[15608] in Perl-Users-Digest
Perl-Users Digest, Issue: 3021 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Thu May 11 18:16:47 2000
Date: Thu, 11 May 2000 15:15:26 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <958083326-v9-i3021@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Thu, 11 May 2000 Volume: 9 Number: 3021
Today's topics:
Re: sorting algorithms, and precedence. <lr@hpl.hp.com>
Re: Still a double insert with DBI <makarand_kulkarni@My-Deja.com>
Re: Still a double insert with DBI <huijgbv@casema.net>
Re: Still a double insert with DBI <huijgbv@casema.net>
Re: Still having problems with cgi under IIS prakash_ojha@my-deja.com
Re: Strange Characters from Perl Script (Gordon Clemmons)
Re: Strange Characters from Perl Script <godzilla@stomp.stomp.tokyo>
Re: Strange Characters from Perl Script <jeff@vpservices.com>
Re: Strange Characters from Perl Script <godzilla@stomp.stomp.tokyo>
Re: Strange Characters from Perl Script <jeff@vpservices.com>
Re: Strange Characters from Perl Script <lr@hpl.hp.com>
Re: Strange Characters from Perl Script (Mark Badolato)
string and numeric data handling nfin8axs@hotmail.com
Subroutine error stops module ?! <hans-jan@stack.nl>
tie 'MLDBM' from a CGI script not working -- any clues? christop@wrq.com
Re: tie 'MLDBM' from a CGI script not working -- any cl <baughj@rpi.edu>
Re: tie 'MLDBM' from a CGI script not working -- any cl christop@wrq.com
unpack c struct <a1234_ec@yahoo.com>
Untainting works not with IO::Socket::connect simeon2000@my-deja.com
Re: Why is (?{ }) assertion always true? (Ilya Zakharevich)
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Thu, 11 May 2000 14:50:49 -0700
From: Larry Rosler <lr@hpl.hp.com>
Subject: Re: sorting algorithms, and precedence.
Message-Id: <MPG.1384cb10f2ea3d898aa5a@nntp.hpl.hp.com>
In article <8fe2ir$e04$1@216.155.33.41> on 11 May 2000 10:38:19 GMT, The
WebDragon <nospam@devnull.com> says...
> I'd like to be able to change the sort precedence if possible..
That requires prepending a precedence indicator to each of the string
you are trying to sort. Keep in mind that efficient sorting requires
that the sortkeys be prepared once each only, rather than every time two
strings are being compared.
> for example, sorting items that start with any non-alphanumeric
> character to the bottom (below Z) rather than the top (above A).
For 'alphanumeric', read 'letter, digit, or underscore'. If otherwise,
use an explicit character class.
$sortkey = ($string =~ /^\w/ ? 0 : 1) . $string;
You can substring the first character off after sorting, to recover the
original string.
> can I also get sorting to ignore case?
Map each sortkey to lower-case. But then you will need to save the
original strings separately, so you can recover them in their original
case. All this is covered in the documentation.
> can I ALSO get sorting to ignore certain characters for the purpose of
> the sort? (many of these map names have a - after the game type (dm-map,
> dom-mapname, ctf-anothermap) but a few lazy authors forgot to include
> the - in the filename even though it DOES use it in the title. I'd like
> to ignore the - for the purposes of sorting, if possible.
$sortkey =~ tr/-//d;
> since the sorting is in a foreach my $var (sort(keys(%hash))) {} line, I
> am not sure whether this is possible or not.
At the least, you will need to provide the name of a sortsub, because
the default lexicographic sort won't do it. See the documentation.
> can anyone help?
Ilja posted a formidable list of references, but left out the most
comprehensive:
http://www.hpl.hp.com/personal/Larry_Rosler/sort/
--
(Just Another Larry) Rosler
Hewlett-Packard Laboratories
http://www.hpl.hp.com/personal/Larry_Rosler/
lr@hpl.hp.com
------------------------------
Date: Thu, 11 May 2000 12:10:59 -0700
From: Makarand Kulkarni <makarand_kulkarni@My-Deja.com>
Subject: Re: Still a double insert with DBI
Message-Id: <391B05C3.18F5C0EB@My-Deja.com>
> $sth = $dbh->prepare("SELECT max(list_id), max(ordernumber) FROM
> orderlist");
If two CGI processes execute the above statement at the same time
then they will end up with the same value for max(list_id ) and
max(ordernumber).
