[15698] in Perl-Users-Digest
Perl-Users Digest, Issue: 3111 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Sun May 21 11:05:20 2000
Date: Sun, 21 May 2000 08:05:07 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <958921507-v9-i3111@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Sun, 21 May 2000 Volume: 9 Number: 3111
Today's topics:
Re: Assign file handle to scalar? <gellyfish@gellyfish.com>
DataBase of Lists <jeffsnox@4unet.co.uk>
Re: DataBase of Lists <dave@dave.org.uk>
Re: DataBase of Lists <dave@dave.org.uk>
ENV{'REMOTE_HOST'} doesnt work, solution? <reevesg@cableinet.co.ukx>
Re: file locking <flavell@mail.cern.ch>
Re: file locking <dave@dave.org.uk>
Re: Forum for 'how to do it' questions? <ra.jones@NO_UCE*cwcom.net>
Re: Forum for 'how to do it' questions? <flavell@mail.cern.ch>
Looking for a good editor... <perl@sigmainstitute.com>
Re: Looking for a good editor... <dave@dave.org.uk>
Re: perl to lunch "Save As" browser window ??? (Bart Lateur)
Re: perl to lunch "Save As" browser window ??? <sergey@cgen.com>
Re: perl to lunch "Save As" browser window ??? <jeff@vpservices.com>
Re: perl to lunch "Save As" browser window ??? <tony_curtis32@yahoo.com>
Re: regexes *sigh* damn I hate these things <sue@pennine.com>
Re: SETUID problem (maybe lame) <sergey@cgen.com>
Re: SSI in Perl Script ? <flavell@mail.cern.ch>
Re: Untaint URL character class (Neil Kandalgaonkar)
Re: Untaint URL character class (Neil Kandalgaonkar)
Re: valid email address <reevesg@cableinet.co.ukx>
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: 20 May 2000 12:42:35 +0100
From: Jonathan Stowe <gellyfish@gellyfish.com>
Subject: Re: Assign file handle to scalar?
Message-Id: <8g5tnb$474$1@orpheus.gellyfish.com>
On Thu, 18 May 2000 13:47:06 -0400 MC wrote:
> I am creating an object module to act as a custom interface to a file. the
> object would open the file when created and close the file when destroyed. How
> can the object keep track of the file handle in the interrim? Can i assign it to
> a scalar so that other methods can use it as long as the object (and file) are
> open?
>
> ie:
>
> open FILE "myfile.ext";
> $object->{handle} = FILE;
>
As well as what Ala said you should bear in mind that 5.6.0 introduced the idea
of autovivifying filehandles so you can do something like :
#!/usr/bin/perl -w
use strict;
my %handles;
for (0 .. 9)
{
my $handle;
my $filename = "ht$_.txt";
open $handle,">$filename" or die "Cant open $filename - $!\n";
$handles{$filename} = $handle;
}
for (keys %handles)
{
print { $handles{$_} } "I am $_\n";
close $handles{$_};
}
/J\
--
Mmmm, purple.
--
fortune oscar homer
------------------------------
Date: Sun, 21 May 2000 13:45:53 +0100
From: "Jeff Snoxell" <jeffsnox@4unet.co.uk>
Subject: DataBase of Lists
Message-Id: <3927db0b@eeyore.callnetuk.com>
Hello,
I'm working well with hashes of key/value pairs where the value is a list,
like the following:
%TestHash{"Jeff"} = [1, 2, 3, 4, 5];
print "$TestHash{\"Jeff\"}[1], $TestHash{\"Jeff\"}[2],
$TestHash{\"Jeff\"}[3], $TestHash{\"Jeff\"}[4]";
Which nicely outputs
1, 2, 3, 4
BUT. When I do the same thing with a database, ie after running the
following...
dbmopen(%TestHash, "testdbase", 0600);
%TestHash{"Jeff"} = [1, 2, 3, 4, 5];
dbmclose(%TestHash);
dbmopen(%TestHash, "testdbase", 0600);
%TestHash{"Jeff"} = [1, 2, 3, 4, 5];
print "$TestHash{\"Jeff\"}[1], $TestHash{\"Jeff\"}[2],
$TestHash{\"Jeff\"}[3], $TestHash{\"Jeff\"}[4]\n";
print "$TestHash{\"Jeff\"}";
dbmclose(%TestHash);
It outputs
,,,
ARRAY(&*(^!"£)
Any advice would be greatly appreciated.
