[15605] in Perl-Users-Digest
Perl-Users Digest, Issue: 3018 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Thu May 11 14:10:44 2000
Date: Thu, 11 May 2000 11:10:31 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <958068631-v9-i3018@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Thu, 11 May 2000 Volume: 9 Number: 3018
Today's topics:
Re: Getting the text of a subroutine? <slu_2@altavista.net>
Re: Help Needed - Perl Matching Operator (Abigail)
Re: how to use fork or background processing (in Perl/T (M.J.T. Guy)
Re: I need help installing Perl <waldo700NOwaSPAM@aol.com.invalid>
Re: Iteration <andy@u2me3.com>
Re: Iteration <andrew.mcguire@walgreens.com>
linked list in perl <jmourneyNOjmSPAM@hotmail.com.invalid>
Re: linked list in perl <sariq@texas.net>
Re: Need to make UNIX autoresponder <rootbeer@redcat.com>
Re: Need to make UNIX autoresponder <jboesNOjbSPAM@qtm.net.invalid>
Re: Need to make UNIX autoresponder <rootbeer@redcat.com>
Re: Perl Script aborting on 0x1A <rootbeer@redcat.com>
portable open for read/write? jlamport@calarts.edu
Q: Benchmarking hash pre-size <skuo@mtwhitney.nsc.com>
Re: Quit over the use of a script (ot) (Tad McClellan)
Re: read bios <rootbeer@redcat.com>
Re: remaining disk space <damon_jebb@nai.com>
Re: Seeking a file nobull@mail.com
Re: Semantics of terminal /@/ and "@" (Was: Re: Help Ne (M.J.T. Guy)
Re: Semantics of terminal /@/ and "@" (Was: Re: Help Ne (Ilya Zakharevich)
Re: shooting yourself in the foot ... (Tad McClellan)
Re: shooting yourself in the foot ... (Andrew Johnson)
Re: shooting yourself in the foot ... (Ilya Zakharevich)
Re: Simulating web browsers <rootbeer@redcat.com>
Re: Still having problems with cgi under IIS <jeff@vpservices.com>
Re: Still having problems with cgi under IIS prakash_ojha@my-deja.com
Re: Strange Characters from Perl Script <jeff@vpservices.com>
Re: Strange Characters from Perl Script <andrew.mcguire@walgreens.com>
Re: Strange Characters from Perl Script <godzilla@stomp.stomp.tokyo>
Re: Strange Characters from Perl Script <jeff@vpservices.com>
Re: taint workin <rootbeer@redcat.com>
Why is (?{ }) assertion always true? nobull@mail.com
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Thu, 11 May 2000 12:35:36 -0400
From: Sydney Lu <slu_2@altavista.net>
Subject: Re: Getting the text of a subroutine?
Message-Id: <6vnlhs83rpcl4uau3scnjuitnnnu2pft18@4ax.com>
Eh, nothing wrong with key-value pairs. But when I have roughly 10 or
15 arguments to every widget, I don't want them stuck in the middle of
my program. I consider those parameters to be 'data,' and I'd like to
keep them separate, so that I can have a different look just by
renaming a data file.
Right now, I have it set up so I call my file-reading function, and it
returns me a Hash reference. So then I can simply say things like:
$mw->Button( %{$current_window_data->{Btn_Done_Params}} );
and simply have a text file off somewhere that has:
[Btn_Done_Params]
-text=Done
-command=sub { exit }
... etc. in it.
>No. But you said that you read the subroutine from the file, and then
>eval() it. So why not keep a copy of the subroutine's body *before*
>eval()ing it?
>
Yeah, thought about that, but it doesn't seem like the most elegant
thing to do. As you pointed out, I /could/ have my Hash simply store
the subroutine as text in another entry, sometime before eval(), but
that gets messy with the write routine as well, which then has to not
write anything that's a subroutine reference ...
-- Sydney
------------------------------
Date: 11 May 2000 17:11:36 GMT
From: abigail@foad.org (Abigail)
Subject: Re: Help Needed - Perl Matching Operator
Message-Id: <slrn8hlqe6.hsu.abigail@ucan.foad.org>
On Thu, 11 May 2000 13:51:40 +1000, Peter Hill <phill@modulus.com.au> wrote:
++ Abigail wrote:
++ >
++ [snip]
++ >
++ > But what's that got to do with checking for valid email addresses?