IT might be better to use a mysql sequence
------------------------------
Date: Thu, 11 May 2000 22:06:38 +0200
From: "Eric van Huijgevoort" <huijgbv@casema.net>
Subject: Re: Still a double insert with DBI
Message-Id: <391b13dc$0$4762@reader5>
> > $sth = $dbh->prepare("SELECT max(list_id), max(ordernumber) FROM
> > orderlist");
>
> If two CGI processes execute the above statement at the same time
> then they will end up with the same value for max(list_id ) and
> max(ordernumber).
> IT might be better to use a mysql sequence
Thanks for your replay,
Unfortunately the double insert appears also whene I use one of the above
statements.
Best Regards,
Erik van Huijgevoort
------------------------------
Date: Thu, 11 May 2000 22:14:51 +0200
From: "Eric van Huijgevoort" <huijgbv@casema.net>
Subject: Re: Still a double insert with DBI
Message-Id: <391b1655$0$26865@reader2>
Thanks for your replay,
Unfortunately the double insert appears also without $max_ordernumber.
Best Regards,
Erik van Huijgevoort
> In article <391aaea3$0$4761@reader5>,
> "Eric van Huijgevoort" <huijgbv@casema.net> wrote:
> > Earlier today a had a question about a double insert. After some
> changes the
> > the problem is still actual. Sometimes the insert goes for a few
> inserts
> > well and than for 30 inserts double. It seems that the instruction
> runs
> > twice because an higher ordernumber is inserted for the second time.
> Is
> > there maybe an instruction preventing running undermentioned code for
> the
> > second time or do you have an explanation for this problem? Every
> suggestion
> > is welcome.
>
> I'm guessing this means that more than one record inserted has the same
> ordernumber . . .
>
> >
> > <eval>
> > use DBI;
> > my $dbh=
> >
>
DBI->connect("DBI:mysql:database:localhost","username","password",{'RaiseErr
> > or' => 1});
> >
> > $sth = $dbh->prepare("SELECT max(list_id), max(ordernumber) FROM
> > orderlist");
> > $sth->execute();
> > @dataarr = $sth->fetchrow_array;
> > $max_list_id=$dataarr[0];
> > $max_ordernumber=$dataarr[1];
> > $max_list_id++;
> > $max_ordernumber++;
> >
> > foreach $product (sort keys %howmanyproducts) {
> > $dbh->do("INSERT INTO orderlist VALUES ($max_list_id,
> $max_ordernumber,
> > $howmanyproducts{$product}, '$product',
> > systemideachproduct{$product}, '$statuseachproduct{$product}')");
> > $max_list_id++;}
> >
>
> If the foreach executes more than once (if there is more than one item
> in %howmanyproduct), you will insert more than one record into the
> table. Since $max_ordernumber is not incremented in the loop, its value
> will be the same for every insertion.
>
> > $dbh->disconect;
> > </eval>
> >
> > Thanks in advance, you can also mail me.
> >
> > Erik van Huijgevoort
> > Holland
> > huijgbv@casema.net
> >
> >
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
Date: Thu, 11 May 2000 20:35:45 GMT
From: prakash_ojha@my-deja.com
Subject: Re: Still having problems with cgi under IIS
Message-Id: <8ff5iv$rsg$1@nnrp1.deja.com>
the reason why DOS is running is because you've used localpath c:\ and
stuff also make sure that you're script is in webroot. this would help.
anytime localpath is used DOS runs, if it's executed through server cgi
script is properly executed. use .pl extension.
prakash
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: 11 May 2000 18:23:02 GMT
From: perl_phreak@yahoo.com (Gordon Clemmons)
Subject: Re: Strange Characters from Perl Script
Message-Id: <8F317334Anospamblahcom@130.133.1.4>
> "Godzilla!" wrote:
> "Using this "Steve Brenner" style read and parse
> I have in my script, can be modified to address
> any and all security issues quite readily and,
> other security issues not related to your read
> and parse, can be 'accessorized' into your script."
