ghettofinger has asked for the wisdom of the Perl Monks concerning the following question:
I have put together quite a few pages using CGI and HTML::Template and I really like it. It works. When I took the little perl knowledge that I had and comined it with Ovid's CGI Course I felt that I had a simple and secure application. I am trying to expand my sites and add more functionality so I have decided to start using CGI::Application. This is a realy cool module and fun to use. I have an issue though. I am not sure how I can untaint input from users. Take the following for example:
sub login{ my $self = shift; my ($nick, $pass) = @_; my $session = $self->param('session'); if(defined $nick and defined $pass){ if($nick eq $pass){ #REPLACE THIS WITH A REAL CHECK!!!! #DO STUFF }else{ #DO OTHER THINGS } }
I have been using CGI::Untaint when I was using just CGI, but now that I am modularizing the site, I am not sure how to go about this. Should I be looking to "$self" and asking for $nick and $pass and then untaint them? Is there a better way to do this now the I am using CGI::Application?
My thanks to all,
ghettofinger
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Untainting input to CGI::Application
by dragonchild (Archbishop) on May 18, 2005 at 18:58 UTC | |
Re: Untainting input to CGI::Application
by edan (Curate) on May 18, 2005 at 18:56 UTC | |
Re: Untainting input to CGI::Application
by Joost (Canon) on May 18, 2005 at 18:59 UTC |