================

Validation is successful. After that I try to execute DBI fetch
procedure
with binding variables:

$res = $dbh->selectall_arrayref($sth, {}, $self->query->param('USER'));

And script complains, that $self->query->param('USER') is tainted. 
Why?

I will appreciate any help.

Best regards,
Wojciech Pietron

---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
              http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed

---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
              http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed

Prev by Date: [cgiapp] Untaiting in C::A::ValidateRM
Next by Date: [cgiapp] Avoiding 'replacing previous run-mode' warning
Previous by thread: [cgiapp] Untaiting in C::A::ValidateRM
Next by thread: [cgiapp] Avoiding 'replacing previous run-mode' warning
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.