Thanks,
--
Jeff
Get Paid To Surf The Web!
http://www.alladvantage.com/go.asp?refid=FWO355
------------------------------
Date: Sun, 21 May 2000 14:15:08 +0100
From: Dave Cross <dave@dave.org.uk>
Subject: Re: DataBase of Lists
Message-Id: <8pnfiscnekqfovk36u4au1mfbuinchem0s@4ax.com>
On Sun, 21 May 2000 13:45:53 +0100, "Jeff Snoxell"
<jeffsnox@4unet.co.uk> wrote:
>Hello,
>
>I'm working well with hashes of key/value pairs where the value is a list,
>like the following:
>
>%TestHash{"Jeff"} = [1, 2, 3, 4, 5];
>print "$TestHash{\"Jeff\"}[1], $TestHash{\"Jeff\"}[2],
>$TestHash{\"Jeff\"}[3], $TestHash{\"Jeff\"}[4]";
>
>Which nicely outputs
>
> 1, 2, 3, 4
Actually, under Perl 5.6 it gives a syntax error![1] Removing the
error (and also your unecessary escaped quotes) gives:
$TeshHash{Jeff} = [1, 2, 3, 4, 5];
print "$TestHash{Jeff}->[0], $TestHash{Jeff}->[1],
$TestHash{Jeff}->[2], $TestHash{Jeff}->[3], $TestHash{Jeff}->[4]\n";
Which prints
1, 2, 3, 4, 5
>BUT. When I do the same thing with a database, ie after running the
>following...
>
> dbmopen(%TestHash, "testdbase", 0600);
> %TestHash{"Jeff"} = [1, 2, 3, 4, 5];
> print "$TestHash{\"Jeff\"}[1], $TestHash{\"Jeff\"}[2],
>$TestHash{\"Jeff\"}[3], $TestHash{\"Jeff\"}[4]\n";
> print "$TestHash{\"Jeff\"}";
> dbmclose(%TestHash);
>
>It outputs
>
> ,,,
> ARRAY(&*(^!"£)
Hopefully it prints numbers where you've got random punctuation :-)
Writing a compex data structure like this to a file (which is what the
DBM is) forces Perl to stringify all of the references. This has the
effect of rending your data structures useless in the way that you've
seen.
In order to do what you want, you'll need to flatten your data
structrues first using Data::Dumper, Storable or FreezeThaw. Or you
could take a look at MLDBM.
hth,
Dave...
[1] Though not the one I expected to see. It complained loudly about
your use of %TeshHash{Jeff} where you meant $TeshHash{Jeff}, but
didn't mind your $TestHash{Jeff}[0] where you meant
$TestHash{Jeff}->[0]. Anyone know why this is?
--
<http://www.dave.org.uk> SMS: sms@dave.org.uk
yapc::Europe - London, 22 - 24 Sep <http://www.yapc.org/Europe/>
"There ain't half been some clever bastards" - Ian Dury [RIP]
------------------------------
Date: Sun, 21 May 2000 14:39:09 +0100
From: Dave Cross <dave@dave.org.uk>
Subject: Re: DataBase of Lists
Message-Id: <ompfiso9tvri2gd94919ms9s9ug70lmhvc@4ax.com>
On Sun, 21 May 2000 14:15:08 +0100, Dave Cross <dave@dave.org.uk>
wrote:
>[1] Though not the one I expected to see. It complained loudly about
>your use of %TeshHash{Jeff} where you meant $TeshHash{Jeff}, but
>didn't mind your $TestHash{Jeff}[0] where you meant
>$TestHash{Jeff}->[0]. Anyone know why this is?
Don't worry - I figured it out. Arrows between sets of brackets are
optional.
Dave...