Using this "Home Depot" style 2x4 I have in my backyard,
can be modified to build any and all housing structures
quite readily and other building issues not related to
your house, can be 'accessorized' into your lumber.
>$value =~ s/<([^>]+)>//gi;
>
>This snippet covers literally everything listed
>in CERT CA-2000-02. No "viable" malicious code would
>make it through this snippet.
This 2x4 covers literally everything listed in the
Home Builder's Association Safety Code. No malicious
elements would make it through this 2x4.
>I can kill that stuff in seven lazy lines!
>
>@bad_word_list = ("<applet", "<blockquote", "<body", "<dl", ...etc...);
>foreach $bad_tag (@bad_word_list)
> {
> $bad_tag_check = index ($input, $bad_tag);
> if ($bad_tag_check gt -1)
> { $input eq ""; }
> }
Wow. That is quite possibly the worst solution
I've seen to date for this problem. index?? Sure,
we have the power of pattern matching, but why use
that new-fangled 'buggy' stuff! Heck, let's make the
read-parse equivilant of a war-dialer and test for
every permutation of 'malicious code' and then do
a character by character test to check for it!
>It is clear you do not hold a prerequisite knowledge
>level in Perl to be qualified to make these remarks
>of yours within your article.
It baffles me that you have a prerequisite knowledge
of basic literacy. You obviously do not have the same
of Perl or programming basics.
It really makes me sad to see such beligerent ignorance
on your part. I hope you can take a moment of
self-realization and 'take one for the team' so to speak.
Hell, take one in the arse for all I care, just stop
posting here!
-- Gordon
s/(\d{2})/chr($1)/eg && print if $_ =
'85836932677173468077327879843282696568806582836933';
------------------------------
Date: Thu, 11 May 2000 11:41:40 -0700
From: "Godzilla!" <godzilla@stomp.stomp.tokyo>
Subject: Re: Strange Characters from Perl Script
Message-Id: <391AFEE4.D0D188F6@stomp.stomp.tokyo>
Jeff Zucker wrote:
> > What is false? Your claims perhaps? This statement
> > of yours above is unsubstantiated and unqualified
> > "Mere Assertion", which is a notion well accepted
> > amongst the learned as Fool's Fodder.
> The substantiation is available at
http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2000-03/msg00750.html
This link serves to highlight yet
another myriad reasons why to not
use cgi.pm and it's buggy coding.
This is not related to a Brenner
style methodology of addressing
security issues, nor related to
my own style of addressing security
issues, which is superior to this
cgi.pm and its bugs. Stein writes
excellent code, but not perfectly.
None of us write perfect code. I have
yet to read these claims of yours
substantiated in any form or fashion.
You claim to have malicious Java style
code which will pass through this:
$value =~ s/<([^>]+)>//gi;
..even after knocking out <"< and
>"> type of tricks.
Post this code for examination and
testing. Proving yourself would be
of benefit for all to learn of a new
trick to pass viable malicious code
through that snippet. Do us all a
favor. Prove me wrong. Post this
Java style malicious code of yours.
Godzilla!
------------------------------
Date: Thu, 11 May 2000 12:32:33 -0700
From: Jeff Zucker <jeff@vpservices.com>
Subject: Re: Strange Characters from Perl Script
Message-Id: <391B0AD1.735AFA0D@vpservices.com>
"Godzilla!" wrote:
>
> This link serves to highlight yet
> another myriad reasons why to not
> use cgi.pm and it's buggy coding.
It does nothing of the kind. It reports a previously unreported
security hole which the author of CGI.pm promptly closed in the next
version of the module.
> This is not related to a Brenner
> style methodology of addressing
> security issues, nor related to
> my own style of addressing security
> issues
It certainly is related to those and to any method which attempts to
prevent malicious code by a simple removal of the angle brackets
characters.
> which is superior to this
> cgi.pm and its bugs.
Your style is better than Lincoln Stein's. Hmm, I believe that is what
is called delusions of grandeur. And Mr. Brenner's cgi-lib.pl code may
have been fine the last time he updated it, but alot has changed in the
year and a half since then.
