[16644] in Perl-Users-Digest
Perl-Users Digest, Issue: 4056 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Fri Aug 18 09:05:29 2000
Date: Fri, 18 Aug 2000 06:05:15 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <966603914-v9-i4056@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Fri, 18 Aug 2000 Volume: 9 Number: 4056
Today's topics:
Re: archive of perl scripts (Helgi Briem)
checking a log file for updates <drteeth@northernlights.bizland.com>
Re: checking a log file for updates (Anno Siegel)
Re: Clearing an array (Martien Verbruggen)
Re: GD.pm Test Fails? (Martien Verbruggen)
Re: I have another question <abe@ztreet.demon.nl>
Re: Image Manipulation Question (Martien Verbruggen)
Re: Looking for a SCRIPT= <gellyfish@gellyfish.com>
LWP https post <support@countrycodes.ws>
Re: Modifying a text file (Rafael Garcia-Suarez)
Re: Modifying a text file nobull@mail.com
Re: Out of memory! error. Working with arrays... <samara_biz@hotmail.com>
Re: Out of memory! error. Working with arrays... (Martien Verbruggen)
Re: Out of memory! error. Working with arrays... <samara_biz@hotmail.com>
Re: Out of memory! error. Working with arrays... <samara_biz@hotmail.com>
Re: perl / unix question nobull@mail.com
Re: perl 5.6 <dwb1@home.com>
Perl cgi-wrap issues and security problems <sandra@siliconrack.com>
Perl guestbook hacking (with HTML enabled) <sandra@siliconrack.com>
Re: Problem with hash initialization using list nobull@mail.com
Re: Problem with hash initialization using list (Anno Siegel)
Re: problems with Tk and NT4 <gellyfish@gellyfish.com>
Re: problems with Tk and NT4 <jemand@klop.com>
Re: read files from dir then write as csv??? kingofkingston@my-deja.com
Re: Regex Alternation Question <Jonas.Reinsch@ppi.de>
Regex: finding location in (?{}) <at99@active22.doc.ic.ac.uk>
Regex: finding location in (?{}) (Anno Siegel)
Re: Running Perl-Script as NT-Service <guenther.degenfelder@datev.de>
Re: SUID in perl (Martien Verbruggen)
version control win32 jponder9@my-deja.com
Re: version control win32 <gellyfish@gellyfish.com>
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Fri, 18 Aug 2000 10:04:49 GMT
From: helgi@NOSPAMdecode.is (Helgi Briem)
Subject: Re: archive of perl scripts
Message-Id: <399d0989.346373488@news.itn.is>
On Wed, 16 Aug 2000 07:28:38 -0400, John A Timmons
<jack.timmons@kodak.com> wrote:
>I'm learning perl as my first language. I'm looking for an archive of
>perl scripts of varying difficulty that are well documented.
>
>I am in the process of reading some good books on the language but I
>seem to have this brain that learns best through example.
>
I would heartily recommend the Perl CD Bookshelf
at $59.95 from O'Reilly. 6 excellent books on one
CD: Perl in a Nutshell, Learning Perl,
Learning Perl on Win32 Systems, Programming Perl,
Advanced Perl Programming and the Perl Cookbook.
Regards,
Helgi Briem
------------------------------
Date: Fri, 18 Aug 2000 06:22:52 -0400
From: "Dr. Teeth" <drteeth@northernlights.bizland.com>
Subject: checking a log file for updates
Message-Id: <399D0E7B.3B4D4773@northernlights.bizland.com>
I have the contents of a log file nicely stored in the order I want in
an array.
I want to check once every second to see if the contents of the log file
have changed. If the contents are changed, I want to store the new
lines in a new array.
I thought maybe I could just store the log file into a temporary array
every second and compare it with the first (original) array (that gets
loaded from the log file on startup). Even if I knew how to do that, it
seems like too much overhead. I've learned that there is usually an
easier way when working in Perl.