--
<http://www.dave.org.uk> SMS: sms@dave.org.uk
yapc::Europe - London, 22 - 24 Sep <http://www.yapc.org/Europe/>
"There ain't half been some clever bastards" - Ian Dury [RIP]
------------------------------
Date: Sun, 21 May 2000 14:04:39 GMT
From: "red [2]" <reevesg@cableinet.co.ukx>
Subject: ENV{'REMOTE_HOST'} doesnt work, solution?
Message-Id: <X1SV4.6416$PZ6.773557@news3.cableinet.net>
im making a log stats program, and i can get a whole bunch of information,
but for some reason REMOTE_HOST doesnt work :/
i can gett he visitors ip with REMOTE_ADDR but HOST returns nothing..
i know its not the server the user is coming from, so is there an easy and
quick way to reverse DNS the ip? or a reason why it might not work...
--
Graham "red" Reeves
uk's Q3 news & features - - www.quadmonkey.co.uk
domains for sale - - http://www.quadmonkey.co.uk/files/forsale.html
the stupid - - http://www.thestupid.com
member of clan [2] - - http://www.clan2.com
------------------------------
Date: Sun, 21 May 2000 12:51:12 +0200
From: "Alan J. Flavell" <flavell@mail.cern.ch>
Subject: Re: file locking
Message-Id: <Pine.GHP.4.21.0005211250060.12335-100000@hpplus01.cern.ch>
On Sat, 20 May 2000, Larry Rosler wrote:
> > Those of us well educated in Language and Linguistics
> > are aware "respectfully" within this context means,
> >
> > "Reference to the order given previously."
>
> Which dictionary shows that definition?
Please, do not taunt the troll.
------------------------------
Date: Sun, 21 May 2000 15:08:36 +0100
From: Dave Cross <dave@dave.org.uk>
Subject: Re: file locking
Message-Id: <0erfisci3d0b86tag3vmt4lrvic08kohh1@4ax.com>
On Sat, 20 May 2000 16:20:29 -0700, "Godzilla!"
<godzilla@stomp.stomp.tokyo> wrote:
>Tad McClellan wrote:
>
>> Godzilla! <godzilla@la.znet.com> wrote:
>> >Cure wrote:
>
>> >flock (FILE_HANDLE, 2)
>> >flock (FILE_HANDLE, 8)
>
>> >Both are old fashion strict methods of
>> >locking and unlocking a file, respectfully.
>
>> ^^^^^^^^^^^^
>
>> If you don't talk nice to your filehandles they won't do what you ask?
>
>
>Those of us well educated in Language and Linguistics
>are aware "respectfully" within this context means,
>
>"Reference to the order given previously."
Are you sure you don't mean "respectively"?
hth,
Dave...
--
<http://www.dave.org.uk> SMS: sms@dave.org.uk
yapc::Europe - London, 22 - 24 Sep <http://www.yapc.org/Europe/>
"There ain't half been some clever bastards" - Ian Dury [RIP]
------------------------------
Date: Sun, 21 May 2000 11:16:01 +0100
From: jones <ra.jones@NO_UCE*cwcom.net>
Subject: Re: Forum for 'how to do it' questions?
Message-Id: <oscL$SAhd7J5EwDj@cwc.com>
Andrew,
Just had a look at ww.perlfaq.com - that one looks REALLY useful. I am
grateful for the pointers to these resources of course, but one thing
strikes me though. As a novice, it is sometimes hard to know which
section to look under to perform a specific task, if one has never
encountered the appropriate function before.
For example, the solution to a certain problem could involve multiple
functions, each following sequentially. It requires experience to be
able to see the correct path to take if one or more of those functions
is used inappropriately through inexperience.
I have learned much already from some of the replies I have received
elsewhere in this forum, and that seems a good way to learn.
On Sat, 20 May 2000 at 17:57:01, Andrew N. McGuire
<anmcguire@ce.mediaone.net> wrote:
>On Fri, 19 May 2000, jones wrote:
>
>+Simple question: are the comp.lang.perl.misc or alt.perl forums suitable
>+for novice perl students to ask 'how do I do that' questions? I am stuck
>+trying to do probably a simple task, and would like advice, but would
>+like to use the appropriate forum. Thanks,
>+
>
>Well, I can't speak for alt.perl, I generally do not post or read
>there. However, as far as comp.lang.perl.misc is concerned, I share
>with you what I have observed...