> You claim to have malicious Java style
> code which will pass through this:
>
> $value =~ s/<([^>]+)>//gi;
>
> ..even after knocking out <"< and
> >"> type of tricks.
>
> Post this code for examination and
> testing.
my $value = "<SCRIPT>alert('duh');</SCRIPT>";
$value =~ s/</\x8b/g;
$value =~ s/>/\x9b/g;
$value =~ s/<([^>]+)>//gi; # GODZILLA'S IRRELEVANT SNIPPET
print "Content-type: text/html\n\n$value";
As stated in the citation, these hex codes will be interpreted by *some*
browsers as angle brackets and the javascript inside them will be
executed. Your snippet does not remove them.
--
Jeff
------------------------------
Date: Thu, 11 May 2000 13:06:23 -0700
From: "Godzilla!" <godzilla@stomp.stomp.tokyo>
Subject: Re: Strange Characters from Perl Script
Message-Id: <391B12BF.CF400286@stomp.stomp.tokyo>
Jeff Zucker wrote:
> > Post this code for examination and
> > testing.
> my $value = "<SCRIPT>alert('duh');</SCRIPT>";
> $value =~ s/</\x8b/g;
> $value =~ s/>/\x9b/g;
> $value =~ s/<([^>]+)>//gi; # GODZILLA'S IRRELEVANT SNIPPET
> print "Content-type: text/html\n\n$value";
This is not malicious Java style code as you
claim to have. This is Perl Code. You have
presented a falsehood or do not recognize the
difference between Java style code and Perl
style code. You claim to have malicious Java
style code which will pass through those code
parameters I set in my previous articles.
Please post this code, now if you don't mind.
Prove yourself or back down.
I cannot believe you would even try to pull a
code cheat like this. This is beyond comprehension,
and destroys any credibility you may have had previous.
Jeff Zucker wrote:
> The substantiation is available at
> http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2000-03/msg00750.html
From your substantiation link:
"...0x8b is a "<" (start of tag) and that 0x9b is a ">" (end of
tag)...."
"To demo the exploit...
"print "\x8bH1\x9bTest\x8b/H1\x9b";"
I am unable to duplicate these conditions nor
pass any malicious code using techniques outlined
at your link, through a Brenner style read and parse,
even with zero security precautions, as you claim
according to your substantiation link.
My test conditions are Mozilla 4.7 via
our internet using this test code below.
Printed results are first. Possibly another
will test this via MSIE or other versions
of browsers. I cannot verify your claims
as being true. TEST CODE 3 returns an
incorrect character set and is not
viable html code.
PRINTED RESULTS:
________________
TEST CODE 1:
0x8b test input 0x9b
TEST CODE 2:
0x8b test input 0x9b
TEST CODE 3:
‹H1› test print ‹/H1›
TEST CODE 4:
x8bH1x9b test print x8b/H1x9b
TEST CODE:
________________
#!/usr/local/bin/perl
print "Content-Type: text/html\n\n";
print "
<HTML><HEAD><TITLE>Test Code</TITLE></HEAD><BODY>
<BR><BR>
<FORM METHOD=\"POST\" ACTION=\"test.cgi\">
<INPUT TYPE=\"text\" SIZE = \"30\" NAME=\"Test_Code\">
<P>
<INPUT TYPE=\"submit\" NAME=\"Test_Button\" VALUE=\"TEST\"></FORM><P>";
&Parse;
sub Parse
{
local (*in) = @_ if @_;
local ($i, $key, $value);
read (STDIN,$in,$ENV{'CONTENT_LENGTH'});
@in = split (/&/,$in);
foreach $i (0 .. $#in)
{
$in[$i] =~ s/\+/ /g;
($key, $value) = split (/=/,$in[$i],2);
($value eq "") && next;
$key =~ s/%(..)/pack ("c",hex($1))/ge;
$value =~ s/%(..)/pack ("c",hex($1))/ge;
$in{$key} .= "\0" if (defined($in{$key}));
$in{$key} .= $value;
}
return 1;
}
if ($in{Test_Code})
{
print "TEST CODE 1: <XMP> $in{Test_Code} </XMP> <P>
TEST CODE 2: <P> $in{Test_Code} <P>
TEST CODE 3: <P> \x8bH1\x9b test print \x8b/H1\x9b <P>
TEST CODE 4: <P> x8bH1x9b test print x8b/H1x9b";
}
print "</BODY></HTML>";
exit;
___________________________________________
As I stated, Big Bad Wolf Huffing & Puffing.