I basically am parsing '/var/log/messages' and looking for new kernel
messages. I want to display them as they appear. Any help is greatly
appreciated.
Thanks,
Dr. Teeth
------------------------------
Date: 18 Aug 2000 12:19:14 -0000
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Re: checking a log file for updates
Message-Id: <8nj9k2$o91$1@lublin.zrz.tu-berlin.de>
Dr. Teeth <drteeth@northernlights.bizland.com> wrote in comp.lang.perl.misc:
>I have the contents of a log file nicely stored in the order I want in
>an array.
>
>I want to check once every second to see if the contents of the log file
>
>have changed. If the contents are changed, I want to store the new
>lines in a new array.
[snip]
I think you want the behavior of tail -f. That happens to be a faq.
See perldoc -q tail.
Anno
------------------------------
Date: 18 Aug 2000 11:19:32 GMT
From: mgjv@tradingpost.com.au (Martien Verbruggen)
Subject: Re: Clearing an array
Message-Id: <slrn8pq66r.6h5.mgjv@martien.heliotrope.home>
On Thu, 17 Aug 2000 15:54:04 GMT,
richh6870@my-deja.com <richh6870@my-deja.com> wrote:
> How do I reset an array in perl? I've tried things like:
>
> $len = @array; @array = splice(@array,$len);
That's pretty convoluted, It's possible to get even more convoluted, but
the normal way would be:
@array = ();
There are other ways almost as simple, but none I would recommend.
Martien
--
Martien Verbruggen |
Interactive Media Division | In a world without fences, who needs
Commercial Dynamics Pty. Ltd. | Gates?
NSW, Australia |
------------------------------
Date: 18 Aug 2000 12:50:58 GMT
From: mgjv@martien.heliotrope.home (Martien Verbruggen)
Subject: Re: GD.pm Test Fails?
Message-Id: <slrn8pqbgo.n7v.mgjv@martien.heliotrope.home>
On Fri, 18 Aug 2000 06:33:08 GMT,
Steven May <stevenjm@telisphere.com> wrote:
> brudden@goebusiness.com wrote:
> >
> > I'm having problems with the GD.pm module on sun sparc solaris 2.6
>
> For what it's worth, I spent 2 days a month or so back trying to get
> GD working on a linux box (admittedly with pretty well hosed libraries)
> and after finally getting it running, dicovered it really wouldn't do
> what I wanted anyway. (I know, RTFM BEFORE installing)
>
> So I snooped around and gave Magick a shot.
PerlMagick and GD have totally different application domains. Many
things that can be done in PerlMagick can be done in GD, Even more
things that can be done in GD can be done in PerlMagick. However, the
interfaces to those things to do, as well as the general possibilities
are different, and are aimed at different tasks.
You're comparing apples with coconuts.
Martien
--
Martien Verbruggen |
Interactive Media Division | If it isn't broken, it doesn't have
Commercial Dynamics Pty. Ltd. | enough features yet.
NSW, Australia |
------------------------------
Date: Fri, 18 Aug 2000 14:26:35 +0200
From: Abe Timmerman <abe@ztreet.demon.nl>
Subject: Re: I have another question
Message-Id: <u3aqpsk601dub1a0goqmvoj1c6jd05u82c@4ax.com>
On Thu, 17 Aug 2000 22:45:57 GMT, pape_98@my-deja.com wrote:
> Thanks for you help :-)
> But now I have another problem,
> This is what my database looks like:
>
> NIH,B1D-403,01 36,13 5 26 ,15 43,1 5 2 5 2 4
> NIH,B1D-415,01 36,13 5 26 ,15 43,1 5 2 5 2 4
> NIH,B1D-43,01 36,13 5 26 ,15 43,1 5 2 5 2 4
> Suburban,B1D-10,52 51 36,135 256 ,15413,1512
>
> the numbers I'm trying to sort are the ones after the B1D-,
> how do i get the sort to not considery those characters ???
That all depends on the data structure you use to store the data in
memory.
