| Excellent, you're here so i (we) can address a couple of the points in your talk. 1) DBI is not a core module, nor to my knowledge has it ever been. 2) I'm the current maintainer of CGI.pm - i am not the author. This is an important point because the module is 20 years old, and like any software of significant size/age/importance it has been through several different hands (over 30 according to the git log, which only goes back to 1998 so is missing 3 years). It would be great if i could just release a version of CGI.pm that removes the list context behaviour of ->param but that would massively break back compatibility for hundreds, if not thousands, of users. Not all of these users have the knowledge or resources to fix their code, which is why for the time being CGI.pm will warn when ->param is called in list context. This has actually broken some software (anyone that has set warnings to be fatal), but this was the least harmful way i could get out to users who maybe blind to the issue that there is indeed an issue. And yes, as many have already stated this was an unfortunate consequence of the list context behaviour of CGI.pm. Knowing the difference between scalar/list context in perl is a classic gotcha. This behaviour lurked in code going back years - the examples you cite would all fall into the "legacy code" category. You're making the classic mistake of someone who doesn't know perl: looking at code from over a decade ago and thinking this represents modern perl. It doesn't. A couple of other examples of critical bugs that were revealed in 2014: shellshock and heartbleed. Should we dismiss bash, C, etc, as terrible languages because of these? No. People make mistakes, don't RTFM, misunderstand language features, and bugs can exist in legacy code for years and years. Usually critical bugs. You could have made an excellent talk from the work you did in exposing the bug(s) you found. You failed. Learn from this. |
Yes.