On Tue, Jan 18, 2005 at 12:56:22PM +0000, Dave Howorth wrote:
> There was a new version of CGI::Untaint released after Christmas (apparently four versions on the same day),
6 versions actually, one of which never made it to CPAN. :)
I spent a day going through all the outstanding RT tickets on it, and as
I fixed each I made a release.
> so we are talking about different code that behave very differently
> in the area we are discussing.
I don't believe they do behave very differently here.
> It doesn't matter to me when it's caught! What matters is the end result
> and in both old and new versions the two cases are not distinguished. I
> think it would be sensible if programming errors like the uninstalled
> module caused CGI::Untaint to die, whilst validation failures caused it
> to return an error message. But they both used to make it die and they
> both now make it return an error message.
There's really 4 cases that Untaint handles:
require fails: "Can't find extraction handler for $name"
no such field: "No parameter for '$field'"
doesn't untaint: "$field ($raw) does not untaint with default pattern"
doesn't validate: "$field ($raw) does not pass the is_valid() check"
It's plausible that the first should die. The other 3 shouldn't, and
I don't believe that they ever did. They certainly weren't meant to,
my reading of the code doesn't make it look like they did, the tests
look like they would have failed if they did, and none of my code that
uses them expected them to ever die in this way.
> Well programs don't contradict the behaviour of non-existent docs either
> :) It's not the main point of docs to be not contradicted.
My point is that the docs aren't wrong, and the code doesn't contradict
the docs. There is an undocumented feature which allows you to change
the error message for the 4th case above but this doesn't introduce any
inconsistencies.
> In particular, when the behaviour of the code changes it's generally
> helpful for the docs to change at the same time to describe the features.
The behaviour of the code wasn't meant to change, other than to fix a few
bugs. With regards to any of this there was really no new documentation
required.
Tony
_______________________________________________
maypole mailing list
maypole at lists.netthink.co.uk
http://lists.netthink.co.uk/listinfo/maypole
This archive was generated by hypermail 2.1.3 : Thu Feb 24 2005 - 22:25:57 GMT