>
>The 'rules' for posting questions to comp.lang.perl.misc are something
>like this:
>
>1. Consult the documentation concerning what you are trying to
> do.. perldoc is a good start. If for some reason you do not
> have access to online documentation, you can find the FAQ in
> HTML format at www.perl.com. Also there is www.perlfaq.com,
> which allows you to search a database of FAQ's.
>
>2. Do a search on Deja, see if your question has been asked before.
>
>3. Check out a search engine, see if there is any other documentation
> pertaining to what you are trying to do.
>
>4. Check out any books you may have.
>
>5. As your friends or co-workers if they know how to do what it
> is you are trying to do.
>
>6. If all the above fails, post a minimal working program,
> that uses '-w' and 'strict' and demonstrates what you
> are trying to do, along with a well worded explanation
> of what you are trying to do.
>
>HTH,
>
>anm
--
Richard Jones, Leeds, UK
rajones (at) mail.com
or remove NO_UCE* from 'reply-to' address
------------------------------
Date: Sun, 21 May 2000 14:57:47 +0200
From: "Alan J. Flavell" <flavell@mail.cern.ch>
Subject: Re: Forum for 'how to do it' questions?
Message-Id: <Pine.GHP.4.21.0005211426560.27796-100000@hpplus01.cern.ch>
On Sun, 21 May 2000, jones wrote:
> Just had a look at ww.perlfaq.com - that one looks REALLY useful. I am
> grateful for the pointers to these resources of course, but one thing
> strikes me though. As a novice, it is sometimes hard to know which
> section to look under to perform a specific task, if one has never
> encountered the appropriate function before.
This is a real problem, but it's hard to see a way out of it.
N.B: nothing personal in what follows. Just some comments based on
frequently-seen behaviours in the group.
The trouble is that a large number of people are trying to learn
software engineering design, basic troubleshooting strategy, and a
load of other things that are essential to making any kind of serious
progress, in addition to getting (at least) one programming language
under their belt. When they bring up their problems in a particular
programming language group, they're inclined to get a dusty answer if
their real difficulty is that they haven't yet got any clear idea of
how to approach a practical problem and break it down in terms of the
technologies (e.g string manipulation, file I/O, sockets programming,
use of existing modules, CGI programming etc. etc.) that the language
makes available to them.
As such, beginners are liable to mistake the whole thing as an
incomprehensible quaking and heaving mess, which they hope to get
insight into by posting to the Perl language group. And not
surprisingly, they are disappointed with the answers they get.
Many of the problems are what people here call X/Y problems. They
originally perceived a requirement, X, which they haven't told us
about. They've concluded that the requirement can be fulfilled with
Y, consisting of (let's say) some HTML, some Javascript, a couple of
dubious Perl scripts that they picked up somewhere, and now they find
they're stuck. So they tell the group about where they are stuck, i.e
Y (but they shouldn't really have got themselves there in the first
place), but they reveal little or nothing about what requirement, X,
they were trying to address. (In this particular example, they would
clearly have been better off raising their requirement on an
appropriate comp.infosystems.www.* group, maybe .authoring.cgi, but
that was only one possible example).
So what they need, in addition to advice about the Perl language, is
advice in overall application design strategies and, very often, also
in basic troubleshooting (how to instrument their code so that it
reports to them what's going wrong and where, instead of falling in a
gibbering heap).
I don't know the solution to this dilemma. I've kind-of grown up with
programming, (probably learned lots of bad habits - there's an old
saying that "physicists write FORTRAN in any language") and I can no
longer see how it would be appropriate to start off a beginner. One
thing is clear, however, and that is that you stand to benefit by
taking a look at what more-experienced folks do and how they do it -
at least, those who are willing to set it down on for us. Can I say
"WebTechniques" for one example? And as far as the FAQs are
concerned, a two strand approach is recommended. First, read them
through. Some of them won't yet make sense, but read them anyway, and
get a flavour of what's there.