++ > There are lots of strings that contain '@', but aren't valid email
++ > addresses, and lots of valid email addresses that don't contain a '@'.
++
++ That last bit ("...and lots of valid email addresses that don't contain
++ a '@'.") caught me by surprise. Am I reading the RFC822 BNF for
++ addresses wrongly, or are you referring to
++ non-RFC822-compliant-but-nevertheless-valid addresses?
According to RFC 822, the following are valid addresses:
Foo:;
:;
(This) "is" (valid) : (really!) ;
Abigail
------------------------------
Date: 11 May 2000 16:27:22 GMT
From: mjtg@cus.cam.ac.uk (M.J.T. Guy)
Subject: Re: how to use fork or background processing (in Perl/Tk)?
Message-Id: <8fen1a$se6$1@pegasus.csx.cam.ac.uk>
Clinton A. Pierce <clintp@geeksalad.org> wrote:
>
>Signal handling is bad, avoid it whenever possible. It's unreliable in
>Perl and probably always will be.
That's wise advice, but a bit of an overstatement. It's still the
intention of the porters to make signal handling safe, when a sufficiently
efficient method can be found.
And you *can* have safe signal handling now:
* by using the Event.pm module.
* by using threads (but that has it's own overheads, and currently
has reliability problems)
Mike Guy
------------------------------
Date: Thu, 11 May 2000 10:45:01 -0700
From: bjanko <waldo700NOwaSPAM@aol.com.invalid>
Subject: Re: I need help installing Perl
Message-Id: <04699d92.e2f5f976@usw-ex0105-034.remarq.com>
Thanks for your help, but I have tried downloading it from
several sources and continue to get the same error message when
I run the configure.com (see previous post).
I have Win98 am downloading the .zip version. Or should I be
using the tar.gz?
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Date: Thu, 11 May 2000 16:37:32 +0100
From: "Andy Chantrill" <andy@u2me3.com>
Subject: Re: Iteration
Message-Id: <8fek4a$1vu$1@gxsn.com>
Hey,
Okay, so how would I access individual key elements of "@{$hash{$key}}"? And
how would I retrieve the number of keys in the hash?
I basically want to iterate through the HoL using a for loop, *not* foreach
...
Thanks, Andy.
andy@u2me3.com
------------------------------
Date: Thu, 11 May 2000 10:48:34 -0500
From: "Andrew N. McGuire" <andrew.mcguire@walgreens.com>
Subject: Re: Iteration
Message-Id: <391AD652.299214A8@walgreens.com>
Andy Chantrill wrote:
>
> Hey,
>
> Okay, so how would I access individual key elements of "@{$hash{$key}}"? And
> how would I retrieve the number of keys in the hash?
>
> I basically want to iterate through the HoL using a for loop, *not* foreach
#!/usr/bin/perl -w
use strict;
my %HoL = ( 1 => [ 0, 1, 2 ],
2 => [ 3, 4, 5 ],
3 => [ 6, 7, 8 ] );
# Print first element of each list.
print $HoL{$_}->[0] for sort keys %HoL;
# Print entire list.
print @{$HoL{$_}} for sort keys %HoL;
__END__
Do a 'perldoc perldsc' to find out more.
Cheers,
anm
--
Andrew N. McGuire
andrew.mcguire@walgreens.com
------------------------------
Date: Thu, 11 May 2000 10:20:47 -0700
From: Perl Discussion <jmourneyNOjmSPAM@hotmail.com.invalid>
Subject: linked list in perl
Message-Id: <057e0e74.afe3630c@usw-ex0101-008.remarq.com>
is it possible to have a linked list in perl?
i simply need to have a structure with 2 items:
one variable to contain data/value
one pointer to next/another structure
would it be just an array of size 2; item[0] contains
my data/value and item[1] is a reference to another array?
thank's
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Date: Thu, 11 May 2000 12:43:27 -0500
From: Tom Briles <sariq@texas.net>
Subject: Re: linked list in perl
Message-Id: <391AF13F.A8FA70E7@texas.net>
Perl Discussion wrote:
>
> is it possible to have a linked list in perl?
