[13107] in Perl-Users-Digest
Perl-Users Digest, Issue: 517 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Fri Aug 13 23:07:19 1999
Date: Fri, 13 Aug 1999 20:05:12 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Fri, 13 Aug 1999 Volume: 9 Number: 517
Today's topics:
Re: Announcement: "CRAP" (Phil Goetz)
Re: Announcement: "CRAP" (Phil Goetz)
CGI.pm persistent data: Security risk? (Phil Goetz)
Re: CGI.pm persistent data: Security risk? (Sam Holden)
Re: Conditional Using Regular Expression (Eric Bohlman)
Re: Conditional Using Regular Expression (Ronald J Kimball)
Re: HARASSMENT -- Monthly Autoemail (Gil Harvey)
Import text file into body of Mail <webmaster@mendonet.com>
module to deal with money sortof like Date::Manip ? (Id Est)
Re: Perl Programmers' Web Design "Difficulties" <revjack@radix.net>
Re: Perl Programmers' Web Design "Difficulties" <ltl@rgsun5.viasystems.com>
Re: Perl Programmers' Web Design "Difficulties" support@gethits.com
Perl/TK issues (Donovan Rebbechi)
Re: Starnge DBI behavior <ltl@rgsun5.viasystems.com>
Re: using the cd command in perl on Windows98 (Eric Bohlman)
What happened to Perl in 1990? (brian d foy)
Digest Administrivia (Last modified: 1 Jul 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: 14 Aug 1999 02:10:21 GMT
From: goetz@cse.buffalo.edu (Phil Goetz)
Subject: Re: Announcement: "CRAP"
Message-Id: <7p2j6d$7od$1@prometheus.acsu.buffalo.edu>
In article <Pine.GSO.4.10.9908010948340.9389-100000@crusoe.crusoe.net>,
Jeff Pinyan <japhy@pobox.com> wrote:
>Johnathan, if you have some URLs of festering hellholes of broken -- yet
>proliferated -- Perl programs, please send me them. I've got a team of 13
>people here waiting to write articles about them.
Do you mean you got funding for this CRAP?
Phil
------------------------------
Date: 14 Aug 1999 02:34:17 GMT
From: goetz@cse.buffalo.edu (Phil Goetz)
Subject: Re: Announcement: "CRAP"
Message-Id: <7p2kj9$86n$1@prometheus.acsu.buffalo.edu>
In article <37a3151b@cs.colorado.edu>,
Tom Christiansen <tchrist@mox.perl.com> wrote:
> [courtesy cc of this posting mailed to cited author]
>
>In comp.lang.perl.misc, japhy+crap@pobox.com writes:
>:WHAT IS CRAP?
>: Have you seen a program written by someone else, and sighed,
>: saying:
>
>Does this mean that you're going to attack that festering hellhole
>of eternal damnation known as "Matt's Script Archive"? If so, hurray.
>
>--tom
Is this the wrong time to say that I taught myself Perl with examples
from Matt's Script Archive? I even submitted some similarly-styled code
to a potential employer, whom I never heard from again. Then I started
reading Perl books. Wow! Perl has local variables now! :)
In fairness to Matt, he is more of a Javascript guy than a Perl guy.
Phil
------------------------------
Date: 14 Aug 1999 02:06:57 GMT
From: goetz@cse.buffalo.edu (Phil Goetz)
Subject: CGI.pm persistent data: Security risk?
Message-Id: <7p2j01$7in$1@prometheus.acsu.buffalo.edu>
From Perl in a Nutshell:
"When a CGI.pm script is called multiple times,
the input fields are given default values from the previous invocation."
Is there a possibility that someone executing my Perl CGI script
will be given the values preserved from the previous invocation
of the script by another user? These values include username
and password.
Also, I was looking over the security section of the CGI FAQ to answer this,
and it says:
Q5.3: Why is everyone saying that
http://bigidiot.abuse-me.com/perl.exe?foo.pl
is dangerous? How bad can it be?
Extremely dangerous! Just imagine what will happen if I do something like this:
http://bigidiot.abuse-me.com/cgi-bin/perl.exe?-e+'format:%20c'
Um... what will happen? There is no explanation of what the problem is.
Phil Goetz
flick@populus.net
------------------------------
Date: 14 Aug 1999 02:58:08 GMT
From: sholden@pgrad.cs.usyd.edu.au (Sam Holden)
Subject: Re: CGI.pm persistent data: Security risk?
Message-Id: <slrn7r9mqt.pu8.sholden@pgrad.cs.usyd.edu.au>
On 14 Aug 1999 02:06:57 GMT, Phil Goetz <goetz@cse.buffalo.edu> wrote:
>
>From Perl in a Nutshell:
>
>"When a CGI.pm script is called multiple times,
>the input fields are given default values from the previous invocation."