No Divine Winds Of Knowledge.
You owe me an apology for posting malicious
falsehoods regarding my articles. Are you
gentleman enough to apologize for your
sociopathic behavior?
Godzilla!
------------------------------
Date: Thu, 11 May 2000 13:15:31 -0700
From: Jeff Zucker <jeff@vpservices.com>
Subject: Re: Strange Characters from Perl Script
Message-Id: <391B14E3.8E7C2E55@vpservices.com>
"Godzilla!" wrote:
>
> Jeff Zucker wrote:
>
> > > Post this code for examination and
> > > testing.
>
> > my $value = "<SCRIPT>alert('duh');</SCRIPT>";
> > $value =~ s/</\x8b/g;
> > $value =~ s/>/\x9b/g;
> > $value =~ s/<([^>]+)>//gi; # GODZILLA'S IRRELEVANT SNIPPET
> > print "Content-type: text/html\n\n$value";
>
>
> This is not malicious Java style code as you
> claim to have. This is Perl Code.
We are talking about Perl expressions which either do or do not prevent
malicious code from being sent to the browser. Sorry, but I am not
interested in printing actual malicious code. Instead I gave an example
of a harmless JavaScript which could just as easily have been malicious
JavaScript. The point is that your snippet does not prevent the
JavaScript from being passed to the browser, it really does not matter
for the purposes of testing what the JavaScript itself is.
> I am unable to duplicate these conditions nor
> pass any malicious code using techniques outlined
> My test conditions are Mozilla 4.
Great, you've proved that that one browser does not treat hex codes as
angle brackets. The original article clearly stated as did I that this
only impacts some browsers.
> You owe me an apology for posting malicious
> falsehoods regarding my articles. Are you
> gentleman enough to apologize for your
> sociopathic behavior?
Sure, as soon as you've tested this on all the browsers available and
shown me that there aren't any which react the way I stated, I'll be
glad to apologize.
--
Jeff
------------------------------
Date: Thu, 11 May 2000 13:24:12 -0700
From: Larry Rosler <lr@hpl.hp.com>
Subject: Re: Strange Characters from Perl Script
Message-Id: <MPG.1384b6c76daac8da98aa56@nntp.hpl.hp.com>
In article <391AE0C2.BB62CA14@stomp.stomp.tokyo> on Thu, 11 May 2000
09:33:06 -0700, Godzilla! <godzilla@stomp.stomp.tokyo> says...
...
> @bad_word_list = ("<applet", "<blockquote", "<body", "<dl", ...etc...);
> foreach $bad_tag (@bad_word_list)
> {
> $bad_tag_check = index ($input, $bad_tag);
> if ($bad_tag_check gt -1)
> { $input eq ""; }
> }
No one has commented on this code as an indicator of what we are dealing
with here.
1. There is a lexicographic comparison of two numbers, instead of a
numerical comparison. Yes, I know it works in this case, because
ord('-') is 45 while ord('0') is 48, but that is pure happenstance.
2. The consequence of this bogus test is another comparison, intended
to be an assignment. The troll doesn't know the difference between 'eq'
and '='!
Anyone who knows so little about Perl as this reveals the low level of
reliability in anything else that that person posts. But people who
come new to this newsgroup unaware of the history of this troll may be
misled.
Here (published with permission) is a bit of private correspondence that
highlights this problem:
+ From: Guiney, David [mailto:david.guiney@irtu.detini.gov.uk]
+ Sent: Wednesday, May 10, 2000 10:17
+ To: 'lr@hpl.hp.com'
+ Subject: Re: Strange Characters from Perl Script
+
+ Larry,
+
+ Thanks for your reply. I had received another reply from "Godzilla"
+ which looked to be a simpler solution without having to look at the
+ cgi.pm module. However, I have been warned off using any solutions
+ from this person by other contributors in the group! I have now
+ heeded your advice and implemented a working solution using cgi.pm.