*Please* check the documentation before posting.
perldoc -q linked
- Tom
------------------------------
Date: Thu, 11 May 2000 09:07:25 -0700
From: Tom Phoenix <rootbeer@redcat.com>
Subject: Re: Need to make UNIX autoresponder
Message-Id: <Pine.GSO.4.10.10005110906430.16364-100000@user2.teleport.com>
On Thu, 11 May 2000 acunet3278@my-deja.com wrote:
> I would like to make an autoresponder in Perl on a UNIX server. Any
> ideas tips about doing that?
Be sure to use 'use strict' and '-w'. Cheers!
--
Tom Phoenix Perl Training and Hacking Esperanto
Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: Thu, 11 May 2000 09:20:00 -0700
From: Mur <jboesNOjbSPAM@qtm.net.invalid>
Subject: Re: Need to make UNIX autoresponder
Message-Id: <04cf401c.e5497065@usw-ex0106-045.remarq.com>
In article <Pine.GSO.4.10.10005110906430.16364-
100000@user2.teleport.com>, Tom Phoenix <rootbeer@redcat.com>
wrote:
>On Thu, 11 May 2000 acunet3278@my-deja.com wrote:
>
>> I would like to make an autoresponder in Perl on a UNIX
server. Any
>> ideas tips about doing that?
>
>Be sure to use 'use strict' and '-w'. Cheers!
>
(Sheesh. While I admire the sentiment, I deplore the
implementation...)
If you are looking for specific help with a script, c.l.p.misc
is the place. If you are looking for a script, it's not. Go to a
script archive (I happen to like www.perlarchive.com) and search
for 'autoresponder'. I just did that, and got 9 hits.
Jeff Boes//ICQ=3394914//Yahoo!=jeffboes//AOL IM=jboes
//home=jboes@qtm.net//professional=mur@consultant.com
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
------------------------------
Date: Thu, 11 May 2000 09:42:43 -0700
From: Tom Phoenix <rootbeer@redcat.com>
Subject: Re: Need to make UNIX autoresponder
Message-Id: <Pine.GSO.4.10.10005110942260.16364-100000@user2.teleport.com>
On Thu, 11 May 2000, Mur wrote:
> (Sheesh. While I admire the sentiment, I deplore the
> implementation...)
:-)
--
Tom Phoenix Perl Training and Hacking Esperanto
Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: Thu, 11 May 2000 08:45:17 -0700
From: Tom Phoenix <rootbeer@redcat.com>
Subject: Re: Perl Script aborting on 0x1A
Message-Id: <Pine.GSO.4.10.10005110844430.16364-100000@user2.teleport.com>
On Thu, 11 May 2000 jenningsii@my-deja.com wrote:
> I am using a PERL Script to read a binary file and do some byte
> manipulation. When the Hex value of 1A is read, the script is
> interpreting this as the EOF()
binmode, binmode binmode. :-)
--
Tom Phoenix Perl Training and Hacking Esperanto
Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: Thu, 11 May 2000 17:54:11 GMT
From: jlamport@calarts.edu
Subject: portable open for read/write?
Message-Id: <8fes3r$gnh$1@nnrp1.deja.com>
Okay, www.perlfaq.com suggests that to open a file for both reading and
writing, one does this:
open(FILEHANDLE, "<+filename");
But when I do that, the open fails with "No such file or directory" --
and yes, the file is there, and the open works as expected with
"filename", ">filename", and ">>filename" -- just not "<+filename".
My suspicion is that this "<+" mode is a system-specific thing, and that
my systems (I've tried it on both Debian Linux and MacOS) don't
understand "<+" and so are trying to open a file called '+filename' for
reading -- which of course isn't working.
So, how do I open a file for both read and write on my system(s)?
In case it matters, I'm using Perl 5.004 (and yes, I am stuck with this
version, at least for now...)
-jason
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Thu, 11 May 2000 10:48:14 -0700
From: Steven Kuo x7914 <skuo@mtwhitney.nsc.com>
Subject: Q: Benchmarking hash pre-size
Message-Id: <Pine.GSO.4.21.0005111044200.19839-100000@mtwhitney.nsc.com>
I'm trying to evaluate the time saved by pre-sizing a hash
with the following; is this a valid experiment?
