taint results from the CPAN

taint

App-Office-CMS

view release on metacpan or search on metacpan

htdocs/assets/templates/app/office/cms/page.tx
htdocs/assets/templates/app/office/cms/search.js
htdocs/assets/templates/app/office/cms/search.tx
htdocs/assets/templates/app/office/cms/select.tx
htdocs/assets/templates/app/office/cms/site.js
htdocs/assets/templates/app/office/cms/site.tx
htdocs/assets/templates/app/office/cms/table.tx
htdocs/assets/templates/app/office/cms/web.page.tx
httpd/cgi-bin/office/cms.cgi
httpd/cgi-bin/office/cms.psgi
httpd/cgi-bin/test.untaint.cgi
httpd/cgi-bin/test.untaint.html
lib/App/Office/CMS.pm
lib/App/Office/CMS/.htoffice.cms.conf
lib/App/Office/CMS/Controller.pm
lib/App/Office/CMS/Controller/Backup.pm
lib/App/Office/CMS/Controller/Content.pm
lib/App/Office/CMS/Controller/Design.pm
lib/App/Office/CMS/Controller/Initialize.pm
lib/App/Office/CMS/Controller/Page.pm
lib/App/Office/CMS/Controller/Search.pm
lib/App/Office/CMS/Controller/Site.pm

META.json view on Meta::CPAN

            "ExtUtils::MakeMaker" : "0"
         }
      },
      "runtime" : {
         "requires" : {
            "Brannigan" : "1.1",
            "CGI" : "3.49",
            "CGI::Application" : "4.31",
            "CGI::Application::Dispatch" : "2.17",
            "CGI::Application::Dispatch::PSGI" : "3.12",
            "CGI::Untaint" : "1.26",
            "Capture::Tiny" : "0.46",
            "Config::Tiny" : "2.23",
            "DBD::SQLite" : "1.54",
            "DBI" : "1.611",
            "DBIx::Admin::CreateTable" : "2.1",
            "DBIx::Admin::TableInfo" : "3.03",
            "DBIx::Simple" : "1.35",
            "Data::Session" : "1.17",
            "Date::Format" : "2.24",
            "File::Path" : "2.08",

META.yml view on Meta::CPAN

no_index:
  directory:
    - t
    - inc
requires:
  Brannigan: '1.1'
  CGI: '3.49'
  CGI::Application: '4.31'
  CGI::Application::Dispatch: '2.17'
  CGI::Application::Dispatch::PSGI: '3.12'
  CGI::Untaint: '1.26'
  Capture::Tiny: '0.46'
  Config::Tiny: '2.23'
  DBD::SQLite: '1.54'
  DBI: '1.611'
  DBIx::Admin::CreateTable: '2.1'
  DBIx::Admin::TableInfo: '3.03'
  DBIx::Simple: '1.35'
  Data::Session: '1.17'
  Date::Format: '2.24'
  File::Path: '2.08'

Makefile.PL view on Meta::CPAN

	NAME      => 'App::Office::CMS',
	PL_FILES  => {},
	PREREQ_PM =>
	{
		'Brannigan'							=> 1.1,
		'Capture::Tiny'						=> 0.46,
		'CGI'								=> 3.49,
		'CGI::Application'					=> 4.31,
		'CGI::Application::Dispatch'		=> 2.17,
		'CGI::Application::Dispatch::PSGI'	=> 3.12,
		'CGI::Untaint'						=> 1.26,
		'Config::Tiny'						=> 2.23,
		'Data::Session'						=> 1.17,
		'Date::Format'						=> 2.24,
		'DBD::SQLite'						=> 1.54,
		'DBI'								=> 1.611,
		'DBIx::Admin::CreateTable'			=> 2.10,
		'DBIx::Admin::TableInfo'			=> 3.03,
		'DBIx::Simple'						=> 1.35,
		'File::Path'						=> 2.08,
		'File::Spec'						=> 3.31,

httpd/cgi-bin/test.untaint.cgi view on Meta::CPAN

#!/usr/bin/env perl

use strict;
use warnings;

use CGI;
use CGI::Untaint;

use Text::Xslate;

# ---------------

my($cgi)       = CGI -> new;
my($dir_name)  = '/dev/shm/html';
my($file_name) = 'test.untaint.html';
my($templater) = Text::Xslate -> new
(
	input_layer => '',
	path        => $dir_name,
);
my($handler) = CGI::Untaint -> new(map{ $_ => $cgi -> param($_) } $cgi -> param);
my($file)    = $handler -> extract(-as_upload => 'name');
my($param)   =
{
		filename => $$file{filename},
		payload  => $$file{payload},
};

print $cgi -> header, $templater -> render($file_name, $param);

httpd/cgi-bin/test.untaint.html view on Meta::CPAN

<html>
<head>
<title>Untaint</title>
</head>
<body>
<h3>Untaint</h3>

<form action="/cgi-bin/test.untaint.cgi" enctype="multipart/form-data" method="post" name="test">

<table>

<tr>
<td>Input filename:</td>
<td><: $filename :></td>
</tr>

<tr>
<td>Input payload:</td>

lib/App/Office/CMS.pm view on Meta::CPAN

=back

=head1 Security

Minimal effort has been made to sanitize error messages, so there's a risk
that information you don't wish to leak out may be displayed on the end-user's
screen.

