This sounds great. A few minor points, though. (I hope they don't sound too nitpicky)
- Uses tainting when working with server files (-3 for opening file based on tainted form input)
Actually, I would check this based upon the needs of a script. For example, many people use form data to build SQL. It's trivial to munge form data to wipe out a poorly-designed database, so that would also merit a -3. However, if they're just taking data and spitting back to a Web page, that might not be so bad (assuming that it's a one time page and not something that would open up cross-site scripting holes).
- Uses CGI.pm for html
Ignoring the issue of templates, I can see some people making a case for HERE documents. I don't like 'em, but would you going to take points off of some of KM's scripts from his book that use HERE docs? :) I'd take points off if they use multiple prints instead of a HERE doc.
- Uses CGI.pm for form parsing
What about CGI::Lite? If the author has a reasonable alternative, I wouldn't ding them for not using CGI.pm. Of course, I'd probably take a buzz-saw to their code if they hand-roll it since these are invariably broken.
Here's a personal pet peeve: failure to check return value of functions. Not all functions, mind you. When was the last time you saw someone check the return value of print? However, forgetting to check the return value of an open or a flock could be disastrous.
I would also be concerned about how someone opens files. If they don't flock when they should, or if they don't flock correctly and risk a race condition, that would be a concern.
I'll post an update if I think of anything else off of the top of my head.
Cheers,
Ovid
Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|