hateful hates software: CGI.pm

• From: Aaron Crane
  Date: 13:11 on 27 Jun 2006
  Subject: CGI.pm
  
  OK, now I know that CGI.pm's HTML-generating functions are considered mor=
  e
  than somewhat d=E9class=E9, but I have to maintain an application that ma=
  kes
  liberal use of them.  One of the most persistent sources of niggly and
  unpleasant bugs in this application is caused by CGI.pm's insanely hatefu=
  l
  and broken behaviour.
  
  Allow me to explain.  Here's how you generate a hidden field with CGI.pm:
  
    print hidden('field_name', $field_value);
  
  This has the benefit of being simple, comprehensible, and elegant.  Sadly=
  ,
  it also has the disadvantage of being wrong.
  
  How's that?  Well, suppose we're processing the result of submitting the
  form that contains this hidden field, and the $field_value you've just
  calculated isn't the same as the one that got submitted.  In such a case,
  CGI.pm thinks that the best thing to do is to COMPLETELY FUCKING IGNORE w=
  hat
  you told it, and instead SCRIBBLE OVER YOUR DATA with whatever random cra=
  p
  it received from the form submission.  (I'm not going to labour the point
  about inappropriately trusting data received from the internet, but pleas=
  e
  do be aware of it.)
  
  Of course, you can fix this.  Here's how to code defensively against this
  retarded API:
  
    print hidden(
        -name     =3D> 'field_name',
        -default  =3D> $field_value,
        -override =3D> 1,
    );
  
  (Just for good measure, note how this simple thing now takes up five time=
  s
  as much vertical space on my screen to fit into 80 columns, and that scre=
  en
  space is a non-renewable resource.)
  
  This API is just astoundingly fuckwitted.  I can't conceive of any situat=
  ion
  in which it would be desirable behaviour, and it has caused huge numbers =
  of
  bugs in the software I maintain.  And that's in spite of the fact that I
  know about this brokenness -- it's so stupid that it's apparently impossi=
  ble
  to remember to use the ridiculous workaround.
  
  Hate.
  
  --=20
  Aaron Crane
  
  

• From: Nik Clayton
  Date: 14:03 on 27 Jun 2006
  Subject: Re: CGI.pm
  
  OK, I know it doesn't lessen the hate, but
  
  Aaron Crane wrote:
  >   print hidden('field_name', $field_value);
  [...]
  >   print hidden(
  >       -name     => 'field_name',
  >       -default  => $field_value,
  >       -override => 1,
  >   );
  [...]
  > This API is just astoundingly fuckwitted.  I can't conceive of any situation
  > in which it would be desirable behaviour, and it has caused huge numbers of
  > bugs in the software I maintain.  And that's in spite of the fact that I
  > know about this brokenness -- it's so stupid that it's apparently impossible
  > to remember to use the ridiculous workaround.
  
     sub hidden {
         return CGI::hidden(-name     => $_[0],
                            -default  => $_[1],
                            -override => 1,
         );
     }
  
  ?
  
  N
  
  

• From: Hakim Cassimally
  Date: 14:15 on 27 Jun 2006
  Subject: Re: CGI.pm
  
  On 27/06/06, Aaron Crane <hateful@xxxxxxxxxx.xx.xx> wrote:
  > OK, now I know that CGI.pm's HTML-generating functions are considered mor=
  e
  > than somewhat d=E9class=E9,
  
  The mere existence of these methods is hateful.  Why?  Because they
  are documented - now documentation is good of course, but when you
  grep through CGI's docs to find out details of, for example, how to
  use the `upload` method, you have to first step through lots of
  details on creating an upload field that you are never going to use.
  Hate.
  
  osfameron
  
  

• From: A. Pagaltzis
  Date: 19:47 on 27 Jun 2006
  Subject: Re: CGI.pm
  
  * Aaron Crane <hateful@xxxxxxxxxx.xx.xx> [2006-06-27 14:15]:
  > I can't conceive of any situation in which it would be
  > desirable behaviour,
  
  It's useful if you want to redisplay an improperly filled out
  form to the user. In that case the values you provide would be
  merely defaults and CGI.pm would take care of stickiness for you.
  
