Re: [cgiapp] fill_password and CGI::Application::ValidateRM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cgiapp] fill_password and CGI::Application::ValidateRM

Subject: Re: [cgiapp] fill_password and CGI::Application::ValidateRM
Date: Thu, 4 Mar 2004 09:59:32 -0200 (GMT+2)
From: Gabor Szabo <suppressed>

As noone answered this question I try to include an example. Maybe that
shows better what my problem is. If you run this code, you get a box to
fill in password. If this pw is shorter than 3 characters (as defined
in the constraint) I should get back the same form *without* the password
filled in. How can I do this ?
Gabor

On Tue, 2 Mar 2004, Gabor Szabo wrote:

>
> I am trying to use CGI::Application::ValidateRM and
> I encountered a security problem that I could not solve yet.
>
>
> FIF automatically fills in all the fields, including the password fields.
> I would like to make sure that the password fields are not filled in.
>
> AFAIK FIF allows you to do this in two ways either by passing
> fill_password => 0
>
> or by passing
>
> ignore_fields => ['pw']
> (assuming that my password field is called pw)
>
>
> So far I could not find a way to pass these paramters to FIF when
> using CGI::Application::ValidateRM v1.10
> Based on what I see in the source code of CAV, you cannot pass these
> parameters to FIF.
>
> What did I miss ?
>
> Gabor

#!/usr/bin/perl

package My::Fif;
use strict;
use warnings;

use base 'CGI::Application';
use CGI::Application::ValidateRM;

sub setup {
    my $self = shift;
    $self->start_mode('display');
    $self->run_modes(
         'display'       => 'display',
         'process'       => 'process',
    );
}


sub display {
    my $self = shift;
    my $errs = shift;

    my $t = $self->load_tmpl("f1.tmpl", die_on_bad_params => 0);

    $t->param($errs) if $errs;
    return $t->output;
}


sub process {
    my $self = shift;

    my ($results, $err_page) = $self->check_rm('display','_profile');
    return $err_page if $err_page;

    my $t = $self->load_tmpl("f2.tmpl");
    return $t->output;
}

sub _profile {
    return {
       required => [qw(pw)],
       constraints => {
           pw => qr/.../,
       },
       msgs => {
             any_errors => 'some_errors',
	     prefix     => 'no_',
       }
    }
}

package Main;
my $w = My::Fif->new;
$w->run;



# and the f1.tmpl file:
<html>
<head><title>Registration form</title>
<body bgcolor="white">
<h1>Registration form</h1>
<form>
<input type="hidden" name="rm" value="process">
<table>
<tr><td>Password:</td><td><input name="pw" type="password"></td></tr>
<tr><td></td><td><input type="submit" value="Register"></td></tr>
</table>
</body>
</html>


# and the f2.tmpl file is not really important
<html>
<head><title>Thank you</title>
<body bgcolor="white">
<h1>Thank you for registering</h1>
</body>
</html>



---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
              http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed

Follow-Ups:
- Re: [cgiapp] fill_password and CGI::Application::ValidateRM
  - From: Gabor Szabo

References:
- [cgiapp] fill_password and CGI::Application::ValidateRM
  - From: Gabor Szabo

Prev by Date: [cgiapp] RE: Design Problem
Next by Date: Re: [cgiapp] fill_password and CGI::Application::ValidateRM
Previous by thread: [cgiapp] fill_password and CGI::Application::ValidateRM
Next by thread: Re: [cgiapp] fill_password and CGI::Application::ValidateRM
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.