bigpresh / catalyst-plugin-html-scrubber Goto Github PK

Couple of issues caused by the recent introduction of recursive scrubbing of encoded PUT/POST bodies - PR #3 :

• Undefined values in POST/PUT JSON bodies get turned into empty strings.

Need to stop this, e.g.

                $data->{$key} = $c->_scrubber->scrub($data->{$key})
                        if defined $data->{$key};

etc.

• Recent changes to scrub data from $c->req->data if using Catalyst::Controller::REST break file uploads - causing e.g.:

[Tue Sep 19 13:56:47 2023] [error] Caught exception in engine "multipart/form-data does not have an available data handler. Valid data_handlers are application/json, application/x-www-form-urlencoded." <at /usr/local/lib/perl5/Catalyst.pm line 2420>

This will be a fun one - need to know whether it's safe to call $c->req->data before doing so - presumably look at $c->req->content_type and see if there is an available handler that can process that - need a clean way to determine that.

• Stringification of numbers - scrubbing a number changes it:

$ $bar = 5;
5
$ Dump($bar);
SV = IV(0x55b98ab228c8) at 0x55b98ab228d8
  REFCNT = 2
  FLAGS = (IOK,pIOK)
  IV = 5

$ $bar = $s->scrub($bar);
5
$ Dump($bar);
SV = PVIV(0x55b98ab15130) at 0x55b98ab228d8
  REFCNT = 2
  FLAGS = (POK,pPOK)
  IV = 5
  PV = 0x55b98a152800 "5"\0
  CUR = 1
  LEN = 10