[Catalyst] Potential query string pollution vulnerability?

[Octavian Rasnita]

From: "Tobias Kremer" <tobias.kremer at gmail.com>
> Hi all,
> 
> I just experienced a nasty case of query string pollution
> vulnerability in one of my Catalyst/DBIC apps. I think that the
> circumstances under which this applies are not _that_ rare, so I
> figured it'd be best to inform the world.
> 
> Imagine the following code in one of your actions:
> 
> sub crashme :Local {
>    my( $self, $c ) = @_;
>    my $result = [ $c->model( 'Foo' )->search( {
>        -or => [
>            name => $c->req->param( 'name' )

Try:

name => $c->req->params->{name}

I think this was the recommended way, exactly for the reason you described.

Octavian