http://qs1969.pair.com?node_id=203947

zentara has asked for the wisdom of the Perl Monks concerning the following question:

Hi, I recently installed SuSE8.1, with the apache version 1.3.26. It's perl 5.8 comes with CGI.pm v2.81. With the standard install, the httpd starts properly loading the mod_perl, php, and ssl modules. No problem, all is well.

I went to upgrade to the latest version of CGI.pm v2.87. Now when I start apache, I get a warning: "unitialized value in concantation in CGI.pm line 35".

The line 35 is this:

$TAINTED = substr($ENV{REQUEST_METHOD}.'',0,0);

So, does anyone know why I'm getting this message.

The v2.81 CGI.pm dosn't even have a $TAINTED variable.


Edited: ~Thu Oct 10 00:19:22 2002 (GMT) by footpad: Replaced <PRE> tags with more appropriate HTML formatting, per Consideration

Replies are listed 'Best First'.
Re: $TAINTED in latest CGI.pm v2.87
by particle (Vicar) on Oct 09, 2002 at 15:17 UTC
    the warning is produced from the $ENV{REQUEST_METHOD} . ''. it seems $ENV{REQUEST_METHOD} is undefined, which causes the 'uninitialized value' message.

    why the request method is not set, i'm not sure.

    ~Particle *accelerates*

      You are right. I went back and put CGI.pm v2.87 back in and added
      a line:
      $ENV{REQUEST_METHOD} = $ENV{REQUEST_METHOD} || '';
      
      $TAINTED = substr($ENV{REQUEST_METHOD}.'',0,0);
      
      and it works fine now.  There must be a better idiom for that added line ?
      

        how about

        $ENV{REQUEST_METHOD} ||= '';

        but it will replace a false value, such as the number 0. in perl6, that's better written as:

        $ENV{REQUEST_METHOD} //= '';

        which will only default undefined values

        ~Particle *accelerates*

        defined or $_ = '' for $ENV{REQUEST_METHOD};

        Makeshifts last the longest.

Re: $TAINTED in latest CGI.pm v2.87
by Sinister (Friar) on Oct 10, 2002 at 12:56 UTC
    *Sinister is completely shocked and horrified!

    I was going to say that this:
    $TAINTED = substr($ENV{REQUEST_METHOD}.'',0,0) if defined $ENV{REQUEST_METHOD};
    Was prob. the nicest solution to your problem, as it doesn't state: 'my $TAINTED = ...' - I was figuring that $TAINTED was defined earlier.

    To make sure I wasn't going to say anything stupid, I did the bad thing of opening the black box and peak into the CGI module.

    My hart stopped for a moment! My stumach turned! More then once..! I screamed: "WHERE IS 'use strict;' ??!?!?!!"

    Yes, dear monks,
    the module we all hold up high, and use a lot in our daily work, does not use strict! *sigh*

    er formait hyarya.
    -- "Life is a house and the next tornado is never far away"
    -- "lovely by nature"

      contrary to popular belief, this is a good thing. strict causes a performance hit of around 30%, which is something a performance-oriented module like CGI would like to avoid.

      i believe what you're seeing is optimized perl, which is not to be mistaken for maintainable perl. i trust the CGI experts who keep this module up to date to do their job, and at the same time hope i'm never called on to debug that mess and make an update.

      ~Particle *accelerates*