Re: ePerl: bad handling of ISINDEX queries

[tiago () EPS UFSC BR (Tiago Luz Pinto)]

On Wed, 8 Jul 1998, Steve Willer wrote:

> To be honest, although I ended up not using ePerl, I would consider this
> mistake fairly understandable. I mean, I can't think of anywhere that
> still uses ISINDEX, so it's not that strange for it to fall out of a
> developer's mental space.

        I don't agree with you on that. First, ISINDEX is well documented
in the CGI specification and ePerl claims that is CGI/1.1 compliant.
Second, if you want your software to work (not mentioning being secure),
you can't forget things that are written in the specs.

> I do want to make one point about the original bug report: If I read it
> correctly, then you will only be able to execute ePerl code, *not* Perl
> code. ePerl starts off in "plain text" mode, so anything until the
> ePerl-open tag will be output as plain text.

        You'll be able to execute PERL code, since all that ePerl does
is putting a PERL "print" command in front of your HTML code and passing
it to the Perl interpreter along with the PERL code embedded in the page.

        Another thing: this bug was found in the latest (2.2.12)
version of ePerl.


+----------------------------------------------------------------------+
|  Tiago Luz Pinto                                 tiago () eps ufsc br   |
|                                                                      |
|  Network Administrator  -      Department of Production Engineering  |
|  Federal University of Santa Catarina -                      Brazil  |
+----------------------------------------------------------------------+