On 9/22/05, Peter Speltz <[EMAIL PROTECTED]> wrote: > On 9/22/05, David Baird <[EMAIL PROTECTED]> wrote: > > > > I think it should submit the form with no value for that field. > > > > I mean, the browser omits the field entirely. What I want to test is > > how a CGI::Untaint handler behaves when you ask it to untaint a key > > that isn't even in the submitted data. > > It returns undef for the value and for error it gives "No Parameter > for $field". CGI UntaintPatched has one test for this. FromCGI makes > this happen all the time because it iterates through "all" colums and > usually your display_columns are not "all" columns and it ignores > these errors. > > Looking at the source CGI::Untaint 1.26 I see they did not change it > at all. Really , they just changed CGI::Untaint::printable. Taking > this route, every specific handler has to handle the empty field. > I'm open to this and it will work but still, . .. I think it does > solve FromCGI's edit blank field problems for printable. Iĺl test it. > > I chose the another route and it seems to work fine for all untaint types. > Here is the logic I use in CGI::Untaint*Patched*: > > # Check that parameter should be untainted in the first place: > # 1) Is it defined -- in other words - was there an input box on the > form for this? > Yes : Go to #2 > No: return "No Parameter for $field" error > #2) Is it *NOT* an empty string -- in other words - was the input > filled in or blank? > Yes: Go to #3 > No : return "No Input for $field" error. > #3) Pass along to the type handler > > CGI::Untaint does not have step 2. > I think the distinction between "No parameter for " and "No Input for > " is useful if only for clarity's sake. > > I guess yet another route would be to check for blank field before > untainting. For some reason i did not like that one. > > Dave have you written any tests yet? If not I will work on some as > I'm working on some other tests now.
No, I'm still sorting this all out in my head, and CGI::Untaint isn't such a priority for me ;-) d.