#! /usr/local/bin/perl -w
use strict;
use Benchmark qw(timethese);
timethese(100, {'Presize' => \&sub1,
'NoPresize' => \&sub2, }, 'all');
sub sub1 {
# my %hash = ();
undef my %hash;
keys %hash = 16384;
for (my $i = 0; $i < 16384; ++$i) {
++$hash{$i};
}
}
sub sub2 {
# my %hash = ();
undef my %hash;
# buckets will increase as hash grows
# This doesn't count as sharing keys, I hope...
# for (my $i = 16384; $i < 32768; ++$i) {
for (my $i = 0; $i < 16384; ++$i) {
++$hash{$i};
}
}
__END__
My output is:
Benchmark: timing 100 iterations of NoPresize, Presize...
NoPresize: 27 secs (26.27 usr 0.03 sys + 0.00 cusr 0.00 csys = 26.30
cpu)
Presize: 25 secs (25.27 usr 0.00 sys + 0.00 cusr 0.00 csys = 25.27
cpu)
------------------------------
Date: Thu, 11 May 2000 10:03:05 -0400
From: tadmc@metronet.com (Tad McClellan)
Subject: Re: Quit over the use of a script (ot)
Message-Id: <slrn8hlfcp.k1b.tadmc@magna.metronet.com>
On Thu, 11 May 2000 00:40:59 -0600, Peter <home@cordova.net> wrote:
>Pardon the off-topic intrusion but I'm one of those programmers who has
>never worked with other programmers
Pardon me for robbing your 7-11 but I'm one of those crooks
who needs money.
Better to not do forbidden things than to do them while
apologizing.
You have nothing to say about Perl, so you must not post
to a Perl newsgroup.
If you want to discuss general programming/software
engineering issues, find a newsgroup where such things
are discussed, such as:
comp.programming
comp.software
comp.software-eng
>and so where do I go to learn the
>state of the marketplace.
To a newsgroup that is in some way related to the state
of whatever marketplace you want to discuss, not to a
programming language newsgroup.
>I
>did not like what I considered an alien intruding in my universe.
Thousands of readers of this newsgroup do not like what they
consider alian intrusions into their universe.
But that is their problem, not yours.
>I did
>not want to waste my time working within the confines of this alien
>entity
Readers of this newsgroup do not want to waste their time on
discussions of general programming principles. If they wanted
to discuss such things, they would be reading a newsgroup where
such things are discussed.
>well it just pisses me off.
ditto * thousands_of_people
>Am I a prima donna?
No, just Usenet abuser.
>Please don't hesitate to say what you think
I think I've done that.
>and pardon the off-topic
>intrusion.
No.
--
Tad McClellan SGML Consulting
tadmc@metronet.com Perl programming
Fort Worth, Texas
------------------------------
Date: Thu, 11 May 2000 09:04:40 -0700
From: Tom Phoenix <rootbeer@redcat.com>
Subject: Re: read bios
Message-Id: <Pine.GSO.4.10.10005110900120.16364-100000@user2.teleport.com>
On Thu, 11 May 2000, Marc Monney wrote:
> since Perl I would like to go to read certain values in the bios. I
> have any idea how to make, if somebody with already an end of program.
You don't seem to be a native speaker of English. If so, perhaps you
should ask here using your native language.
Working with low-level system-dependent hardware or software is often best
done by using a module which uses XS code to make the appropriate
low-level system calls. If there's a module which does what you want, it
should be listed in the module list on CPAN. If you don't find one to your
liking, you're welcome and encouraged to submit one! :-) Hope this helps!
http://search.cpan.org/
http://www.cpan.org/
--
Tom Phoenix Perl Training and Hacking Esperanto
Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: Thu, 11 May 2000 18:52:30 +0100
From: "Damon Jebb" <damon_jebb@nai.com>
Subject: Re: remaining disk space
Message-Id: <8fes18$eqv$1@new-news.na.nai.com>
I would use a small dos utility and use the backquote method to catch the
output. I've got a copy of DU.COM which I picked up many years ago for this
purpose - it just outputs the nuber of bytes free on a drive spec that's
passed to it.