Then, when you're looking for something specific, use the perldoc -q
option to see what you can locate. From your previous reading of the
FAQs, you should have picked up some useful terms and keywords for
searching on, if you weren't familiar with them before.
And above all, when one of the regulars says "this topic is more
appropriately covered on comp.blah.foo", pay attention to what they
are saying, check out the FAQ for comp.blah.foo, get a flavour for its
postings, see whether they weren't right (they usually are, though not
always), and if appropriate, try reformulating your question in terms
that are on-topic there - mention your previous discussion (so that
interested parties can see the context). It's so pointlessly
irritating when newcomers come back whining "but it _IS_ a Perl
question" when they've been told it isn't. It does _them_ no good,
and it only frustrates those who are trying to help them.
And in your own interest, _do_ desist from upside-down-quoting.
good luck.
------------------------------
Date: Sun, 21 May 2000 22:25:12 +0900
From: "Padawan" <perl@sigmainstitute.com>
Subject: Looking for a good editor...
Message-Id: <8g8o5s$oma$2@news2.kornet.net>
Good day,
I'm a Perl Padawan (beginner) and have tried a few of Perl editing and
testing programs (Perl Builder, Perl Studio, DZ Perl Editor), but I want to
put the money down on a highly recommended editor. What do the Jedi Masters
of Perl and Perl/CGI use?
Thanks in advance...
------------------------------
Date: Sun, 21 May 2000 14:41:12 +0100
From: Dave Cross <dave@dave.org.uk>
Subject: Re: Looking for a good editor...
Message-Id: <1ppfisog3ndrv9odm84gnq43cjodse57j7@4ax.com>
On Sun, 21 May 2000 22:25:12 +0900, "Padawan"
<perl@sigmainstitute.com> wrote:
>Good day,
>I'm a Perl Padawan (beginner) and have tried a few of Perl editing and
>testing programs (Perl Builder, Perl Studio, DZ Perl Editor), but I want to
>put the money down on a highly recommended editor. What do the Jedi Masters
>of Perl and Perl/CGI use?
I'd guess that most people use Emacs <http://www.gnu.org>, Xemacs
<http://www.xemacs.org> or vim <http://www.vim.org>.
All of the abouve are free.
hth,
Dave...
--
<http://www.dave.org.uk> SMS: sms@dave.org.uk
yapc::Europe - London, 22 - 24 Sep <http://www.yapc.org/Europe/>
"There ain't half been some clever bastards" - Ian Dury [RIP]
------------------------------
Date: Sun, 21 May 2000 13:51:59 GMT
From: bart.lateur@skynet.be (Bart Lateur)
Subject: Re: perl to lunch "Save As" browser window ???
Message-Id: <3927e7cf.364921@news.skynet.be>
Tony Curtis wrote:
>> And after at I want perl script to lunch a "Save As"
>> browser window.For save some file. How I lunch this
>> "Save As" window ???
>
>I'm afraid you can't.
>
>You can't force a browser to engage a specific behaviour
>determined by you from the server-side.
Especially not with the Internet Explorer version 4 browser. You cannot
stop that damn thing from trying to show the file. There is a trick,
using the Content-Disposition header, that works for Netscape and even
MSIE 5.
Here are a few URL's for you to chew on:
http://www.ex.ac.uk/its/webmatters/htmlreference/faq.html#force-download
http://www.asp-zone.com/articles/mb1198/mb1198.asp (search for
"File Download Issues")
http://msdn.microsoft.com/workshop/essentials/webmen/webmen050498.asp#saveit
http://support.microsoft.com/support/kb/articles/q182/3/15.asp
--
Bart.
------------------------------
Date: Sun, 21 May 2000 14:20:14 GMT
From: Sergey Gribov <sergey@cgen.com>
Subject: Re: perl to lunch "Save As" browser window ???
Message-Id: <3927EFAD.C9CC6EF9@cgen.com>
Tony Curtis wrote:
Hi,
> > And after at I want perl script to lunch a "Save As"
> > browser window.For save some file. How I lunch this
> > "Save As" window ???
>
> I'm afraid you can't.
