File Coverage

blib/lib/Maypole/Plugin/AutoUntaint.pm

Criterion	Covered	Total	%
statement	15	37	40.5
branch	0	8	0.0
condition	0	5	0.0
subroutine	5	7	71.4
pod	2	2	100.0
total	22	59	37.2

line	stmt	bran	cond	sub	pod	time	code
1							package Maypole::Plugin::AutoUntaint;
2
3	1			1		23811	use UNIVERSAL::require;
	1					1812
	1					13
4
5	1			1		34	use warnings;
	1					3
	1					27
6	1			1		6	use strict;
	1					7
	1					31
7
8	1			1		1110	use NEXT;
	1					6047
	1					15
9
10							Class::DBI::Plugin::AutoUntaint->require;
11
12							=head1 NAME
13
14							Maypole::Plugin::AutoUntaint - CDBI::AutoUntaint for Maypole
15
16							=cut
17
18							our $VERSION = 0.07;
19
20							=head1 SYNOPSIS
21
22							package BeerDB;
23							use Maypole::Application qw( AutoUntaint );
24
25							# instead of this
26							#BeerDB::Brewery->untaint_columns( printable => [qw/name notes url/] );
27							#BeerDB::Style-> untaint_columns( printable => [qw/name notes/] );
28							#BeerDB::Pub-> untaint_columns( printable => {qw/name notes url/] );
29							#BeerDB::Beer-> untaint_columns( printable => [qw/abv name price notes/],
30							# integer => [qw/style brewery score/],
31							# date => [ qw/date/],
32							# );
33
34							# say this
35							BeerDB->auto_untaint;
36
37							=over 4
38
39							=item setup
40
41							Installs the C method into the model
42							class.
43
44							=cut
45
46							sub setup
47							{
48	0			0	1		my $r = shift;
49
50							# ensure Maypole::setup() is called, which will load the model class
51	0						$r->NEXT::DISTINCT::setup( @_ );
52
53							# insert CDBI::Plugin::AutoUntaint and CDBI::Plugin::Type into the model class
54	0		0				my $model = $r->config->model \|\|
55							die "Please configure a model in $r before calling auto_untaint()";
56
57	1			1		171	no strict 'refs';
	1					3
	1					400
58	0						*{"$model\::auto_untaint"} = \&Class::DBI::Plugin::AutoUntaint::auto_untaint;
	0
59
60	0						eval "package $model; use Class::DBI::Plugin::Type";
61
62	0	0					die $@ if $@;
63							}
64
65							=item auto_untaint( %args )
66
67							Takes the same arguments as C, but
68							C and C must be further keyed by table:
69
70							=over 4
71
72							=item untaint_columns
73
74							untaint_columns => { $table => { printable => [ qw( name title ) ],
75							date => [ qw( birthday ) ],
76							},
77							...,
78							},
79
80							=item skip_columns
81
82							skip_columns => { $table => [ qw( secret_stuff internal_data ) ],
83							...,
84							},
85
86							Accepts two additional arguments. C is the same as the
87							C argument, but only applies to specific tables:
88
89							=item match_cols_by_table
90
91							match_cols_by_table => { $table => { qr(^(first\|last)_name$) => 'printable',
92							qr(^.+_event$) => 'date',
93							qr(^count_.+$) => 'integer',
94							},
95							...,
96							},
97
98							Column regexes here take precedence over any in that are the same.
99
100							=item untaint_tables
101
102							Specifies the tables to untaint as an arrayref. Defaults to C<<$r->config->{display_tables}>>.
103
104							=back
105
106							=item debug
107
108							The debug level of the Maypole application is passed on to L. If set to 1, this
109							notes (via C) each table processed.
110
111							If the debug level is set to 2, it will report the untaint type used for each column.
112
113							If debug mode is turned off, this module switches on L's 'strict' mode.
114
115							=cut
116
117							sub auto_untaint {
118	0			0	1		my ( $r, %args ) = @_;
119
120	0		0				my $untaint_tables = $args{untaint_tables} \|\| $r->config->{display_tables};
121
122	0						foreach my $table ( @$untaint_tables )
123							{
124	0						my %targs = map { $_ => $args{ $_ } } qw( untaint_types match_types );
	0
125
126	0						$targs{untaint_columns} = $args{untaint_columns}->{ $table };
127	0						$targs{skip_columns} = $args{skip_columns}->{ $table };
128
129	0						$targs{match_columns} = $args{match_columns};
130
131	0	0					if ( my $more_match_cols = $args{match_columns_by_table}->{ $table } )
132							{
133							$targs{match_columns}->{ $_ } = $more_match_cols->{ $_ }
134	0						for keys %$more_match_cols;
135							}
136
137	0						$targs{debug} = $r->debug;
138
139	0	0					$targs{strict} = 1 unless $r->debug;
140
141	0						my $class = $r->config->loader->find_class( $table );
142
143	0	0					die "no class exists for table '$table'" unless $class;
144
145	0						$class->auto_untaint( %targs );
146							}
147							}
148
149							=back
150
151							=head1 TODO
152
153							Tests!
154
155							=head1 SEE ALSO
156
157							This module wraps L,
158							which describes the arguments in more detail.
159
160							L.
161
162							=head1 AUTHOR
163
164							David Baird, C<< >>
165
166							=head1 BUGS
167
168							Please report any bugs or feature requests to
169							C, or through the web interface at
170							L.
171							I will be notified, and then you'll automatically be notified of progress on
172							your bug as I make changes.
173
174							=head1 COPYRIGHT & LICENSE
175
176							Copyright 2005 David Baird, All Rights Reserved.
177
178							=cut
179
180							1; # End of Maypole::Plugin::AutoUntaint