[Maypole] 2.07 PR
Dave Howorth
dhoworth@mrc-lmb.cam.ac.uk
Tue, 18 Jan 2005 11:30:50 +0000
Tony Bowden wrote:
> On Tue, Jan 18, 2005 at 09:45:52AM +0000, Dave Howorth wrote:
>
>>Well yesterday I wrote a handler for DateTime (actually
>>DateTime::Format::ISO8601). When you pass it an invalid date DT says
>>things like:
>> The 'month' parameter ("21") to DateTime::new did not pass the
>> 'is between 1 and 12' callback
>>which I think would be more helpful to the user than CGI::Untaint's:
>> time_of_record (1999-21-22) does not pass the is_valid() check
>
> In your is_valid() method for the handler, just die with that error. The
> "does not pass the is_valid()" message is just the default message if
> you return false from is_valid. If you throw an exception it will DTRT.
I have two problems with that:
(1) How does CGI::Untaint distinguish between a validation failure and a
programming error (such as an uninstalled module)? The first should go
to the browser, the other to the Apache log. The second is definitely an
exception, but one could consume many pints deciding whether the first
ought to be.
(2) (largely a Maypole problem) By default, Maypole doesn't show those
errors (which was why I didn't spot it earlier :) but even when you
change the template so it does, it doesn't associate fatal errors with
the field that caused them. CGI::Untaint is using a different method to
report handler error messages and its own default error messages.
It's also not how it's supposed to work, according to the docs. is_valid
is supposed to return a false value if validation fails, and
CGI::Untaint's error method is supposed to return the message:
"my $error = $handler->error;
If the validation failed, this will return the reason why."
Cheers, Dave