Feel free to recommend changes in this area.

CGI form field data is passed thru CGI::Untaint and, optionally, HTML::Defang.

=head1 Distributions

This module is available as a Unix-style distro (*.tgz).

See L<http://savage.net.au/Perl-modules/html/installing-a-module.html>
for help on unpacking and installing distros.

=head1 Installation Pre-requisites

lib/App/Office/CMS.pm view on Meta::CPAN

=item o Add an option, perhaps, to escape entities when inputting HTML

=item o Adopt DBIx::Connector

=item o Implement user-initiated backup and restore

=item o Change class hierarchy

This is so View does not have to pass so many parameters to its 'has-a' attributes

=item o Adopt L<CGI::Untaint::html> or L<HTML::Defang>

Considered and rejected: L<HTML::Sanitizer>, L<HTML::Scrubber>.

=item o Test CGI::Untaint as to its handling of <script>...</script>

=item o Investigate Quicki's revision system

=back

=head1 Repository

L<https://github.com/ronsavage/App-Office-CMS.git>

=head1 Support

lib/App/Office/CMS/Util/Validator.pm view on Meta::CPAN

package App::Office::CMS::Util::Validator;

use strict;
use warnings;

use Brannigan;

use CGI::Untaint;

use Moo;

use Types::Standard qw/Any HashRef/;

extends 'App::Office::CMS::Database::Base';

has config =>
(
	is  => 'rw',

lib/App/Office/CMS/Util/Validator.pm view on Meta::CPAN

} # End of check_length.

# --------------------------------------------------

sub validate_content
{
	my($self) = @_;

	$self -> log(debug => 'validate_content()');

 	my($handler) = CGI::Untaint -> new(map{$_ => $self -> query -> param($_)} $self -> query -> param);
	my($data)    = {};

	my($key);

	for $key (qw/sid/)
	{
		$$data{$key} = $handler -> extract(-as_hex => $key);
	}

	for $key (qw/body_text head_text submit_update_content/)

lib/App/Office/CMS/Util/Validator.pm view on Meta::CPAN

} # End of validate_content.

# --------------------------------------------------

sub validate_page
{
	my($self) = @_;

	$self -> log(debug => 'validate_page()');

 	my($handler) = CGI::Untaint -> new(map{$_ => $self -> query -> param($_)} $self -> query -> param);
	my($data)    = {};

	my($key);

	for $key (qw/action asset_type_id/)
	{
		$$data{$key} = $handler -> extract(-as_integer => $key);
	}

	for $key (qw/sid/)

lib/App/Office/CMS/Util/Validator.pm view on Meta::CPAN

} # End of validate_page.

# --------------------------------------------------

sub validate_site_and_design
{
	my($self) = @_;

	$self -> log(debug => 'validate_site_and_design()');

	my($handler) = CGI::Untaint -> new($self -> query -> Vars);
	my($data)    = {};

	my($key);

	for $key (qw/sid/)
	{
		$$data{$key} = $handler -> extract(-as_hex => $key);
	}

	for $key (qw/action menu_orientation_id os_type_id/)

t/00.versions.t view on Meta::CPAN

use App::Office::CMS; # For the version #.

use Test::More;

use Brannigan;
use Capture::Tiny;
use CGI;
use CGI::Application;
use CGI::Application::Dispatch;
use CGI::Application::Dispatch::PSGI;
use CGI::Untaint;
use Config::Tiny;
use Data::Session;
use Date::Format;
use DBD::SQLite;
use DBI;
use DBIx::Admin::CreateTable;
use DBIx::Admin::TableInfo;
use DBIx::Simple;
use File::Path;
use File::Spec;

t/00.versions.t view on Meta::CPAN

pass('All external modules loaded');

my(@modules) = qw
/
	Brannigan
	Capture::Tiny
	CGI
	CGI::Application
	CGI::Application::Dispatch
	CGI::Application::Dispatch::PSGI
	CGI::Untaint
	Config::Tiny
	Data::Session
	Date::Format
	DBD::SQLite
	DBI
	DBIx::Admin::CreateTable
	DBIx::Admin::TableInfo
	DBIx::Simple
	File::Path
	File::Spec

( run in 0.502 second using v1.01-cache-2.11-cpan-d6f9594c0a5 )