NAME
Paranoid::Input - Paranoid input function
MODULE VERSION
$Id: Input.pm,v 0.10 2008/02/27 06:48:51 acorliss Exp $
SYNOPSIS
use Paranoid::Input;
FSZLIMIT = 64 * 1024;
$rv = slurp($filename, \@lines);
addTaintRegex("telephone", qr/\(\d{3}\)\s+\d{3}-\d{4}/);
$rv = detaint($userInput, "login", \$val);
REQUIREMENTS
Fcntl Paranoid Paranoid::Debug
DESCRIPTION
The modules provide safer routines to use for input activities such as reading files and detainting user input.
addTaintRegex is only exported if this module is used with the :all target.
VARIABLES
FSZLIMIT
Setting this variable defines how large a block your reads will be in bytes. By default it is set to 16KB.
FUNCTIONS
slurp
$rv = slurp($filename, \@lines);
This function allows you to read a file in its entirety into memory, the lines of which are placed into the passed array reference. This function will only read files up to FSZLIMIT in size. Flocking is used (with LOCK_SH) and the read is a blocking read.
An optional third argument sets a boolean flag which, if true, determines if all lines are automatically chomped. If chomping is enabled this will strip both UNIX and DOS line separators.
The return value is fales if the read was unsuccessful or the file's size exceeded FSZLIMIT. In the latter case the array reference will still be populated with what was read. The reason for the failure can be retrieved from Paranoid::ERROR.
addTaintRegex
addTaintRegex("telephone", qr/\(\d{3}\)\s+\d{3}-\d{4}/);
This adds a regular expression which can used by name to detaint user input via the detaint function. This will allow you to overwrite the internally provided regexes or as well as your own.
detaint
$rv = detaint($userInput, "login", \$val);
This function populates the passed reference with the detainted input from the first argument. The second argument specifies the type of data in the first argument, and is used to validate the input before detainting. The following data types are currently known:
alphabetic ^([a-zA-Z]+)$
alphanumeric ^([a-zA-Z0-9])$
email ^([a-zA-Z][\w\.\-]*\@
(?:[a-zA-Z0-9][a-zA-Z0-9\-]*\.)*
[a-zA-Z0-9]+)$
filename ^[/ \w\-\.:,;]+$
hostname ^(?:[a-zA-Z0-9][a-zA-Z0-9\-]*\.)*
[a-zA-Z0-9]+)$
ipaddr ^(?:\d+\.){3}\d+$
netaddr ^(?:\d+\.){3}\d+(?:/(?:\d+|
(?:\d+\.){3}\d+))?$
login ^([a-zA-Z][\w\.\-]*)$
nometa ^([^\`\$\!\@]+)$
number ^([+\-]?[0-9]+(?:\.[0-9]+)?)$
If the first argument fails to match against these regular expressions the function will return 0. This means that zero-length strings or undef values can not be passed to this function without raising an error. In fact, the calling code must validate at least that much before calling this function if you want to avoid the program croaking.
stringMatch
$rv = stringMatch($input, @strings);
This function does a multiline case insensitive regex match against the input for every string passed for matching. This does safe quoted matches (\Q$string\E) for all the strings, unless the string is a perl Regexp (defined with qr//) or begins and ends with /.
HISTORY
None.
AUTHOR/COPYRIGHT
(c) 2005 Arthur Corliss (corliss@digitalmages.com)