CGI checks the input data by using FML::Restriction::CGI class.
The input should be restricted by FML::Restriction class. We should not use param() method provided by perl's CGI class. Instead use safe_param_xxx() method always to get value.
The following use may be allowed
for my $dirty_buf (param()) { ... check ... }but we should not use raw param() call.
param($dirtty_buf)Instead, use safe_param_key().
for my $key (param()) { ... check ... if (key eq $key) { value = safe_param_key() } }
author's homepage is www.fml.org/home/fukachan/.
Also, visit nuinui's world :) at www.nuinui.net.
For questions about FML, e-mail <fml-bugs@fml.org>.