+ Although it took a bit of time to get my head around this it
+ certainly seems to be a better way to implement cgi programs.
+
+ My only concern was the warning received by Godzilla re.
+ size/performance of scripts using cgi.pm. However, I do not see any
+ noticeable difference.
+
+ Thanks again,
+
+ David
So we have to keep reiterating the warnings, because we can't block
anyone from posting here.
Caveat lector!
--
(Just Another Larry) Rosler
Hewlett-Packard Laboratories
http://www.hpl.hp.com/personal/Larry_Rosler/
lr@hpl.hp.com
------------------------------
Date: 11 May 2000 21:52:29 GMT
From: mbadolato@quepasa.com (Mark Badolato)
Subject: Re: Strange Characters from Perl Script
Message-Id: <8F3196AAEmbadolatoquepasacom@206.165.3.70>
On 11 May 2000, godzilla@stomp.stomp.tokyo (Godzilla!) wrote in
<391B12BF.CF400286@stomp.stomp.tokyo>:
>This is not malicious Java style code as you
>claim to have. This is Perl Code. You have
Seeing as you've now done this a few times, I just thought I would
ask.... You have not one iota of a clue that there is a difference
betweem Javascript and Java, do you?
--mark
------------------------------
Date: Thu, 11 May 2000 19:26:25 GMT
From: nfin8axs@hotmail.com
Subject: string and numeric data handling
Message-Id: <8ff1gd$n1g$1@nnrp1.deja.com>
I am having some difficulty with the concept of string handling in PERL.
Is there a construct in PERL that does the equivalent of data casting
in C? I have a string of numbers that I wish to convert to a numeric
value. Will simple performing a numeric operation on the variable be
enough? (eg : $data = $data + 0;) or is there a more intelligent method?
Any suggestions would be greatly appreciated, as I am getting accustomed
to the PERL programming syntax and environment.
Thank you for your help and time.
-Stephen
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: 11 May 2000 19:04:33 GMT
From: Hans <hans-jan@stack.nl>
Subject: Subroutine error stops module ?!
Message-Id: <8ff081$k96$1@news.tue.nl>
list_2.txt contains :
file1--file_1_name.jpg--description
file2--file_2_name.jpg--description
etc.....
It is used as a database with files which can be selected and send by email.
Somewhere in subroutine print_file_list I made a mistake but where ?
TIA, Hans
PS : I know this is not the best code ever made but this is the best I
can do at the moment.
#!/usr/bin/perl
use strict;
use MIME::Lite;
sub send_email_with_files {
my $msg = MIME::Lite->new(
From =>'email_fr@server.com',
To =>'email_to@server.com',
Subject =>'Some subject',
Type => 'multipart/mixed'
);
&print_file_list;
$msg->send;
}
sub print_file_list {
my $idx_file = '';
my $nam_file = '';
my $dsc_file = '';
my $line = '';
open (FLIST, "<list_2.txt") || die "Can't open list_2.txt";
my @lines = <FLIST>;
foreach $line (@lines) {
($idx_file, $nam_file, $dsc_file) = split (/--/, $line);
$nam_file =~ tr/+/ /;
$nam_file =~ tr/\015\012//d;
$dsc_file =~ tr/+/ /;
$dsc_file =~ tr/\015\012//d;
$msg->attach(
Type =>'image/jpg',
Encoding =>'base64',
Path =>$nam_file);
}#foreach
close (LIST);
}#print_file_list
------------------------------
Date: Thu, 11 May 2000 18:17:16 GMT
From: christop@wrq.com
Subject: tie 'MLDBM' from a CGI script not working -- any clues?!!
Message-Id: <8fetes$i7v$1@nnrp1.deja.com>
I'm in the process of creating a database which I'd like to have
accessible from a web interface. I chose MLDBM because I've got
complex data. I've written a CGI script which takes the data from a
form, and passes it (or tries to) to the database. My script is
failing with the 'tie' command, claiming that there is 'No such file or
directory'; I created a test script which uses a simple text file, and
I'm able to open and write to this simple text file with no problem, so
I don't think it's a permissions problem. I'm able to run another
script which uses MLDBM from the command line with no problem, so I
know that MLDBM is set up correctly.