  I've actually found it useful on about two occasions.
  
  The fact that there's no way to globally turn off this behaviour
  is absolutely hateful, however. At first I relied on calling
  CGI.pm's routines from my TT2 templates to generate my form
  elements, because that's much nicer than typing out the entire
  form element HTML every time, particularly for the complex ones
  like select boxes.
  
  Well, it *would* be much nicer -- if the stickiness was easy to
  turn off. HATE.
  
  It would also help if TT2 was at all useful at manipulating data
  structures, because CGI.pm's routines sometimes have somewhat
  peculiar preferences. Alas, data structure manipulation in TT2 is
  about as powerful as in the Bourne shell. Crippled template mini
  languages: a hate for another day.
  
  Aaaaargh.
  
  Regards,
  
  

• From: peter (Peter da Silva)
  Date: 20:02 on 27 Jun 2006
  Subject: Re: CGI.pm
  
  My Tcl form generator has the same "bug"!
  
  >   print hidden('field_name', $field_value);
  
  	puts [hidden "field_name" $field_value]
  
  Which is equivalent to:
  
  	puts [tag input type hidden name "field_name" value "$field_value"]
  
  Which produces:
  
  	<input type=hidden name='field_name' value='$field_value'>
  
  >   print hidden(
  >       -name     => 'field_name',
  >       -default  => $field_value,
  >       -override => 1,
  >   );
  
  Well, hmmm...
  
  	puts [hidden "field_name" $field_value override 1]
  ==>	<input type=hidden name="field_name" value="$field_value" override=1>
  
  Can you write the Perl similarly?
  
  	print hidden('field_name', "$field_value", -override => 1);
  
  Or is this really Perl hate?
  
  
  

• From: A. Pagaltzis
  Date: 20:16 on 27 Jun 2006
  Subject: Re: CGI.pm
  
  * Peter da Silva <peter@xxxxxxx.xxx> [2006-06-27 21:05]:
  > Well, hmmm...
  > 
  >   puts [hidden "field_name" $field_value override 1]
  > ==>   <input type=hidden name="field_name" value="$field_value" override=1>
  > 
  > Can you write the Perl similarly?
  > 
  >   print hidden('field_name', "$field_value", -override => 1);
  > 
  > Or is this really Perl hate?
  
  There's no language-level support for such use. The arrow is just
  a special-cased comma -- it doesn't create pairs or anything like
  that. (I'm not sure how your example gets parsed as it should,
  either.) However, it'd be pretty trivial to offer something very
  close to your suggestion, eg.:
  
      print hidden 'field_name', $field_value, { -override => 1 };
  
  CGI.pm doesn't.
  
  Regards,
  
  

• From: peter (Peter da Silva)
  Date: 03:08 on 28 Jun 2006
  Subject: Re: CGI.pm
  
  > There's no language-level support for such use. The arrow is just
  > a special-cased comma -- it doesn't create pairs or anything like
  > that. (I'm not sure how your example gets parsed as it should,
  > either.)
  
  It's easy in a language that's a piquant blend of lisp, awk, and grep.
  
    proc input {type name value args} {
      eval [list tag input type $type name $name value $value] $args
    }
  
  And of course...
  
    proc tag {tag args} {
      lappend list $tag
      foreach {name value} $args {
        if {"$name" == "-flag"} {
          lappend list [string toupper $value]
        } else {
          lappend list [string toupper $name]=[quote_string $value]
        }
      }
      return <[join $list " "]>
    }
  
  And to be complete (sorry for the double negative in the first line):
  
    proc quote_string {string} {
      if ![string match "*[^a-zA-Z0-9.-]*"] {
        return $string
      }
      if ![string match "*'*" $string] {
        return '$string'
      }
      if ![string match "*\"*" $string] {
        return "\"$string\""
      }
      regsub -all "'" $string "\\&#39;" string
      return '$string'
    }
  
  
  

Generated at 10:26 on 16 Apr 2008 by mariachi