Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re^3: Stop Using Perl

by Anonymous Monk
on Jan 05, 2015 at 11:00 UTC ( [id://1112168]=note: print w/replies, xml ) Need Help??


in reply to Re^2: Stop Using Perl
in thread Stop Using Perl

You say ... that it's amazing

I'm fairly certain that what the other anon meant is "<sarcasm>amazing</sarcasm>", in which case he/she isn't contradicting him/herself.

The fix highlighted in your post only breaks back compatibility for those with fatal warnings enabled

No, at least not as of 4.13; the warning is unconditional and not fatal:

$ perl -MCGI -sE 'say $CGI::VERSION'
4.13
$ perl -MCGI -E 'no warnings; my $x=CGI->new; $,=", ";
  say $x->param("x"); say "didnt die"' -- x=foo x=bar
CGI::param called in list context from package main line 1, this can l
+ead to vulnerabilities. See the warning in "Fetching the value or val
+ues of a single named parameter" at /opt/perl5.20/lib/site_perl/5.20.
+0/CGI.pm line 437.
foo, bar
didnt die
$ perl -MCGI -E 'use warnings; my $x=CGI->new; $,=", ";
  say $x->param("x"); say "didnt die"' -- x=foo x=bar
CGI::param called in list context from package main line 1, ...
foo, bar
didnt die
$ perl -MCGI -E 'use warnings FATAL=>"all"; my $x=CGI->new;
  $,=", "; say $x->param("x"); say "didnt die"' -- x=foo x=bar
CGI::param called in list context from package main line 1, ...
foo, bar
didnt die

[download]

Assuming you're the current maintainer: if you want warnings that the user of CGI can enable, disable and make fatal themselves, you should be using warnings::warnif() with warnings::register instead of warn.

BTW, 4.13 is showing up on search.cpan.org as an unauthorized release.

Replies are listed 'Best First'.
Re^4: Stop Using Perl
by leej (Scribe) on Jan 05, 2015 at 12:07 UTC

    I don't see the sarcasm in the original post, but fair point.

    Yes, i still haven't received permissions updates for the Fh back compat module (which used to be embedded in CGI) and MultipartBuffer embedded package within CGI so the release shows as unauthorized (and yes, i've contacted the necessary people, just not chased yet).

    Warnings not being fatal is my error, i'd seen this as an issue in twiki so i guess they had something else making the warnings a problem; i'll leave this as is since it will retain the back compatibility behaviour, and will look at warnings::register, thanks!

[reply]
Re^4: Stop Using Perl
by LanX (Saint) on Jan 05, 2015 at 22:31 UTC
    Actually your test reveals how during this talk the highscore in bullshit bingo was finally broken.

    At the question section Rubin - after being asked how the Perl maintainers reacted - said something along the line

    "oh they activated something called Warnings ...after you attacked the system you get a warning that you just attacked the system" and rolled his eyes.

    Truth is whoever writes an application ever using param() in list context gets warnings, from the first moment the code is executed.

    No matter if there were any multi values in the request or anyone tried to break in.

    Whoever upgrades gets a warning after his first test run.

    That's pretty strict.

    Cheers Rolf

    (addicted to the Perl Programming Language and ☆☆☆☆ :)

[reply]

In Section Perl News

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1112168]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (7)
As of 2024-04-24 10:57 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found