[HOME] [github] [twitter] [blog] [fml4] [fml8] [北海道] Powered by NetBSD and [nuinui.net] .
fml 8 tutorial
PrevRestrict Input DataNext

How CGI Restricts The Input

CGI checks the input data by using FML::Restriction::CGI class.

The input should be restricted by FML::Restriction class. We should not use param() method provided by perl's CGI class. Instead use safe_param_xxx() method always to get value.

The following use may be allowed 

for my $dirty_buf (param()) {
   ... check ...
}
but we should not use raw param() call. 
param($dirtty_buf)
Instead, use safe_param_key(). 
for my $key (param()) {
   ... check ...

   if (key eq $key) {
       value = safe_param_key()
   }
}

PrevHomeNext
FML::Restriction ClassUpDiscussion: FML::Restriction Is Too Restrictive ?
[HOME] [github] [twitter] [blog] [fml4] [fml8] [北海道] Powered by NetBSD and [nuinui.net] . 
Copyright (C) 1993-2025 Ken'ichi Fukamachi mail:< fukachan at fml.org >