>
> You can't force a browser to engage a specific behaviour
> determined by you from the server-side.
Actually you can do this pretty easily. All you need to do is in
your CGI script instead of generating 'text/html' content type,
to generate other appropriate type (e.g. 'application/x-zip-compressed')
and browser will know, that instead of treating you output as HTML
it should just save it. Something like this will work:
...
print "Content-Disposition: attachment ; filename=$my_filename\n";
print "Content-type: application/x-zip-compressed\n\n";
print $buffer;
- this will ask browser to open 'Save As' dialog and try to save $buffer
as a file with name $my_filename.
Cheers,
//========================================================================\\
Sergey Gribov | A specialist is someone who
E-Mail: sergey@cgen.com | learns more and more about less
sergey@sergey.com | and less, and ends up knowing
WWW: http://www.sergey.com/ | everything about nothing...
Compugen Inc. Phone: (617)9283096, Fax: (617)9283070
\\========================================================================//
------------------------------
Date: Sun, 21 May 2000 07:28:25 -0700
From: Jeff Zucker <jeff@vpservices.com>
Subject: Re: perl to lunch "Save As" browser window ???
Message-Id: <3927F289.ABCA5DD6@vpservices.com>
Sergey Gribov wrote:
>
> Tony Curtis wrote:
> > You can't force a browser to engage a specific behaviour
> > determined by you from the server-side.
>
> Actually you can do this pretty easily.
Around and around and around we go. Why don't you a) try to read the
archives of this newsgroup to see this exact same senseless argument
carried out about once a week, b) bring the disucssion to a newsgroup
that is actually about browsers rather than discussing non-Perl topics
in a Perl newsgroup and c) get a clue about the fact that you are wrong,
you can not force all browsers to do anything and d) even try reading
some of the references that Bart just posted in this same thread
detailing some of the reasons you are wrong.
--
Jeff
------------------------------
Date: 21 May 2000 09:29:51 -0500
From: Tony Curtis <tony_curtis32@yahoo.com>
Subject: Re: perl to lunch "Save As" browser window ???
Message-Id: <873dncq8m8.fsf@limey.hpcc.uh.edu>
>> On Sun, 21 May 2000 14:20:14 GMT,
>> Sergey Gribov <sergey@cgen.com> said:
> Actually you can do this pretty easily. All you need to
> do is in your CGI script instead of generating
> 'text/html' content type, to generate other appropriate
> type (e.g. 'application/x-zip-compressed') and browser
> will know, that instead of treating you output as HTML
> it should just save it. Something like this will work:
> ... print "Content-Disposition: attachment ;
> filename=$my_filename\n"; print "Content-type:
> application/x-zip-compressed\n\n"; print $buffer;
> - this will ask browser to open 'Save As' dialog and try
> to save $buffer as a file with name $my_filename.
Not if the browser isn't configured to do so.
I am going to telnet into your web server on the command
line. Now force me to save what I get back to a file.
To reiterate: you cannot *force* browser software to
engage in a certain behaviour from the server-side. You
may be able to get the desired result in *some* cases but
not all, and that's the point.
hth
t
------------------------------
Date: 21 May 2000 03:46:43 -0700
From: Sue Spence <sue@pennine.com>
Subject: Re: regexes *sigh* damn I hate these things
Message-Id: <8g8eqj$a3d@drn.newsguy.com>
In article <392758E6.577C8C74@stomp.stomp.tokyo>, "Godzilla!" says...
>The WebDragon wrote:
>
>> ok, I need help creating a regex to extract a
>> number from a bit of html
>
>> <p>Name: <a href="http://www.planetunreal.com/dl/nc.asp?nalicity/
>> utdm/dm-distinctive.zip">DM-Distinctive</a><br>
>> Author:<a href="mailto:bastiaan_frank@hotmail.com">Bastiaan
>> Frank</a><br> Rating: (1-10) 9.5</p><!-- add correct image
>> name below here --> <img align="right" border="0" hspace="10"
>> vspace="10" width="231" height="173" src="dm-distinctive.jpg">
>
>> I need to extract the number AFTER the Rating: (1-10) and
>> before the </p>, which can be any number from 0 to 10
>> in .5 increments there may be a 0, or an 8.5 or a 10
>> or a 5 or a 5.5 etc.