Peter <peter_gonnissenNOpeSPAM@euroseek.com.invalid> wrote in message
news:274bbd15.6ac0e10b@usw-ex0102-084.remarq.com...
> Hi,
>
> I uses the following lines to obtain free disk space on NT4.
> It's based on the dir output layout, so you will have to adapt it
> for win98 or win95.
>
> foreach $_ (`dir c:`){s/ file://g;if (/bytesfree/) {$space=$`;}}
> print $space;
>
> Peter.
>
> * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network
*
> The fastest and easiest way to search and participate in Usenet - Free!
>
------------------------------
Date: 11 May 2000 17:36:05 +0100
From: nobull@mail.com
Subject: Re: Seeking a file
Message-Id: <u9em79doy2.fsf@wcl-l.bham.ac.uk>
Igor Campos Leal <igorleal@dcc.ufmg.br> writes:
> I need to know how the function seek works.
perldoc -f seek
> I wanna read a line of the file and, if a condition, seek the file
> for one line up.
> How can I do that? Can I use offset with kline nmber?
No, you have to record byte offsets for the start of each line in an
array.
If the file is small you may decide to just slurp the whole thing into
an array.
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
------------------------------
Date: 11 May 2000 16:56:41 GMT
From: mjtg@cus.cam.ac.uk (M.J.T. Guy)
Subject: Re: Semantics of terminal /@/ and "@" (Was: Re: Help Needed - Perl Matching Operator)
Message-Id: <8feoo9$tt$1@pegasus.csx.cam.ac.uk>
Larry Rosler <lr@hpl.hp.com> wrote:
>
>I cannot find a positive statement about what "@" means, and
>unfortunately "@" behaves differently from "$" (which causes a syntax
>error), for no apparent reason.
The unapparent and AFAIK undocumented reason is that whereas
"punctuation" scalar variables such as $" interpolate, "punctuation"
arrays such as @" do not. So whereas $ at the end of a string
would be ambiguous, @ at the end never is.
Mike Guy
------------------------------
Date: 11 May 2000 17:46:19 GMT
From: ilya@math.ohio-state.edu (Ilya Zakharevich)
Subject: Re: Semantics of terminal /@/ and "@" (Was: Re: Help Needed - Perl Matching Operator)
Message-Id: <8ferlb$e2e$1@charm.magnus.acs.ohio-state.edu>
[A complimentary Cc of this posting was sent to M.J.T. Guy
<mjtg@cus.cam.ac.uk>],
who wrote in article <8feoo9$tt$1@pegasus.csx.cam.ac.uk>:
> The unapparent and AFAIK undocumented reason is that whereas
> "punctuation" scalar variables such as $" interpolate, "punctuation"
> arrays such as @" do not.
Correct, but irrelevant. (What is relevant is whether we allow empty
names.)
> So whereas $ at the end of a string would be ambiguous, @ at the
> end never is.
Wrong. See rule 1 of "gory details".
Ilya
------------------------------
Date: Thu, 11 May 2000 10:10:03 -0400
From: tadmc@metronet.com (Tad McClellan)
Subject: Re: shooting yourself in the foot ...
Message-Id: <slrn8hlfpr.k1b.tadmc@magna.metronet.com>
On 11 May 2000 09:10:45 GMT, Ilmari Karonen <iltzu@sci.invalid> wrote:
>In article <391A2049.39E05465@citr.com.au>, James Beard wrote:
>>I was just trolling through some old jokes, and I came across
>>http://www.users.csbsju.edu/~lziegler/ShootingInFoot.html
>>
>>Does anyone have a "shooting yourself in the foot with perl"?
>
>"You grab the gun and pull the trigger without aiming. The bullet
> hits your foot, which is what Perl assumed you wanted."
Make a trigger pulling motion, and Perl will:
autovivify a gun for you
initialize it with bullets
fire a bullet
move your foot so as to coincide with the bullet's trajectory
say "Ouch!" for you
--
Tad McClellan SGML Consulting
tadmc@metronet.com Perl programming
Fort Worth, Texas
------------------------------
Date: Thu, 11 May 2000 16:55:01 GMT
From: andrew-johnson@home.com (Andrew Johnson)
Subject: Re: shooting yourself in the foot ...
