Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re: The most powerful CMS developed in Perl (not spam, sounds that way) (without functions)

by Anonymous Monk
on Feb 04, 2013 at 09:01 UTC ( #1016913=note: print w/ replies, xml ) Need Help??


in reply to The most powerful CMS developed in Perl (not spam, sounds that way)

I LOVE feedback, it makes my day to read comments and suggestions, so if you try it out please let me know what you think.

Throw it away and start over :/

For example forums_section_threads.function and index.pl show everything that is wrong with your code :)

You forgot the ballad of bobby-tables.com: A guide to preventing SQL injection

You're rolling your own CGI.pm, use CGI or die;

You don't have enough functions  ## load parent settings if avail should be a function,  ## load pre plugins should be a function ... everything you repeat should be a function, ... skimmable code is the idea

Also  no strict "refs"; and .function? see Simple Module Tutorial, Module::Pluggable, AutoLoader/AutoSplit...

Speaking of red flags, see
Mark Jason Dominus - Perl Program Repair Shop and Red Flags - YouTube,
Program Repair Shop and Red Flags - Perl.com,
Return of Program Repair Shop and Red Flags - Perl.com
http://perl.plover.com/flagbook/yak/Chi/TABLE_OF_CONTENTS.html


Comment on Re: The most powerful CMS developed in Perl (not spam, sounds that way) (without functions)
Select or Download Code
Re^2: The most powerful CMS developed in Perl (not spam, sounds that way) (without functions)
by snoopy20 (Novice) on Feb 04, 2013 at 10:45 UTC
    I think you need to look at it properly.

    1. There is no SQL injection, all code is protected. Please supply any example where it is not.

    2. CGI is bloated. The internal method is MUCH faster.

    3. Don't have enough functions - are you kidding!!! Have you counted the amount of functions??? try /igaro/, /igaro/functions/, igaro/functions/plugins etc.

    The reason those particular bits you refer to are not functions is they are not called again by any function. When code is duplicated it becomes a plugin and stuck in /igaro/. You'll see that there are already many.

    4. No strict refs impossible when using &{$..} as far as I'm aware.

    Regards, Andrew

      There is no SQL injection, all code is protected. Please supply any example where it is not.

      I linked the xample. 1) you don't use $dbh->quote, 2) you don't use placeholders 3) you interpolate variables into $dbh->do

      2. CGI is bloated. The internal method is MUCH faster.

      *sigh* So you didn't read use CGI or die, congratulations, this is the last time I give you advice :)

      Don't have enough functions ...

      :|

      4. No strict refs impossible when using &{$..} as far as I'm aware.

      Gee, kinda why I said to use pluggable and real actual modules not .functions

      Have a nice day

        Here goes… 1. $dbh_quote is used all over, but not when it's not required where the variables have been pre-checked by parent modules. This is faster. 2. The denial of service you refer to I presume is the overloading of URI data, to be fair there are much easier ways to create a DOS attack than this. This I think should be left to the web server. Otherwise, you haven't given any credible explanation as to why CGI should be used over the internal method. 4. Not possible without object orientation. Nothing wrong with &{$_} either.
      CGI is bloated. The internal method is MUCH faster.

      Maybe it's faster, but it has at least one denial of service bug and one data loss bug. (I stopped looking after two seconds, so it may have more bugs).

        Not sure what data loss bug you are referring to? Overloading with data will not cause a DOS attack, the web is far too slow for that, and there are no other security issues that will cause a DOS failure that I'm aware off. And not 'Maybe' it's faster - it is faster. ;) Please refer to specific lines of code as your comments are at best spurious. I don't mean to sound offensive, but I am unable to relate to the specific issues you are pointing out. Regards, Andrew
Re^2: The most powerful CMS developed in Perl (not spam, sounds that way) (without functions)
by snoopy20 (Novice) on Feb 04, 2013 at 10:54 UTC
    I forgot to add, the reason Module::Pluggable etc are not used is because igaro is functional not object/module orientated.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1016913]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (17)
As of 2014-07-25 21:17 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (175 votes), past polls