Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Hanging my head in shame

by Ovid (Cardinal)
on Nov 30, 2000 at 10:56 UTC ( #44090=perlmeditation: print w/ replies, xml ) Need Help??

Want a good laugh? Check out the perl script on the bottom of one of ovid.com's Web pages. (no relation, I swear!). To spare you the full agony of this piece of dreck, I will just show you their CGI parsing routine.
while ( $line = <STDIN> ) { print OUT $line; chop $line; ( $name, $value ) = split(/=/,$line,2); if ( $name eq "userid" ) { $userid = $value; next; } if ( $name eq "password" ) { $password = $value; next; } if ( $name eq "originAddress" ) { $originIPAddress = $value; next; } if ( $name eq "originPort" ) { $originPort = $value; next; } if ( $name eq "targetAddress" ) { $targetAddress = $value; next; } if ( $name eq "targetPort" ) { $targetPort = $value; next; } # ignore unrecognized things -- don't break on future capabilities }
Gack!! Add to that no strict, no warnings, no taint checking, no testing to verify that file opens were successful. And later in the script, they print to STDOUT. Um, that's the default, boys. And they to call themselves "Ovid".

I'm so embarrassed :)

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

Comment on Hanging my head in shame
Download Code
Re: Hanging my head in shame
by extremely (Priest) on Nov 30, 2000 at 11:02 UTC
    This is my favorite line:
    # ignore unrecognized things -- don't break on future capabilities
    Why break on future capabilities, you're borked now! =)

    No, wait! # CONFIDENTIAL is good too.

    --
    $you = new YOU;
    honk() if $you->love(perl)

      OH THE INCOMPETENCE!!! They are even worse than me. Oh yeah, don't tell anyone what I just said...it's Top Secret.

      IDENTIFICATION DIVISION.
      PROGRAM-ID.  redmist.
      AUTHOR.  God (Larry Wall/Alan Cox hybrid).
      CONTACT.  redmist@users.sourceforge.net
      
Re: Hanging my head in shame
by decnartne (Beadle) on Nov 30, 2000 at 19:32 UTC
    For the sake of a new monk ( and perhaps others ), would you mind elaborating? I fully understand your aversion to no strict/-T/-w.

    From my own observation, the indentation style is an eyesore, but other than that and the # ignore statement, what are they doing wrong? I don't do much w/ CGI, are they missing the boat with the whole approach?

    decnartne ~ entranced

      1. There are already modules out there that do all of that sort of processing (namely CGI), so all of that code is unnecessary.

      2. Even if they wanted to re-invent that parsing stuff, they could have reduced their code to, like 10% by just pumping the name=value items into a hash instead of global variables.

      With any CGI script, you almost always want to be sure your script works with taint-checking enabled. This prevents people from possibly passing specially crafted, unsafe arguments to your scripts where you don't expect it, with the intent of getting those strings injected into various system commands. Taint checking does a fairly good job identifying areas where this can happen. And the use of strict/warnings means that it's infinitely easier to track down bugs or problems with the code. A large script developed without strict or warnings probably has a few undiscovered/untickled bugs that would have been identified by now.

        after posting, i thought perhaps that your #1 might be the case. thanks for the clarification.

        decnartne ~ entranced

      From my own observation, the indentation style is an eyesore...
      Just thought I would mention this in passing: lack of indentation is more than an eyesore. It's indicative of sloppy code. While indentation is not required to get a program to run (see Obfuscation), it's a great way to view the logical structure of your code. The only reason I took the time to understand the code on the site I listed is because it was not indented. It's been my experience that code that is not indented is likely to be more buggy than normal.

      Quite often, indentation can let you see at a glance large sections of code that are not applicable to what you are working on (if/elsif/else structures being great examples). Without indentation, keeping track of those sections becomes a pain and slows down your work, raises your company's costs, and, as you mentioned, is an eyesore :)

      Cheers,
      Ovid

      Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

Re: Hanging my head in shame
by mrmick (Curate) on Nov 30, 2000 at 19:58 UTC
    Truly surprising to me (yes I'm a little naive is some ways) is that this is a company's website (Ovid Technologies).

    Don't worry Ovid.... those of us who have seen your code examples posted here would know right away that this is NOT you. :-)

    Mick

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlmeditation [id://44090]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (7)
As of 2014-08-01 10:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Who would be the most fun to work for?















    Results (2 votes), past polls