A
A. Sinan Unur
Hello:
I am testing out an idea and trying to see whether it makes sense.
I have a pretty basic CGI application that has multiple forms with a
number of common elements on them. But depending on application state
some elements may appear on a given form and others may not.
I thought it might make sense to encapsulate the validation and
untainting of input in a simple object. For example:
package Ulti:aram:eriod;
use strict;
use warnings;
use Regexp::Common qw(number);
sub new {
my $class = shift;
my $self = eval {
defined $_[0] or die;
my $value = $_[0];
$value =~ /^\s*$RE{num}{int}{-keep}\s*$/ or die;
$value = 0 + $1;
(0 <= $value) or die;
return $value;
};
return bless \$self, $class if defined $self;
return;
}
sub value { ${$_[0]}; }
1;
__END__
In addition, corresponding to each form that needs to be processed, there
is an object that handles the validation of all elements on that form.
For example:
package Ulti::Form::SubmitEditSession;
use Ulti:aram::Endowment;
use Ulti:aram::ExchangeRate;
use Ulti:aram::GroupSize;
use Ulti:aram::Matching;
use Ulti:aram:aramName;
use Ulti:aram:ayoffMethod;
use Ulti:aram:eriod;
use Ulti:aram::Role;
use Ulti:aram::SessionID;
sub new {
my $class = shift;
my $self = { };
return bless $self, $class;
}
sub validate {
my ($self, $cgi) = @_;
if(my $v = Ulti:aram:eriod->new($cgi->param('practice_periods')))
{
$self->{'param'}->{'practice_periods'} = $v->value;
}
else
{
$self->{'error'} = 'practice_periods';
return;
}
# validate the rest of the inputs
return $self->{'param'};
}
sub error { return $_[0]->{'error'}; }
1;
__END__
And then, in the main code, I use:
sub submit_edit_session {
my $app = shift;
my $form = Ulti::Form::SubmitEditSession->new;
my $params = $form->validate($app->query);
unless( $params ) { return $app->show_error($form->error); }
# do something with $params
}
Is this reasonable at all? What problems do you see? I have tried using
CGI::Untaint but somehow the method above fits better with the way my
mind works, but I would like to get some advice from better minds than
mine before commiting to it.
Sinan.
I am testing out an idea and trying to see whether it makes sense.
I have a pretty basic CGI application that has multiple forms with a
number of common elements on them. But depending on application state
some elements may appear on a given form and others may not.
I thought it might make sense to encapsulate the validation and
untainting of input in a simple object. For example:
package Ulti:aram:eriod;
use strict;
use warnings;
use Regexp::Common qw(number);
sub new {
my $class = shift;
my $self = eval {
defined $_[0] or die;
my $value = $_[0];
$value =~ /^\s*$RE{num}{int}{-keep}\s*$/ or die;
$value = 0 + $1;
(0 <= $value) or die;
return $value;
};
return bless \$self, $class if defined $self;
return;
}
sub value { ${$_[0]}; }
1;
__END__
In addition, corresponding to each form that needs to be processed, there
is an object that handles the validation of all elements on that form.
For example:
package Ulti::Form::SubmitEditSession;
use Ulti:aram::Endowment;
use Ulti:aram::ExchangeRate;
use Ulti:aram::GroupSize;
use Ulti:aram::Matching;
use Ulti:aram:aramName;
use Ulti:aram:ayoffMethod;
use Ulti:aram:eriod;
use Ulti:aram::Role;
use Ulti:aram::SessionID;
sub new {
my $class = shift;
my $self = { };
return bless $self, $class;
}
sub validate {
my ($self, $cgi) = @_;
if(my $v = Ulti:aram:eriod->new($cgi->param('practice_periods')))
{
$self->{'param'}->{'practice_periods'} = $v->value;
}
else
{
$self->{'error'} = 'practice_periods';
return;
}
# validate the rest of the inputs
return $self->{'param'};
}
sub error { return $_[0]->{'error'}; }
1;
__END__
And then, in the main code, I use:
sub submit_edit_session {
my $app = shift;
my $form = Ulti::Form::SubmitEditSession->new;
my $params = $form->validate($app->query);
unless( $params ) { return $app->show_error($form->error); }
# do something with $params
}
Is this reasonable at all? What problems do you see? I have tried using
CGI::Untaint but somehow the method above fits better with the way my
mind works, but I would like to get some advice from better minds than
mine before commiting to it.
Sinan.