Menu
▾
▴
[Nms-cgi-devel] Further Updates to countdown.pl
|
From: ryan.311 <rya...@os...> - 2001-11-14 01:05:20
|
Hey guys, sorry I haven't been responding in a while; I've been busy.
Anyways, here are some thoughts:
>You also changed the shebang line to #!perl -wT. We need to agree on a
>standard for shebang lines, but it'll probably be #!/usr/bin/perl -wT
Well, I was under NT when I was running it... I changed it when I uploaded
it this time. Apologies!
>I don't agree with having use CGI::Carpi qw(fatalsToBrowser) in production
>code. It gives too much information to anyone trying to crack the site. The
>standard CGI error message is vague for a good reason. The full error
>messsage is written to the server error log where the webmaster can read
>it. By all means add it to the code - but comment it out in released
>versions.
I thought Jonathan's idea of using CGI::Carp's set_message function was an
excellent idea.
However, the code snippet he provided didn't work ;) I changed it to this:
BEGIN{set_message(sub{print"[Error]"})if!$DEBUGGING;}
That will output "[Error]" whenever there is an error in the script when
$DEBUGGING is set to 0.
However, if there is an error earlier in the BEGIN statement, CGI::Carp
will output errors regardless
of what $DEBUGGING is set to.
In addition, I added all of the "config" variables to global variable
declarations and placed them
inside the begin. $DEBUGGING needed to be a pre-declared value in order
for set_message
to work correctly; and I figured that all of the "config" variables should
be placed together to
prevent confusion.
>Maybe we should have used the query_string functixpno from CGI.pm as that
>probably does the URL unencoding.
Hmmm... I couldn't find that function in the pod.
Are you talking about unescape() in CGI::Util?
Good idea, I'll put that in.
>Otherwise, we _can't_ change the format of the parameters as this script is
>supposed to work exactly the same way as Matt's. Users are supposed to be
>able to copy our version on top and Matt's and it'll work straight off. If
>you change the format, then that's not going to happen. I agree that your
>format makes far more sense, but because of the rules of nms, we're stuck
>with Matt's format.
Ugh... Fine. I added support for both ways, however:
my @query_string = split(/,/, length param("date") > 0 ? param("date") :
unescape($ENV{QUERY_STRING}));
@from_date = @query_string if(@query_string == 6);
This will let you use either countdown.pl?2002,9,7,0,0,0 or
countdown.pl?date=2002,9,7,0,0,0.
>> 4. I removed the start_html and end_html, big bold headers, etc. A script
>> like this will most likely be used via SSI, so it makes sense
>> to only output what is needed. Let the designer decide the output format :)
>
>Another good idea, but again we're stuck with Matt's definition of the
>output. What would be good would be to have a simple template stored in the
>__DATA__ filehandle. The default would need to be Matt's version, but it
>would be easy to edit to something else.
I don't thing it really matters whether the start_html, etc. are not
included; however, it does make a difference
if they are. If the script is used as stand-alone, the page will still
display despite lack of head information; however,
html head information in the middle of the document is NOT a good idea. If
the end user wants big boldness, then
they can wrap the SSI in <h1> tags. Lets not make the same mistake Matt
did. :)
Also, some extra notes:
First of all, the version of CGI::Carp that we need is 1.09, according to
its pod. However, I am not sure what version first became start of the
standard distribution.
Secondly, I am not sure how to upload on sourceforge. For the time being,
I re-uploaded to jcwren's server (http://jryan.perlmonk.org/nms/countdown.txt).
Thirdly, I have two midterms coming up over the next two days, so my time
for NMS will be limited until my midterms are over. I should be able to
thoroughly look over another script during that time, however, so
suggestions for the next script to pick apart are welcome.
Forthly (to Dave): My last name is Ryan, not my first. Call me Joe please :)
|
