On 9/22/05, David Baird <[EMAIL PROTECTED]> wrote:
> > I think it should submit the form with no value for that field.
>
> I mean, the browser omits the field entirely. What I want to test is
> how a CGI::Untaint handler behaves when you ask it to untaint a key
> that isn't even in the submitted data.
It returns undef for the value and for error it gives "No Parameter
for $field". CGI UntaintPatched has one test for this. FromCGI makes
this happen all the time because it iterates through "all" colums and
usually your display_columns are not "all" columns and it ignores
these errors.
Looking at the source CGI::Untaint 1.26 I see they did not change it
at all. Really , they just changed CGI::Untaint::printable. Taking
this route, every specific handler has to handle the empty field.
I'm open to this and it will work but still, . .. I think it does
solve FromCGI's edit blank field problems for printable. Iĺl test it.
I chose the another route and it seems to work fine for all untaint types.
Here is the logic I use in CGI::Untaint*Patched*:
# Check that parameter should be untainted in the first place:
# 1) Is it defined -- in other words - was there an input box on the
form for this?
Yes : Go to #2
No: return "No Parameter for $field" error
#2) Is it *NOT* an empty string -- in other words - was the input
filled in or blank?
Yes: Go to #3
No : return "No Input for $field" error.
#3) Pass along to the type handler
CGI::Untaint does not have step 2.
I think the distinction between "No parameter for " and "No Input for
" is useful if only for clarity's sake.
I guess yet another route would be to check for blank field before
untainting. For some reason i did not like that one.
Dave have you written any tests yet? If not I will work on some as
I'm working on some other tests now.
pjs
