[cgiapp] CGI::Application status update from the maintainer
Bill Stephenson
bills at ezinvoice.com
Sat Sep 15 16:17:01 EDT 2012
On Sep 15, 2012, at 10:41 AM, Mark Stosberg wrote:
> I stated to look at the code, but I didn't get very far until I ran into
> this notice:
>
> # Do not read, copy, distribute, execute, run, or use
> # this code without express written permission from
> # William H. Stephenson.
>
> At that point, I was compelled to immediately close the file and stop
> reading.
I apologize, that's in a template I set up years ago in BBEdit, I'll remove it. I'll point out that since I put the link to the code there and invite you to use it, that is permission, still, I'll remove it as it really was an oversight. (Actually, it's a joke. It invokes a chuckle in me because it is so ridicules knowing I'm the only one that ever reads and executes my code and most wouldn't want it anyway and I wouldn't lose anything if they took it. You must have thought that too, didn't it make you chuckle just a little bit?)
> I see. I hope that $note_path and $notepad_number are handled
> appropriately, so that a user can't end up overwritting unintended file
> son our file system.
They are hard coded in a set-up file.
> Using a representation of an HTTP response as a data storage and
> retrieval system makes me shudder.
"Shudder"? ( :D )
Why?
How do you actually avoid that?
I understand that in a publicly shared space you have to filter that input, so that's what you do, as best as you can. But do other modules process that same input differently somehow? Does CGI.pm handle it poorly and in a manner that cannot be addressed? You have to use that same data no matter what, so what makes you shudder?
> HTML::Template has a feature called 'associate' which makes this kind of
> pass-through easier:
Well now, that's just magic!
Thanks for pointing that out, I'll give it a spin this evening.
And thanks again for listening. I know you're busy...
Bill
More information about the cgiapp
mailing list