Quite often people come to this site and ask questions like "Where can I find a Perl program to do X?" If you answer the question, please do not refer them to resources that you have not personally verified.

In this node, the monk recommended that someone check out Perl guestbooks at http://cgi.resourceindex.com. I went out and downloaded one of the guestbooks and quickly scanned the code. It's abysmal. No taint checking, no strict, no CGI.pm. The author tries to handle the CGI parsing himself and (as usual) does so incorrectly. What's worse, the following notice is included in the programs: 

# Scripts VIZBOOK.CGI, VIZADMIN.CGI, TESTBIN.CGI, MAKEDIR.CGI, PICLOAD
+.CGI,  #
# and VIZADMDEL.CGI were written (c) by Ron F Woolley, Melbourne Austr
+alia.  #
# Copyright 1999,2000. These scripts CANNOT BE ALTERED for personal si
+te use #
# OR commercial site use except as instructed here in, NOR can whole o
+r      #
# portions of code be copied, AND,                                    
+       #
# all of the header notices in the scripts MUST REMAIN intact as is, A
+ND,    #
# using the scripts without first reading the README file(s), is prohi
+bited. #
# IF YOU DO NOT AGREE, destroy all files NOW!                         
+       #

[download]
What that means, in a nutshell, is that you are explicitly forbidden from making the code robust and secure.

Please, check the code you recommend. I'm not saying that you should take huge, complex systems that have been written and do a line-by-line analysis, but at least verify the basics: taint, strict, CGI.pm, or whatever else is appropriate.

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

In reply to Don't blindly recommend code by Ovid

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.