|
No offense Ward, but round these parts writing your own CGI handling routines rather than using a library gets you an earful of 'education' as soon as anyone finds out. It allows security holes to happen. While the wikibase code is interesting in a pedagogical sense for providing that code, it does do some worrying things (no taint checking, no checks for unsafe chars in input, etc). I also think that it detracts from the Wiki (as a thing of beauty), since it gathers into the code some things we hide from small children. All of the people who reimplement WikiWiki will use a library (servlet, asp, cgi, or whatever) so not presenting that black box may make it easier to understand what is going on.
Every time I see wikibase I itch to change that. I wouldnt make such a change unless you want it, you may have reasons I don't know for keeping it all-in-one. One I can think of is the historical reason - Wiki predates CGI.pm by a year or so if memory serves. However, CGI.pm is now part of the Perl 'standard library'.
By the way, I wouldnt turn on taint checking on code that works this way anyway, it would almost certainly break the ability to edit the code!
--BrianEwins |
