Class::DBI::Plugin::AutoUntaint - untaint columns automatically
package Film; use Class::DBI::FromCGI; use Class::DBI::Plugin::Type; use Class::DBI::Plugin::AutoUntaint; use base 'Class::DBI'; # set up as any other Class::DBI class. # instead of this: #__PACKAGE__->untaint_columns( # printable => [qw/Title Director/], # integer => [qw/DomesticGross NumExplodingSheep], # date => [qw/OpeningDate/], # ); # say this: __PACKAGE__->auto_untaint;
Automatically detects suitable default untaint methods for most column types. Accepts arguments for overriding the default untaint types.
The following options can be set in %args:
%args
Specify untaint types for specific columns:
untaint_columns => { printable => [ qw( name title ) ], date => [ qw( birthday ) ], }
List of columns that will not be untainted:
skip_columns => [ qw( secret_stuff internal_data ) ]
Use regular expressions matching groups of columns to specify untaint types:
match_columns => { qr(^(first|last)_name$) => 'printable', qr(^.+_event$) => 'date', qr(^count_.+$) => 'integer', }
Untaint according to SQL data types:
untaint_types => { char => 'printable', }
Defaults are taken from the package global %TypesMap.
%TypesMap
Use a regular expression to map SQL data types to untaint types:
match_types => { qr(^.*int$) => 'integer', }
Control how much detail to report (via warn) during setup. Set to 1 for brief info, and 2 for a list of each column's untaint type.
warn
If set to 1, will die if an untaint type cannot be determined for any column. Default is to issue warnings and not untaint these column(s).
The default behaviour is to skip untainting timestamp columns. A warning will be issued if the debug parameter is set to 2.
timestamp
debug
The default mapping of column types to untaint types is set in %Class::DBI::Plugin::AutoUntaint::TypesMap, and is probably incomplete. If you come across any failures, you can add suitable entries to the hash before calling auto_untaint(). However, please email me with any failures so the hash can be updated for everyone.
%Class::DBI::Plugin::AutoUntaint::TypesMap
auto_untaint()
Tests!
Class::DBI::FromCGI.
David Baird, <cpan@riverside-cms.co.uk>
<cpan@riverside-cms.co.uk>
Please report any bugs or feature requests to bug-class-dbi-plugin-autountaint@rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Class-DBI-Plugin-AutoUntaint. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
bug-class-dbi-plugin-autountaint@rt.cpan.org
Copyright 2005 David Baird, All Rights Reserved.
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
To install Class::DBI::Plugin::AutoUntaint, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Class::DBI::Plugin::AutoUntaint
CPAN shell
perl -MCPAN -e shell install Class::DBI::Plugin::AutoUntaint
For more information on module installation, please visit the detailed CPAN module installation guide.