/ 
Solstice-1440
/ Solstice::ValidationParam
Security Advisories (1)
CVE-2026-5085 (2026-04-13)

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The _generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand() function and the process id. The same method is used in the _generateID method in Solstice::Subsession, which is part of the same distribution. The epoch time may be guessed, if it is not leaked in the HTTP Date header. Stringified hash refences will contain predictable content. The built-in rand() function is seeded by 16-bits and is unsuitable for security purposes. The process id comes from a small set of numbers. Predictable session ids could allow an attacker to gain access to systems.

NAME

Solstice::ValidationParam - Interface for validating user input.

SYNOPSIS

# This should be called in a controller object... 
my $param = $self->createRequiredParam('input_name');
my $param = $self->createOptionalParam('input_name');
# An alias for createRequiredParam
my $param = $self->createParam('input_name');

# To add your own constraint:
$param->addConstraint('error_string_key', \&callback);

# There are some built in constraints:
$param->addNumberConstraint('err_key');
$param->addIntegerConstraint('err_key');
$param->addPositiveNumberConstraint('err_key');
$param->addPositiveIntegerConstraint('err_key');
$param->addLengthConstraint('err_key', { max => $max_length, min => $min_length });
$param->addTrimmedLengthConstraint('err_key', { max_length => $max_length, min_length => $min_length });
$param->addBooleanConstraint('err_key');
$param->addRegexConstraint('err_key', qr/.*/);

DESCRIPTION

This is an interface for validation. Tied in pretty tightly with the controllers at this point. TODO - Make it easy to specify a javascript constraint?

Export

No symbols exported.

Methods

new()

Creates a new Solstice::ValidationParam object.

addConstraint('error_key', \&constraint_function_ref);

Adds a constraint to the field.

addRegexConstraint('error_key', qr/regexp/)

Add a matching constraint to the field. The passed $regexp is a string containing a regular expression.

addLengthConstraint('error_key', { max => $max_length, min => $min_length })

Adds a constraint based on the length of the input. Min defaults to 0 if not specified.

addTrimmedLengthConstraint('error_key', { max => $max_length, min => $min_length })

Adds a constraint based on the length of the input, after whitespace has been removed from the beginning and end of the string. Min defaults to 0 if not specified.

addNumberConstraint('error_key')

Adds a constraint requiring that the input be a number.

addIntegerConstraint('error_key')

Adds a constraint requiring that the input be an integer.

addPositiveNumberConstraint('error_key')

Adds a constraint requiring that the input be a positive number.

addPositiveIntegerConstraint('error_key')

Adds a constraint requiring that the input be a positive integer.

addBooleanConstraint('error_key')

Adds a constraint requiring that the input be a boolean.

addURLConstraint('error_key')

Adds a constraint requiring that the input be a url.

addEmailConstraint('error_key')

Adds a constraint requiring that the input be an email address.

getConstraints()

Returns the Solstice::List of constraints.

setRequired()

Marks this field as required. Cancels any calls to setOptional.

setOptional()

Marks this field as optional. Cancels any calls to setRequired.

isRequired()

Returns the requiredness of this param.

_setField($fname)

Sets the field we're validating.

getFieldName()

Returns the name of the field we're validating.

NAME

Solstice::ValidationParam::Constraints - A set of methods to return validation routines for Solstice::ValidationParam.

constrainRegex($reg_exp)
constrainLength($max, $min, $trim_whitespace)

This method returns a reference to a subroutine which checks the length of the string $param. Multi-byte characters will be counted as a single character.

constrainBoolean()

This method returns a reference to a subroutine which verifies that the string $param is a boolean.

constrainNumber()

This method returns a reference to a subroutine which verifies that the string $param is numeric.

constrainInteger()

This method returns a reference to a subroutine which verifies that the string $param is an integer.

constrainPositiveInteger()

This method returns a reference to a subroutine which verifies that the string $param is a positive, non-zero integer.

constrainPositiveNumber()

This method returns a reference to a subroutine which verifies that the string $param is a positive, non-zero rational number.

constrainNonnegativeInteger()

This method returns a reference to a subroutine which verifies that the string $param is a non-negative integer.

constrainURL()

Returns a reference to a subroutine which verifies that the string $param is a valid url.

constrainEmail()

Returns a reference to a subroutine which verifies that the string $param is a well-formed email address.

Modules Used

Solstice::List.

AUTHOR

Catalyst Group, <catalyst@u.washington.edu>

VERSION

Version $Revision: 3036 $

COPYRIGHT

Copyright 1998-2007 Office of Learning Technologies, University of Washington

Licensed under the Educational Community License, Version 1.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: http://www.opensource.org/licenses/ecl1.php

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.