Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

RFC: Where to patch to enforce maxlength in Mech?

by davidrw (Prior)
on Jan 08, 2008 at 13:50 UTC ( #661086=perlmeditation: print w/ replies, xml ) Need Help??

This is spawned from looking into problem loggin into pm .. It appears that the problem there was that a field value was too long -- the browser respects the http attribute maxlength=8, and so truncates the value before posting. But when trying to submit the form directly w/WWW::Mechanize, it doesn't know to truncate, and sends the full string, and authentication must fail because server compares against the 8-character password.

So i started poking at WWW::Mechanize and HTML::Form to see where logic could be added to truncate values if the input field has a maxlength, and came up w/two potential spots:

(A) In HTML::Form::TextInput::value() (it's defined in HTML/Form.pm), change $self->{value} = shift; to:
my $v = shift; my $n = exists $self->{maxlength} ? $self->{maxlength} : undef; $self->{value} = $n ? substr($v,0,$n) : $v;

(B) In WWW/Mechanize.pm, add logic in the field() and set_fields() methods to do the same thing, where $n = $form->find_input(...)->{maxlength}. Would have to do something to the $form->value($name => $value); calls, too.

While (B) limits it to this specific case, it's a much messier implementation, and breaks encapsulation.

Thoughts/comments?
(A) vs (B)?
Or (C) of neither, and user constructing the post should know the limits/restrictions?
Also, should (probably yes?) either solution be conditional on some option/config setting so as to leave default behavior alone?

Comment on RFC: Where to patch to enforce maxlength in Mech?
Select or Download Code
Re: RFC: Where to patch to enforce maxlength in Mech?
by Fletch (Chancellor) on Jan 08, 2008 at 16:03 UTC

    I'd go for making it optional and/or easily turned off as I could see applications where one would want to be able to misbehave (e.g. penetration testing, sending intentionally malformed/oversized input to check that the receiver is well behaved)

    The cake is a lie.
    The cake is a lie.
    The cake is a lie.

Re: RFC: Where to patch to enforce maxlength in Mech?
by perrin (Chancellor) on Jan 08, 2008 at 16:34 UTC
    It belongs in HTML::Form, where the enforcement of hidden fields is. However, it must be optional. The hacky way of turning off the hidden field behavior of HTML::Form is the most irritating thing about Mechanize.
      I thought about it some more and just went w/a patch that adds a warning. That would help at least identify times when this is quietly causing a problem (like the post that started this) and is a nice easy, straight-forward, non-intrusive patch. Patch: http://rt.cpan.org//Ticket/Display.html?id=32239

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlmeditation [id://661086]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (13)
As of 2015-07-02 09:01 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (32 votes), past polls