This sounds great. A few minor points, though. (I hope they don't sound too nitpicky)

• Uses tainting when working with server files (-3 for opening file based on tainted form input)

  Actually, I would check this based upon the needs of a script. For example, many people use form data to build SQL. It's trivial to munge form data to wipe out a poorly-designed database, so that would also merit a -3. However, if they're just taking data and spitting back to a Web page, that might not be so bad (assuming that it's a one time page and not something that would open up cross-site scripting holes).

• Uses CGI.pm for html

  Ignoring the issue of templates, I can see some people making a case for HERE documents. I don't like 'em, but would you going to take points off of some of KM's scripts from his book that use HERE docs? :) I'd take points off if they use multiple prints instead of a HERE doc.

• Uses CGI.pm for form parsing

  What about CGI::Lite? If the author has a reasonable alternative, I wouldn't ding them for not using CGI.pm. Of course, I'd probably take a buzz-saw to their code if they hand-roll it since these are invariably broken.

Here's a personal pet peeve: failure to check return value of functions. Not all functions, mind you. When was the last time you saw someone check the return value of print? However, forgetting to check the return value of an open or a flock could be disastrous.

I would also be concerned about how someone opens files. If they don't flock when they should, or if they don't flock correctly and risk a race condition, that would be a concern.

I'll post an update if I think of anything else off of the top of my head.

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.