Message-Id: <FBBS4.12066$95.153890@news1.rdc1.mb.home.com>
In article <slrn8hlfpr.k1b.tadmc@magna.metronet.com>,
Tad McClellan <tadmc@metronet.com> wrote:
[snip]
> Make a trigger pulling motion, and Perl will:
>
> autovivify a gun for you
>
> initialize it with bullets
>
> fire a bullet
>
> move your foot so as to coincide with the bullet's trajectory
>
> say "Ouch!" for you
I hear that soon a new Foot::Intercede module will even step in
and take the bullet for you :-)
andrew
--
Andrew L. Johnson http://members.home.net/andrew-johnson/epwp.html
well, take it from an old hand: the only reason it would be easier
to program in C is that you can't easily express complex problems
in C, so you don't. -- Erik Naggum, on comp.lang.lisp
------------------------------
Date: 11 May 2000 17:54:02 GMT
From: ilya@math.ohio-state.edu (Ilya Zakharevich)
Subject: Re: shooting yourself in the foot ...
Message-Id: <8fes3q$e7d$1@charm.magnus.acs.ohio-state.edu>
[A complimentary Cc of this posting was sent to Tad McClellan
<tadmc@metronet.com>],
who wrote in article <slrn8hlfpr.k1b.tadmc@magna.metronet.com>:
> Make a trigger pulling motion, and Perl will:
>
> autovivify a gun for you
>
> initialize it with bullets
>
> fire a bullet
>
> move your foot so as to coincide with the bullet's trajectory
This is not entirely correct. To be absolutely sure to do what you
mean, it would also
move feet of 3 your worst enemies at the same position
> say "Ouch!" for you
Due to a historical feature, it would not say "Ouch!" for *them*.
The discussion whether to consider it a bug overloaded the mail
server, so a message with a patch to a bug in the above function
was missed. Due to this bug, Perl would fry a bullet instead of
firing it.
Ilya
------------------------------
Date: Thu, 11 May 2000 08:38:08 -0700
From: Tom Phoenix <rootbeer@redcat.com>
Subject: Re: Simulating web browsers
Message-Id: <Pine.GSO.4.10.10005110836540.16364-100000@user2.teleport.com>
On Thu, 11 May 2000 kcyen@my-deja.com wrote:
> Anyone have any perl tools that i can use to simulate a web browser ?
Like the LWP distribution from CPAN?
> Better still any ideas on how do i simulate the way Netscape generate
> the SSJS session key in perl?
I have no idea what that is, but maybe you can figure it out from the
Netscape sources. Cheers!
--
Tom Phoenix Perl Training and Hacking Esperanto
Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: Thu, 11 May 2000 09:11:23 -0700
From: Jeff Zucker <jeff@vpservices.com>
Subject: Re: Still having problems with cgi under IIS
Message-Id: <391ADBAB.BB24CDB5@vpservices.com>
Ted Marz wrote:
>
> Just for grins, try naming the file as
> <whatever>.plx rather than <whatever>.pl
>
> The shebang (#!) under windows doesn't matter (except for portability),
> as windows uses a file type association, rather than parsing the file.
It may not matter under IIS, I wouldn't know. But to say it doesn't
matter under windows is false. If one uses a decent webserver like
apache on windows, the shebang line is used to determine where perl is,
not the file association.
--
Jeff
------------------------------
Date: Thu, 11 May 2000 17:06:08 GMT
From: prakash_ojha@my-deja.com
Subject: Re: Still having problems with cgi under IIS
Message-Id: <8fep9j$dar$1@nnrp1.deja.com>
keep the extension .pl, I think your problem appears to be with the
configuration in IIS. check your scrip and execute permissions and
under configuration check the dlls and path set up for handling .pl
extension. If the problem persists, reinstall perl, which will take
care of everything. however, remeber execute permissions. hope this
helps.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Thu, 11 May 2000 08:45:29 -0700
From: Jeff Zucker <jeff@vpservices.com>
Subject: Re: Strange Characters from Perl Script
Message-Id: <391AD599.BB7C10AD@vpservices.com>
"Godzilla!" wrote:
>
> This line:
>
> $value =~ s/<([^>]+)>//gi;
>
> ...will kill almost all html tags. There
> are some lame brain tricks to get around
> this but none all that serious if you
> address 'double up brackets' such as:
>
> <"< html tag >">
>
Absolutely false. You could kill every occurrance of "<" and ">" in
user input and it would still be possible to send malicious javascript.