Any clues? Or recommendations for a better way to do this?
Muchas gracias -- christop@wrq.com
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Thu, 11 May 2000 14:38:16 -0400
From: justin baugh <baughj@rpi.edu>
Subject: Re: tie 'MLDBM' from a CGI script not working -- any clues?!!
Message-Id: <391AFE18.AE159B91@rpi.edu>
> Any clues? Or recommendations for a better way to do this?
Maybe if you posted some code, we could help you.
~j
--
==================================================
Justin Baugh (baughj@nocannedmeat.rpi.edu)
PGP: http://www.rpi.edu/~baughj/keys.txt
"Evil is easy, and has infinite forms." - Pascal
------------------------------
Date: Thu, 11 May 2000 19:56:24 GMT
From: christop@wrq.com
Subject: Re: tie 'MLDBM' from a CGI script not working -- any clues?!!
Message-Id: <8ff38v$p4q$1@nnrp1.deja.com>
In article <391AFE18.AE159B91@rpi.edu>,
justin baugh <baughj@rpi.edu> wrote:
> > Any clues? Or recommendations for a better way to do this?
>
> Maybe if you posted some code, we could help you.
>
Here's a partial snippet; the message ($msg) returned is always the
same: Cannot tie. No such file or directory.
sub write_to_file {
my %dbdata; my %tempdata;
my $key; my $last = 0; my $id; my $name;
tie(%dbdata, 'MLDBM', $dbfile) or $msg = $msg . "Cannot tie. $!
<p>\n";
%tempdata = %dbdata;
foreach $key (sort keys %tempdata) {
if ($key > $last) { $last = $key }
}
$id = $last + 1;
foreach $name (keys %Form) {
$Form{$name} =~ s/@/\@/g;
$tempdata{$id}{$name} = $Form{$name};
}
%dbdata = %tempdata;
untie %dbdata;
}
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Thu, 11 May 2000 21:42:09 GMT
From: Eric Chen <a1234_ec@yahoo.com>
Subject: unpack c struct
Message-Id: <8ff9fd$5p$1@nnrp1.deja.com>
There's an API that returns some value which has the following C struct
format.
Typedef struct{
UCHAR unMsgsize;
UCHAR unErrorcode;
UCHAR unMsgbody;
USHORT unHour;
USHORT unMinute;
ULONG ulOpen;
ULONG ulClose;
}ReturnValue;
How can I parse the return value in perl?
Eric
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Thu, 11 May 2000 21:06:04 GMT
From: simeon2000@my-deja.com
Subject: Untainting works not with IO::Socket::connect
Message-Id: <8ff7be$tud$1@nnrp1.deja.com>
Perlers,
An answer to a previous question of mine has reared another one. I'm
using Mail::POP3client, and passing it a 'tainted' variable from an
outside source as the "server" argument. IO::Socket::connect just
doesn't like tainted variables when you're specifying the server to
connect to, is what I gathered from answers.
I know how to untaint with regexs(perldoc perlsec was quite
informative), and I tested it. Unfortunately, untainting this still
doesn't fix the problem. I still get connect errors. Can anyone help
me figure out how to get Mail::POP3Client (IO::Socket underneath) to
work with this tainted-yet-untainted data?
Thanks in advance.
--
Thomas B. Holdren
Systems's Administrator, Linux Advocate,
RMS Fan (GO RMS-LINUX!!!)
===]:-)>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: 11 May 2000 19:08:46 GMT
From: ilya@math.ohio-state.edu (Ilya Zakharevich)
Subject: Re: Why is (?{ }) assertion always true?
Message-Id: <8ff0fu$fpv$1@charm.magnus.acs.ohio-state.edu>
[A complimentary Cc of this posting was sent to
<nobull@mail.com>],
who wrote in article <u9bt2ddm0l.fsf@wcl-l.bham.ac.uk>:
> Can someone explain why (?{ }) regex assertions are always true?
>
> Wouldn't it be far more useful if their truth was the return value
> from the block of code?
Because it is not an assertion? If you want to check the result, you
can always use (?()). And look for $^R in between.
Ilya
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 3021
**************************************
