OK, now I know that CGI.pm's HTML-generating functions are considered more
than somewhat déclassé, but I have to maintain an application that makes
liberal use of them. One of the most persistent sources of niggly and
unpleasant bugs in this application is caused by CGI.pm's insanely hateful
and broken behaviour.
Allow me to explain. Here's how you generate a hidden field with CGI.pm:
print hidden('field_name', $field_value);
This has the benefit of being simple, comprehensible, and elegant. Sadly,
it also has the disadvantage of being wrong.
How's that? Well, suppose we're processing the result of submitting the
form that contains this hidden field, and the $field_value you've just
calculated isn't the same as the one that got submitted. In such a case,
CGI.pm thinks that the best thing to do is to COMPLETELY FUCKING IGNORE what
you told it, and instead SCRIBBLE OVER YOUR DATA with whatever random crap
it received from the form submission. (I'm not going to labour the point
about inappropriately trusting data received from the internet, but please
do be aware of it.)
Of course, you can fix this. Here's how to code defensively against this
retarded API:
print hidden(
-name => 'field_name',
-default => $field_value,
-override => 1,
);
(Just for good measure, note how this simple thing now takes up five times
as much vertical space on my screen to fit into 80 columns, and that screen
space is a non-renewable resource.)
This API is just astoundingly fuckwitted. I can't conceive of any situation
in which it would be desirable behaviour, and it has caused huge numbers of
bugs in the software I maintain. And that's in spite of the fact that I
know about this brokenness -- it's so stupid that it's apparently impossible
to remember to use the ridiculous workaround.
Hate.
--
Aaron Crane