This snippet doesn't even begin to deal with the alternate charset
problems that Tom Christiansen pointed out in an addendum to the CERT
#CA-2000-02 security alert and that CGI.pm thereafer fixed in its
HTMLescape routines. It isn't possible to kill HTML tags in less than
about 10 lines of code and that snippet does not even come anywhere
close to doing what needs to be done.
Newbies: DO NOT TRUST YOUR SECURITY TO THIS KIND OF SIMPLE-MINDED
SCRIPTING.
--
Jeff
------------------------------
Date: Thu, 11 May 2000 10:53:55 -0500
From: "Andrew N. McGuire" <andrew.mcguire@walgreens.com>
Subject: Re: Strange Characters from Perl Script
Message-Id: <391AD793.388390E@walgreens.com>
Jeff Zucker wrote:
>
> "Godzilla!" wrote:
> >
> > This line:
> >
> > $value =~ s/<([^>]+)>//gi;
> >
> > ...will kill almost all html tags. There
> > are some lame brain tricks to get around
> > this but none all that serious if you
> > address 'double up brackets' such as:
> >
> > <"< html tag >">
[ snip ]
> Newbies: DO NOT TRUST YOUR SECURITY TO THIS KIND OF SIMPLE-MINDED
> SCRIPTING.
Whooa, watch out or the troll will threaten you the same way
she did Tony Curtis and myself.
Cheers,
anm
--
Andrew N. McGuire
andrew.mcguire@walgreens.com
------------------------------
Date: Thu, 11 May 2000 09:33:06 -0700
From: "Godzilla!" <godzilla@stomp.stomp.tokyo>
Subject: Re: Strange Characters from Perl Script
Message-Id: <391AE0C2.BB62CA14@stomp.stomp.tokyo>
Jeff Zucker wrote:
> "Godzilla!" wrote:
> > This line:
> > $value =~ s/<([^>]+)>//gi;
> > ...will kill almost all html tags. There
> > are some lame brain tricks to get around
> > this but none all that serious if you
> > address 'double up brackets' such as:
> > <"< html tag >">
> Absolutely false.
What is false? Your claims perhaps? This statement
of yours above is unsubstantiated and unqualified
"Mere Assertion", which is a notion well accepted
amongst the learned as Fool's Fodder.
> You could kill every occurrance of "<" and ">" in
> user input and it would still be possible to send malicious javascript.
Big Bad Wolf Huffing & Puffing. An example?
Substantiate your claim by example.
> This snippet doesn't even begin to deal with the alternate charset
> problems that Tom Christiansen pointed out in an addendum to the CERT
> #CA-2000-02 security alert and that CGI.pm thereafer fixed in its
> HTMLescape routines.
"Using this "Steve Brenner" style read and parse
I have in my script, can be modified to address
any and all security issues quite readily and,
other security issues not related to your read
and parse, can be 'accessorized' into your script."
Reading comprehension problems?
$value =~ s/<([^>]+)>//gi;
This snippet covers literally everything listed
in CERT CA-2000-02. No "viable" malicious code would
make it through this snippet.
Reading comprehension problems?
> It isn't possible to kill HTML tags in less than
> about 10 lines of code and that snippet does not even come anywhere
> close to doing what needs to be done.
I can kill that stuff in seven lazy lines!
@bad_word_list = ("<applet", "<blockquote", "<body", "<dl", ...etc...);
foreach $bad_tag (@bad_word_list)
{
$bad_tag_check = index ($input, $bad_tag);
if ($bad_tag_check gt -1)
{ $input eq ""; }
}
I read no examples of "...what needs to be done."
Big Bad Wolf Huffing & Puffing.
