Return-Path: Delivered-To: apmail-perl-modperl-archive@www.apache.org Received: (qmail 49218 invoked from network); 25 Apr 2010 10:45:36 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 25 Apr 2010 10:45:36 -0000 Received: (qmail 45836 invoked by uid 500); 25 Apr 2010 10:45:34 -0000 Delivered-To: apmail-perl-modperl-archive@perl.apache.org Received: (qmail 45587 invoked by uid 500); 25 Apr 2010 10:45:32 -0000 Mailing-List: contact modperl-help@perl.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list modperl@perl.apache.org Received: (qmail 45580 invoked by uid 99); 25 Apr 2010 10:45:31 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 25 Apr 2010 10:45:30 +0000 X-ASF-Spam-Status: No, hits=-1.1 required=10.0 tests=AWL,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of aw@ice-sa.com designates 212.85.38.228 as permitted sender) Received: from [212.85.38.228] (HELO tor.combios.es) (212.85.38.228) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 25 Apr 2010 10:45:23 +0000 Received: from localhost (localhost [127.0.0.1]) by tor.combios.es (Postfix) with ESMTP id A05AB2260ED for ; Sun, 25 Apr 2010 12:44:32 +0200 (CEST) Received: from tor.combios.es ([127.0.0.1]) by localhost (tor.combios.es [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gt49zQUJppB7 for ; Sun, 25 Apr 2010 12:44:32 +0200 (CEST) Received: from [192.168.245.129] (p549E0EDD.dip0.t-ipconnect.de [84.158.14.221]) by tor.combios.es (Postfix) with ESMTPA id 4FD882260EB for ; Sun, 25 Apr 2010 12:44:32 +0200 (CEST) Message-ID: <4BD41D28.8020502@ice-sa.com> Date: Sun, 25 Apr 2010 12:44:56 +0200 From: =?ISO-8859-1?Q?Andr=E9_Warnier?= Reply-To: mod_perl list User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: mod_perl list Subject: Re: Getting a / when regex should produce nothing References: <4BD3AB3D.1040900@bennettconstruction.biz> In-Reply-To: <4BD3AB3D.1040900@bennettconstruction.biz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Chris Bennett wrote: ... Personal observations : > > use warnings; That's good. But this : > no warnings 'uninitialized'; is very dubious. > $article_file = $q->param("articlefilename"); will come back undef if : - there is no "articlefilename" input box on the submitted form - there is one, but it is not sent by the browser (as some browsers may do if the form field has not been filled-in) - someone just calls your script by a URL in the location bar, without parameters > if ($debug) { $error .= qq{

$article_file

};} This then is dubious too, because you are essentially concatenating a string (which may also be undef), with an undef value. (And before that, you are passing this undef value to the qq function). Who knows what this does ? Unfortunately, you will never know, because you have disabled warnings for that. Why not do something more solid, like : remove the "no warnings" pragma. $article_file = $q->param("articlefilename") || ''; (making it equal to an empty string if it is undefined), or more explicitly $article_file = $q->param("articlefilename"); $article_file = '' unless defined $article_file; And the same for any other form parameter you receive. If you are programming for the web, where you essentially do not know which miscreant browser or user is at the other end, you have to program defensively. Suppressing warnings is the wrong way to go.