>
>Is there a possibility that someone executing my Perl CGI script
>will be given the values preserved from the previous invocation
>of the script by another user? These values include username
>and password.
No.
>Also, I was looking over the security section of the CGI FAQ to answer this,
>and it says:
>
> Q5.3: Why is everyone saying that
> http://bigidiot.abuse-me.com/perl.exe?foo.pl
> is dangerous? How bad can it be?
>
> Extremely dangerous! Just imagine what will happen if I do something like this:
>
> http://bigidiot.abuse-me.com/cgi-bin/perl.exe?-e+'format:%20c'
>
>Um... what will happen? There is no explanation of what the problem is.
It will format the C drive of the computer if the format program is can
be run without a console, which is unlikely on windows really.
But you don't have perl.exe in your cgi-bin so it doesn't matter...
--
Sam
You can blame it all on the internet. I do...
--Larry Wall
------------------------------
Date: 14 Aug 1999 02:28:45 GMT
From: ebohlman@netcom.com (Eric Bohlman)
Subject: Re: Conditional Using Regular Expression
Message-Id: <7p2k8t$2pf@dfw-ixnews7.ix.netcom.com>
Pan (Pan@LA-Online.com) wrote:
: I am fairly new to perl, and am writing a web client that will return a
: list of links based on a conditional match. I don't have much
: experience with regular expressions, and have been unable to get a
: match.
Have you read perlre yet? If not, do so now. If so, re-read it (it
really is complex enough that you'll miss things on the first reading)
: I want to write a conditional using a reg exp that matches 4 constant
: characters, 4 variable digits, a variable alpha, and '.htm' like so:
:
: food1111a.htm
:
: Here is the syntax that I'm trying to use:
:
: if ($linkURL =~ /food......htm/i)
That will match any string that contains the letters 'food' followed by
exactly six characters of any sort followed by the letters 'htm'. That's
not consistent with what you've said you wanted to do. perlre will tell
you how to:
Match a digit
Specify how many times a particular character or character class needs to
appear
Match an arbitrary character
Match a literal period
------------------------------
Date: Fri, 13 Aug 1999 22:56:55 -0400
From: rjk@linguist.dartmouth.edu (Ronald J Kimball)
Subject: Re: Conditional Using Regular Expression
Message-Id: <1dwhzhi.3k68471x2ligwN@p97.tc2.state.ma.tiac.com>
Pan <Pan@LA-Online.com> wrote:
> I want to write a conditional using a reg exp that matches 4 constant
> characters, 4 variable digits, a variable alpha, and '.htm' like so:
>
> food1111a.htm
>
> Here is the syntax that I'm trying to use:
>
> if ($linkURL =~ /food......htm/i)
Without seeing the value of $linkURL, it will be impossible to say why
this is not matching.
This regex would more closely match your criterion:
/food\d{4}[a-z]\.htm/i
But it still won't match if the one you're using doesn't match.
--
_ / ' _ / - aka -
( /)//)//)(//)/( Ronald J Kimball rjk@linguist.dartmouth.edu
/ http://www.tiac.net/users/chipmunk/
"It's funny 'cause it's true ... and vice versa."
------------------------------
Date: Sat, 14 Aug 1999 02:34:09 GMT
From: gh@netquick.net (Gil Harvey)
Subject: Re: HARASSMENT -- Monthly Autoemail
Message-Id: <37b4d4b0.25250093@news.interpath.net>
On Sat, 14 Aug 1999 00:28:01 GMT, Marc.Haber-usenet@gmx.de (Marc
Haber) wrote:
>Why are you still participating in the perl groups when you don't read
>what one of the most knowledgeable persons around here?
>
>Tom _can_ be a pain, but I am willing to tolerate that from one of the
>authors of two of my most used books that almost never go back to
>their shelf place.
I don't think any of us dispute TCs knowledge of perl - I also
make much use of his writings - but that is no excuse for his assine
email tactics.
Tom, I love your books, I bought them, when I want to hear
from you I will buy your next book, don't send me unxolicted email.
There, does that cover it?
------------------------------
Date: Fri, 13 Aug 1999 19:53:43 -0700
From: Jon Hollcraft <webmaster@mendonet.com>
Subject: Import text file into body of Mail
Message-Id: <37B4DA37.57BB@mendonet.com>
I am trying to import a text file into the body of an email.
I have tried using formail prior to sendmail, but Perl gets
very upset with the formail syntax. It works great to cat in
a text file for mailing under procmail. There must be a simple
way to get this done in Perl that I haven't tried yet.
open (MAIL, "|$mailprog -t") || die "Can't open $mailprog!\n";
print MAIL "From: $ownermail\n";
print MAIL "To: $in{'address'}\n";
print MAIL "Subject: You are unsubscribed!\n\n";
print MAIL "$goodbye\n\n";
This gives me the $goodbye (data/goodbye.txt) file id very
nicely printed out. Suggestions?