> Newbies: DO NOT TRUST YOUR SECURITY TO THIS KIND OF SIMPLE-MINDED
> SCRIPTING.
I have to laugh. Media Hype, BIG AND BOLD, fitting for
the National Enquirer.
"ALIENS FROM ALTURUS 5 CRASHED MY INTERNET SITE"
It is clear you do not hold a prerequisite knowledge
level in Perl to be qualified to make these remarks
of yours within your article.
Godzilla!
------------------------------
Date: Thu, 11 May 2000 09:56:05 -0700
From: Jeff Zucker <jeff@vpservices.com>
Subject: Re: Strange Characters from Perl Script
Message-Id: <391AE625.796AC2FD@vpservices.com>
"Godzilla!" wrote:
>
> Jeff Zucker wrote:
>
> > "Godzilla!" wrote:
>
> > > This line:
>
> > > $value =~ s/<([^>]+)>//gi;
>
> > > ...will kill almost all html tags. There
> > > are some lame brain tricks to get around
> > > this but none all that serious if you
> > > address 'double up brackets' such as:
>
> > > <"< html tag >">
>
> > Absolutely false.
>
> What is false? Your claims perhaps? This statement
> of yours above is unsubstantiated and unqualified
> "Mere Assertion", which is a notion well accepted
> amongst the learned as Fool's Fodder.
The substantiation is available at
http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2000-03/msg00750.html
>
> > You could kill every occurrance of "<" and ">" in
> > user input and it would still be possible to send malicious javascript.
>
> Big Bad Wolf Huffing & Puffing. An example?
> Substantiate your claim by example.
Multiple examples in the message cited above.
> "Using this "Steve Brenner" style read and parse
> I have in my script, can be modified to address
> any and all security issues quite readily and,
> other security issues not related to your read
> and parse, can be 'accessorized' into your script."
That's kind of like saying "this piece of stone can be turned into an
Olmec head, just use a chisel."
>
> $value =~ s/<([^>]+)>//gi;
>
> This snippet covers literally everything listed
> in CERT CA-2000-02. No "viable" malicious code would
> make it through this snippet.
I'm afraid you are wrong. Look at the citation.
> Reading comprehension problems?
Research and information gathering problems? Though I can't really
blame you for missing this one, it is relatively obscure. The point is
however that the author of CGI.pm has a mechanism for learning about
even the most obscrure alerts and you do not and that is *precisely* why
newbies should not try to hand-roll the kind of stuff you are telling
them to hand-roll.
> I can kill that stuff in seven lazy lines!
Nope, doesn't even come close.
> Big Bad Wolf Huffing & Puffing.
I'm afraid you should have built with bricks rather than straw.
>
> > Newbies: DO NOT TRUST YOUR SECURITY TO THIS KIND OF SIMPLE-MINDED
> > SCRIPTING.
I still stand by that.
--
Jeff
------------------------------
Date: Thu, 11 May 2000 08:34:54 -0700
From: Tom Phoenix <rootbeer@redcat.com>
Subject: Re: taint workin
Message-Id: <Pine.GSO.4.10.10005110832000.16364-100000@user2.teleport.com>
On Wed, 10 May 2000, Michael Matthews wrote:
> Thanks for asking. I found the problem in the Text::Wrapper module.
And that's a great test program.
> - Without the -T works fine, with loops infinitely.
> - regex's must be in a function.
> - Input to function must come from file, if I pass $str directly it works
> ok.
> - $_[0] must be used, not assigned to a var which is why a function.
Pretty amazing. And confirmed in 5.6.0, although I can't see the solution
at once. If you haven't done so already, submit your test program via
perlbug - with a good test case like that, you'll probably have a patch
within a day or two.
Cheers!
--
Tom Phoenix Perl Training and Hacking Esperanto
Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: 11 May 2000 18:39:22 +0100
From: nobull@mail.com
Subject: Why is (?{ }) assertion always true?
Message-Id: <u9bt2ddm0l.fsf@wcl-l.bham.ac.uk>
Can someone explain why (?{ }) regex assertions are always true?
Wouldn't it be far more useful if their truth was the return value
from the block of code?
/(\w+)(?{$good_word{$1}})/
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 3018
**************************************
