Efficient Untaint?

Kent, Mr. John \(Contractor\) Sat, 17 Jul 2004 09:43:09 -0700

Greetings,

Is there a more efficient/better way to untaint variables
pulled from a cgi query object?


Here is an example of what I am currently doing:

#!/usr/bin/perl -wT
use strict;
use CGI;
my($query) = new CGI;

# I then have 30  untaint checks like this before I start
# coding.

   my($MOSAIC_SCALE)    = $query->param('MOSAIC_SCALE')    || "20";
    {$MOSAIC_SCALE =~ /(\d+)/;
     $MOSAIC_SCALE = $1;
     $query->param('MOSAIC_SCALE',$MOSAIC_SCALE);
    }
    my($SIZE)            = $query->param('SIZE')            || 
$Tc_Config::DEFAULT_SIZE;
    {$SIZE =~ /([\w\-\_]+)/;
     $SIZE = $1;
     $query->param('SIZE',$SIZE);
    }

    my($MOST_RECENT)     = $query->param('MOST_RECENT')     || ();
    {$MOST_RECENT =~ /([\w\.\-\_]+)/;
     $MOST_RECENT = $1;
     $query->param('MOST_RECENT',$MOST_RECENT);
    }

    my($MOVIE_SIZE)      = $query->param('MOVIE_SIZE')      || "MEDIUM";
    {$MOVIE_SIZE =~ /([\w\-\_]+)/;
     $MOVIE_SIZE = $1;
     $query->param('MOVIE_SIZE',$MOVIE_SIZE);
    }


    my($STYLE)           = $query->param('STYLE')           || "frames";
    {$STYLE =~ /([\w\-\_]+)/;
     $STYLE = $1;
     $query->param('STYLE',$STYLE);
    }

Thank you,

John Kent


--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>

Efficient Untaint?

Reply via email to