--- "Scott R. Godin" <[EMAIL PROTECTED]> wrote:
his example and in which case you want to get the params AFTER
creating the cgi-object
my %params = $cgi->Vars;
which ensures that you also get multi-value <select>s as separate values. too.
$cgi->Vars separates multiple values with a null byte, thus increasing
the risk of the person using this being vulnerable to a null-byte hack.
I would only use this if you're migrating from the Perl 4 cgi-lib.pl.
Also. having to do "@foo = split "\0",$params->{foo};" is not fun and it's easy to get wrong.
If someone needs multiple values, they should just take advantage of list context:
my $foo = $cgi->param('foo'); # single value
# versus my @foo = $cgi->param('foo'); # multiple values
Cheers, Ovid
You raise a good point, m'friend, and one that I pondered for quite a while before sending an RFE to Lincoln Stein regarding possibly adding a pragma to indicate that you want the multi-value params as an anonymous array within the hash, thereby avoiding the potential problems of the poison null-byte.
along the lines of
%hash = $cgi->Vars();
@foo = @{ $hash{foo} };From what I can see from the code it looks like the \0-packing is being done artificially after the fact, and internally the object data IS being stored within an arrayref in the object's structure, so this may be a simple thing to implement. I don't know myself. I got brain-freeze trying to follow the flow within CGI.pm :-)
We'll have to wait and see what Lincoln says, but I brainstormed a bit and even came up with a sensible pragma name.. either -presplit or :presplit.
Very very good point though, and one I'm going to drill on until I can't forget it again.
-- Scott R. Godin Laughing Dragon Services www.webdragon.net
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
