CatalystX::RequestRole::StrictParams - Insist users specify HTTP method for form parameters
version 0.02
Insist users specify HTTP method for form parameters
package MyApp; use base 'Catalyst'; use Catalyst; use CatalystX::RoleApplicator; __PACKAGE__->apply_request_class_roles('CatalystX::RequestRole::StrictParams');
Perl wrappers around the CGI protocol frequently make it too easy to write exploitable code by conflating GET and POST parameters. Implementers instead should be considering whether a given request is retrieving (GET) or modifying (POST) data.
GET
POST
This role removes access to params, parameters and param from Catalyst request objects, forcing users to use body_parameters and query_parameters instead.
params
parameters
param
body_parameters
query_parameters
Cross-site Scripting vulnerabilities are easy to introduce, and often subtle. While using this module reduces the threat surface a little, it in no way provides general protection from all (or maybe even most) attacks.
Initial development sponsored by NET-A-PORTER http://www.net-a-porter.com/, through their generous open-source support.
Peter Sergeant - pete@clueball.com
pete@clueball.com
To install CatalystX::RequestRole::StrictParams, copy and paste the appropriate command in to your terminal.
cpanm
cpanm CatalystX::RequestRole::StrictParams
CPAN shell
perl -MCPAN -e shell install CatalystX::RequestRole::StrictParams
For more information on module installation, please visit the detailed CPAN module installation guide.