CGI::Application is meant to be subclassed. This means that you're supposed to write a class that uses it as a starting point. When I write C::A apps, I actually have 2-3 levels of baseclasses. The first one is my global baseclass. It's my version of what C::A should do. This includes providing a print() method that dispatches between HTML::Template, Excel::Template, and PDF::Template. I see no reason why you shouldn't go ahead and provide a param()-type method in your global baseclass that will untaint the parameters as you need them. You could even link it with CGI::Untaint as so:
sub cgiapp_prerun {
my $self = shift;
$self->param( handler => CGI::Untaint->new( $self->query->Vars ) )
+;
return $self->SUPER::prerun( @_ );
}
sub extract {
my $self = shift;
my ($method, $name) = @_;
my $handler = $self->param( 'taint_handler' );
return $handler->extract( $method => $name );
}
Now, your calls to $self->extract() are wrappers around CGI::Untaint's extract(). Done.
- In general, if you think something isn't in Perl, try it out, because it usually is. :-)
- "What is the sound of Perl? Is it not the sound of a wall that people have stopped banging their heads against?"
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|
