Re: FormMail Problem

Tad McClellan wrote:
Gunnar Hjalmarsson wrote:
It's obvious from Christopher's follow-up that he doesn't know enough Perl to express such a depreciatory opinion on someone else's code, and that his opinion is merely hearsay. 

I didn't see anything in his followup that indicated a skill level.

I must have missed the obvious, what was it that you saw? 

Unlike what Christopher stated

1) pipes to other programs can be opened also when taint mode is enabled, and

2) the /e modifier in the expressions for unescaping URI escaped strings

    s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

isn't dangerous.

To me, that indicates a limited skill level (which isn't a 'crime' in itself...). Anyway, considering that, and since Christopher's other comments are far from supporting his depreciatory opinion on FormMail, the logical conclusion is that the opinion is merely hearsay.

It's funny. Normally, such incorrect statements on Perl would have resulted in several correcting follow-ups. Now, since they were made with the aim of discrediting FormMail, that did not happen.

--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
.