TIA Jon
------------------------------
Date: Sat, 14 Aug 1999 02:36:24 GMT
From: id-est@home.com (Id Est)
Subject: module to deal with money sortof like Date::Manip ?
Message-Id: <slrn7r9les.69h.id-est@erato.bigredrockeater.com>
i'm looking for something that would let users enter monetary values in
the sort of freeform way that Date::Manip does for dates/times. there
doesn't seem to be a Money::Manip module at www.cpan.org, so does somebody
have some ideas?
------------------------------
Date: 14 Aug 1999 02:16:01 GMT
From: revjack <revjack@radix.net>
Subject: Re: Perl Programmers' Web Design "Difficulties"
Message-Id: <7p2jh1$l9c$1@news1.Radix.Net>
Keywords: Hexapodia as the key insight
Shawn Grant explains it all:
:I don't mean to make a sweeping generalization, but it
:appears that the more advanced programmers can't seem
:to create attractive web sites.
Must...not...followup...to..trolls..nnngggggg
:http://www.stonehenge.com
One of my favorite sites. I can find what I'm looking for right away. What
higher praise can there be?
"If you want television, you know where to find it."
-- Tom Christiansen in <37386491@cs.colorado.edu>
------------------------------
Date: 14 Aug 1999 02:40:12 GMT
From: lt lindley <ltl@rgsun5.viasystems.com>
Subject: Re: Perl Programmers' Web Design "Difficulties"
Message-Id: <7p2kuc$l0e$1@rguxd.viasystems.com>
support@gethits.com wrote:
:>Garth Sainio wrote:
:>
:>> Or maybe it is that programmers prefer the useful to the eye candy?
:>True, but the appeal of the web is the combination of both (when
:>appropriate).
I don't want to go on a rant here, but I just want a Gotdamned table
with a list of links where the keywords are sufficient for me to
figure out where they lead and at least one of which (preferably the
first or last) leads to a search interface that accepts regular
expressions. I don't know about you, but for me anything else is
just wasted bandwidth and clutter that I filter out just like I do
the billboards beside the highway (unless the billboard and by
implication banner ad happen to display sexually explicit images in
which case another part of my brain takes over and diverts my
attention to the offending message even when I *know* that looking at
it isn't going to get me laid!).
But hey, that's just my opinion.
[Some style points for this rant shamelessly stolen from Dennis Miller]
--
// Lee.Lindley /// Programmer shortage? What programmer shortage?
// @bigfoot.com /// Only *cheap* programmers are in short supply.
//////////////////// 50 cent beers are in short supply too.
------------------------------
Date: Sat, 14 Aug 1999 02:51:01 GMT
From: support@gethits.com
Subject: Re: Perl Programmers' Web Design "Difficulties"
Message-Id: <37B4DB27.158F2282@gethits.com>
support@gethits.com wrote:
> (when appropriate).
Lack of graphics/design is appropriate for content rich
site (CPAN, et al). Graphics are appropriate if shopping online
for, say, a condo or car...a picture tells a thousand words.
IMHO. Darryl.
------------------------------
Date: 13 Aug 1999 22:12:44 -0400
From: elflord@news.newsguy.com (Donovan Rebbechi)
Subject: Perl/TK issues
Message-Id: <slrn7r9k4r.aik.elflord@panix3.panix.com>
I am wondering if anyone has written a substantial ( say over 1000 lines )
perl-Tk program. I am interested in seeing the code for some larger
perl-Tk programs ( because I'm wondering if perl-Tk is suitable
for sizeable programs -- but then I'd rather die than use Tcl ... )
I am currently coding something which is about 1000 lines at this
stage, and the naming conventions make it difficult to write
clean code ( eg in tcl, you have a naming scheme that reflects
the widget heirarchy, in perl you don't. )
My reason for wanting to build the widget heirarchy into variables is
because passing widgets to subroutines is very tedious otherwise,
and you also run out of names for all those widgets (-; My current
attempt at an answer has been to use anonymous hashrefs to build
a data structure mirroring the structure of a widget tree. This
helps, but is still a tad cumbersome.
I am posting to ask if other people have written long perl-Tk
programs ( I'd be interested to see how others have handled this if
they have ) and also to seek advice about what to keep in mind
when building a (moderately) complex GUI with perl/Tk. I've looked
at all the ORA books that talk about perl-Tk (panther,
ram, learning perl/Tk ) but they tend to stick
with very simple examples.