>
>> I need ONLY that number.
>
>> Anyone up to the task?
>
>
>Why bother with a possibly error prone
>fancy regex when you can jump right in,
>grab your number, jump out, and move on
>with your program?
>
>Try this and see if this simple little
>old fashion whatever doesn't grab your
>number of interest each and everytime,
>with no fancy footwork.
>
>#!/usr/local/bin/perl
>
>print "Content-Type: text/plain\n\n";
>
>$input = "
><p>Name: <a href=\"http://www.planetunreal.com/dl/nc.asp?nalicity/
>utdm/dm-distinctive.zip\">DM-Distinctive</a><br>
>Author:<a href=\"mailto:bastiaan_frank\@hotmail.com\">Bastiaan
>Frank</a><br>
>Rating: (1-10) 9.5</p><!-- add correct image name below here -->
><img align=\"right\" border=\"0\" hspace=\"10\" vspace=\"10\"
>width=\"231\" height=\"173\"
>src=\"dm-distinctive.jpg\">";
>
>if ($input =~ / ([0-9\.]+)/)
> { $input = $1; }
>
>print $input;
>
>exit;
Did you try this program, "Godzilla!"? I pasted the code from your posting into
a file and attempted to run it, but received nothing except syntax errors for my
trouble. I submit that this is not helpful to people, yet your introduction to
your code was highly confident. How about coming back with code that will
compile, run and provide the right answer?
------------------------------
Date: Sun, 21 May 2000 13:48:29 GMT
From: Sergey Gribov <sergey@cgen.com>
Subject: Re: SETUID problem (maybe lame)
Message-Id: <3927E83C.4FF02365@cgen.com>
Hi,
> The problem is as follows:
> Non-root user has to perform root-only action. The owner of the script
> is root:root and the mode is:
> -rwsr-x--x (4751). Whenever the user invokes the script he gets the
> message:
>
> Insecure $ENV{PATH} while running setuid at ./test line (something).
>
> How to overcome this? Of course when root invokes the script it works
> fine.
When you run with setuid script or if you have 'perl -T', perl runs in a
'taint' mode, for more on this take a look at perlsec man page
('perdoc perlsec'). Also there is a module Taint.pm, which can be usefull.
Basically it doesn't allow you to use any tainted variable, which you
can't be sure, what can be in there, like user's input or any other
external source including the environment (%ENV) in any unsafe operation
like system(), open etc.
In order to use such a variable you have to launder it using some regexp.
For example in your case the following in the begin of your script
should help:
if ($ENV{PATH} =~ /([\w\\\/\- :+=.]+)/) { # allow only these characters
$ENV{PATH} = $1;
}
else { # if we are here something seriously wrong...
$ENV{PATH} = "/bin:/usr/bin:/sbin";
}
Cheers,
//========================================================================\\
Sergey Gribov | A specialist is someone who
E-Mail: sergey@cgen.com | learns more and more about less
sergey@sergey.com | and less, and ends up knowing
WWW: http://www.sergey.com/ | everything about nothing...
Compugen Inc. Phone: (617)9283096, Fax: (617)9283070
\\========================================================================//
------------------------------
Date: Sun, 21 May 2000 12:47:22 +0200
From: "Alan J. Flavell" <flavell@mail.cern.ch>
Subject: Re: SSI in Perl Script ?
Message-Id: <Pine.GHP.4.21.0005211246330.12335-100000@hpplus01.cern.ch>
On Sun, 21 May 2000, Lance Boyle wrote:
> Is it possible to have more than file type that reads SSI ?
Is it possible to find a group where your question is on-topic?
The answer to both questions is yes.
------------------------------
Date: 21 May 2000 13:20:49 GMT
From: nj_kanda@alcor.concordia.ca (Neil Kandalgaonkar)
Subject: Re: Untaint URL character class
Message-Id: <8g8nrh$j5b$1@newsflash.concordia.ca>
In article <8g7odq$n1m$1@nnrp1.deja.com>, <bbfrancis@networld.com> wrote:
>I'm trying to untaint URL data for 'a send a link' CGI script, but I'm
>unsure of all the leagal characters that can be used in a URL.
