Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re^3: Stop Using Perl

by Anonymous Monk
on Jan 05, 2015 at 11:23 UTC ( [id://1112171]=note: print w/replies, xml ) Need Help??


in reply to Re^2: Stop Using Perl
in thread Stop Using Perl

Here is a bug report for you, common pitfall

$ perl -MCGI=escapeHTML -le " print escapeHTML(qw/ < < < / ) " &lt;

Also, why not warn about html shortcuts getting used?

Also, another pitfall you might be able to warn about in some cases, mixing exported param() with CGI->new ?

Also, why not warn about header_printed ? (you already printed headers, second time doesn't count)

And big one, warn about anyone using using ReadParse/->Vars

:)

Replies are listed 'Best First'.
Re^4: Stop Using Perl
by leej (Scribe) on Jan 05, 2015 at 12:26 UTC

    I'm happy to receive bug reports, comments, patches, pull requests (with tests), etc at the github repo page: https://github.com/leejo/CGI.pm/issues. Please don't rant though, there's 20 years of history in this module that pre-dates my maintenance involvement. Turn the rant(s) into something constructive!

      Thanks for your work maintaining CGI.pm! Thumbs up!

      CGI.pm helped building the internet and this design to return a list in list context was perfectly OK back then. One can't predict all edge cases and get a project running.

      And after features are released you're bound to backwards compatibility.

      It's unfortunate that => wasn't designed as a scalar operator in Perl.

      And it's also not CGI's fault that methods like DBI->quote can't propagate signatures.

      As I said not all edge cases are predictable.

      Cheers Rolf

      (addicted to the Perl Programming Language and ☆☆☆☆ :)

      something constructive!

      Didn't I just try to do that?

        Didn't I just try to do that?

        Well... it's more constructive if you raise issues against the git repo on github (if you're really concerned about the issues). I only discovered this thread because i occasionally google "perl CGI" and limit to recent hits. I could have easily missed it.

Re^4: Stop Using Perl
by marto (Cardinal) on Jan 05, 2015 at 11:33 UTC

      Would it be better to raise issues/provide patches against the github repository (https://github.com/leejo/CGI.pm)? Thanks.

      Um, don't know, I was kinda ranting ... when the maintainer showed up, so ... ok, maintainer has a point ... if maintainer wants to improve CGI.pm that way, some ideas for maintainer .... ideas probably old news

        I understand, however there are contributors who do not use this site who may have further insight to add to your feedback so far. Just a thought.

Re^4: Stop Using Perl
by marjetika (Initiate) on Jul 28, 2015 at 14:57 UTC
    quote: And big one, warn about anyone using using ReadParse/->Vars

    What is the problem with readParse?

    I've been searching for "readParse vulnerability" all over the internet, and didn't find anything.

        Thank you for your response. I am asking because I have several millions lines of legacy perl code in cgi-bin, and I have to make sure there are no vulnerabilities.

        The code seems to do what it's supposed to, so functionality is not an issue.

        I need to know if there are any security concerns about readParse, because that would mean I need to locate all the occurences of readParse and replace them with something more secure.

        If readParse statements do not create vulnerabilities in the code, then I can leave them alone.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1112171]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others sharing their wisdom with the Monastery: (5)
As of 2024-09-13 18:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    The PerlMonks site front end has:





    Results (21 votes). Check out past polls.

    Notices?
    erzuuli‥ 🛈The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.