Cheers,
--
Donovan
------------------------------
Date: 14 Aug 1999 02:02:23 GMT
From: lt lindley <ltl@rgsun5.viasystems.com>
Subject: Re: Starnge DBI behavior
Message-Id: <7p2inf$kff$1@rguxd.viasystems.com>
Eric Bohlman <ebohlman@netcom.com> wrote:
:>Kevin Raison (raison@mc.net) wrote:
:>: Given the typo corrections below, the odd behavior of fetchrow_arrayref is
:>: still at issue.
:>: On each iteration, it is reusing the same memory address for what should be a
:>: different reference.
:>Unless the documentation for a function that returns a reference states
:>that it will return a unique reference on each call, you really can't
:>assume that you can just squirrel away its return value. You should make
:>your own copy of what it references and store a reference to *that*.
In this case, the documentation specifically warns about this. From
"perldoc DBI":
fetchrow_arrayref
$ary_ref = $sth->fetchrow_arrayref;
$ary_ref = $sth->fetch; # alias
Fetches the next row of data and returns a reference to
an array holding the field values. Null field values
are returned as undef. This is the fastest way to fetch
data, particularly if used with $sth->bind_columns.
If there are no more rows or an error occurs
fetchrow_arrayref returns undef (you should check
$sth->err afterwards or use the RaiseError entry
elsewhere in this document).
Note that currently the same array ref will be returned
for each fetch so don't store the ref and then use it
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This is an optimization the author chose to make in C. It is true
that you would often write similar things in Perl where the returned
value is a reference to a lexically scoped array. That way the
memory isn't reused unless the caller's reference to that array goes
out of scope. This is an extremely useful feature that makes me love
Perl, and it might explain why the behavior of fetchrow_arrayref is
not what Kevin expects.
The DBI module needs to be efficient. Reusing the memory looks like
a reasonable design decision to me, especially considering that it
was documented. :-) The user of the resulting data can decide
whether to copy the data to new storage or access it in place.
--
// Lee.Lindley /// Programmer shortage? What programmer shortage?
// @bigfoot.com /// Only *cheap* programmers are in short supply.
//////////////////// 50 cent beers are in short supply too.
------------------------------
Date: 14 Aug 1999 02:36:15 GMT
From: ebohlman@netcom.com (Eric Bohlman)
Subject: Re: using the cd command in perl on Windows98
Message-Id: <7p2kmv$2pf@dfw-ixnews7.ix.netcom.com>
markd (mark_and_kylie@email.msn.com) wrote:
: I've just installed the ActivePerl distribution of perl on my Win98 PC,
: using the djgpp unix emulation utilities.
:
: I wrote a program with the line
:
: system("cd $directory");
:
: in it, and am getting the error message
:
: Can't spawn "cd": No such file or directory (ENOENT) at test.pl line 4.
:
: ie, the program can't find or execute the cd command.
In Win32, "cd" is a shell builtin, not an external command. It looks
like something in the latest ActivePerl implementation is preventing perl
from calling the shell.
But all that is essentially irrelevant, because Perl has a built-in
chdir() function, which will work correctly; using system() wouldn't work
in any case because it would create a child process that would change
its own current directory (*not* that of the parent) and then go away.
:
: There is no cd.exe in the djgpp unix utilities bundle, so I'm wondering if
: that's the problem, or if i should be able
: to somehow execute the DOS cd command, or it there's something else I'm
: overlooking.
:
: I've checked the WIN32 perl FAQ, but it doesn't seem to address anything
: like this.
:
: Mark
:
:
:
------------------------------
Date: Fri, 13 Aug 1999 23:12:31 -0400
From: brian@pm.org (brian d foy)
Subject: What happened to Perl in 1990?
Message-Id: <brian-ya02408000R1308992312310001@news.panix.com>
looking over e.'s Perl Timeline
<URL:http://history.perl.org/PerlTimeline.html#1990s> i see that
there is nothing significant listed for the year 1990. surely
something must have happened that year, but that's before i had
heard of Perl...
--
brian d foy
CGI Meta FAQ <URL:http://www.smithrenaud.com/public/CGI_MetaFAQ.html>
Perl Monger Hats! <URL:http://www.pm.org/clothing.shtml>
------------------------------
Date: 1 Jul 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 1 Jul 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.misc (and this Digest), send your
article to perl-users@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
The Meta-FAQ, an article containing information about the FAQ, is
available by requesting "send perl-users meta-faq" from
almanac@ruby.oce.orst.edu. The real FAQ, as it appeared last in the
newsgroup, can be retrieved with the request "send perl-users FAQ" from
almanac@ruby.oce.orst.edu. Due to their sizes, neither the Meta-FAQ nor
the FAQ are included in the digest.
The "mini-FAQ", which is an updated version of the Meta-FAQ, is
available by requesting "send perl-users mini-faq" from
almanac@ruby.oce.orst.edu.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 517
*************************************