>
The Perl module URI::URL might be helpful here.
use URI::URL;
my $tainted = URI::URL->new($tainted_stuff);
my $untainted = $tainted->clone;
print "$untainted";
This seems to work.
From what I can tell, the URI::URL object obtained from $tainted_stuff
is still tainted, but the components parsed out (scheme, user, hostname,
etc.) during initialization are untainted since they were derived
from regex group matches. Copying the object copies the parsed
components, so voila: untainted and insanity-cleansed URI::URL object.
Printing the object magically invokes the as_string method, which
escapes away angle brackets and backslashes and other potential
sources of nastiness.
However, you might want to check if the $untainted->scheme is
"javascript". Offhand, I can't think of any other evilness that this
will miss.
It even puts in the missing trailing slash from bonehad URLs like
"http://yahoo.com". Perl rocks my world. Thank you, Gisle Aas.
--
Neil Kandalgaonkar
neil@brevity.org
------------------------------
Date: 21 May 2000 13:49:42 GMT
From: nj_kanda@alcor.concordia.ca (Neil Kandalgaonkar)
Subject: Re: Untaint URL character class
Message-Id: <8g8phm$5ou$1@newsflash.concordia.ca>
In article <8g8nrh$j5b$1@newsflash.concordia.ca>,
Neil Kandalgaonkar <nj_kanda@alcor.concordia.ca> wrote:
>In article <8g7odq$n1m$1@nnrp1.deja.com>, <bbfrancis@networld.com> wrote:
>>I'm trying to untaint URL data for 'a send a link' CGI script, but I'm
>>unsure of all the leagal characters that can be used in a URL.
>>
>
>It even puts in the missing trailing slash from bonehad URLs like
>"http://yahoo.com". Perl rocks my world. Thank you, Gisle Aas.
Oops. In my tests I didn't try a URL with a path or query string.
These URLs will not be untainted simply by cloning the object.
So, some options. You can make a URI::URL object and simply trust
that the as_string method does the right thing. It seems to escape
everything correctly (uses the standard URI::Escape module). You'll
have to manually untaint it if you plan on doing anything taintworthy.
The more paranoid option would be to retrieve all the URI::URL components,
do your own untainting on each, and then reconstruct a new URI::URL object
out of the untainted data. See the URI::URL docs.
Abigail wrote a monstrous URL-matching regex once, but I can't find it
just now. It wouldn't work immediately for untainting without some
modification, IIRC.
--
Neil Kandalgaonkar
neil@brevity.org
------------------------------
Date: Sun, 21 May 2000 14:13:25 GMT
From: "red [2]" <reevesg@cableinet.co.ukx>
Subject: Re: valid email address
Message-Id: <9aSV4.6426$PZ6.774406@news3.cableinet.net>
you could split it after the @ and do a whois lookup to find out if its a
real domain....
just an idea (not that i know how to do a whois lookup ;)
--
Graham "red" Reeves
uk's Q3 news & features - - www.quadmonkey.co.uk
domains for sale - - http://www.quadmonkey.co.uk/files/forsale.html
the stupid - - http://www.thestupid.com
member of clan [2] - - http://www.clan2.com
"Jennifer" <webmaster@momsathome.on.ca> wrote in message
news:39278C26.ECE3C6F3@momsathome.on.ca...
> Please don't yell at me. [cringing]
>
> I've done searches on deja.com and I've read perlfaq9. I know
> that you can't test for a valid address with a regexp nor can you
> really check for valid syntax, but what I want to know is it ok
> to check for something that is definitely invalid syntax?
>
> I'm thinking that if it isn't any_char@any_two_char.any_two_char
> that it isn't valid syntax. I know I have filled out forms and
> forgot the .com. I just want to catch the stupidest of mistakes
> and hopefully narrow down the bad addresses that make it through.
>
> If this is correct, can someone offer a regexp to check for it?
>
> Jennifer
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 3111
**************************************