This is a Guttman-Rosler Transform that handles your data as an array of
lines and tries to find the number between 'B1D-' and ','.
For more information see:
http://www.hpl.hp.com/personal/Larry_Rosler/sort/sorting.html
and
http://www.perl.com/CPAN-local/doc/FMTEYEWTK/sort.html
#!/usr/bin/perl -w
use strict;
my @unsorted = <DATA>;
my @sorted = map "${\ (unpack 'na*', $_)[-1] }" => sort
map pack('na*', /B1D-(\d*),/?$1:0, $_ ) => @unsorted;
print for @sorted;
__DATA__
NIH,B1D-403,01 36,13 5 26 ,15 43,1 5 2 5 2 4
NIH,B1D-43,01 36,13 5 26 ,15 43,1 5 2 5 2 4
NIH,B1D-415,01 36,13 5 26 ,15 43,1 5 2 5 2 4
Suburban,B1D-10,52 51 36,135 256 ,15413,1512
--
Good luck,
Abe
------------------------------
Date: 18 Aug 2000 10:19:32 GMT
From: mgjv@tradingpost.com.au (Martien Verbruggen)
Subject: Re: Image Manipulation Question
Message-Id: <slrn8pq2uu.6h5.mgjv@martien.heliotrope.home>
On 18 Aug 2000 08:20:32 +0100,
Jonathan Stowe <gellyfish@gellyfish.com> wrote:
> On Wed, 16 Aug 2000 21:32:10 GMT James wrote:
> > Does anyone know of any routines, scripts or recommendations on creating a
> > script that would take
> > a directory of images and create a new directory of those
> > same images - only shrunken in size?
> >
>
> The module Image::Magick is probably what you want to be using.
Not even that. When you install ImageMagick, the toolset that
Image::Magick is a part of, you'll find two tools, convert and mogrify,
that both can do what you need. In one go. No pipes, no coding. And the
combine utility could make a nice thumbnail sheet for you.
If you want to write code yourself, because the command line doesn't
satisfy, or you're on a platform where tools are considered evil, you
can use Image::Magick. It's fairly trivial to do this.
Martien
--
Martien Verbruggen |
Interactive Media Division |
Commercial Dynamics Pty. Ltd. | "Mr Kaplan. Paging Mr Kaplan..."
NSW, Australia |
------------------------------
Date: Fri, 18 Aug 2000 11:13:17 GMT
From: Jonathan Stowe <gellyfish@gellyfish.com>
Subject: Re: Looking for a SCRIPT=
Message-Id: <hT8n5.227$NE3.22426@news.dircon.co.uk>
On Thu, 17 Aug 2000 19:12:04 -0400 (EDT), BigB™ Wrote:
> looking for a perl script to use to display Images against backgrounds
> and view images resized(where a person can change the size of image to
> view only in browser not resize image as in manipulating it just to play
> around with sizes) if anyone has a script please reply & state where it
> can be run, thanks
You would *write* such a script using the module Image::Magick but if you
simply want to *find* one then this group is probably not the best place
for you - I would start at Freshmeat.
/J\
------------------------------
Date: Fri, 18 Aug 2000 13:47:06 -0700
From: "tony shrimpton" <support@countrycodes.ws>
Subject: LWP https post
Message-Id: <399d315c.0@energise.enta.net>
Hi ,
I am trying to use LWP to POST a request to a https:// website ,i have
looked at Crypt-SSLeay-0.16 as suggested in the LWP docs , but this only
lists GET and HEAD as valid methods.
any suggestions would be appreciated
ts
------------------------------
Date: Fri, 18 Aug 2000 10:27:16 GMT
From: rgarciasuarez@free.fr (Rafael Garcia-Suarez)
Subject: Re: Modifying a text file
Message-Id: <slrn8pq46o.opl.rgarciasuarez@rafael.kazibao.net>
Lincoln Marr wrote in comp.lang.perl.misc:
>I have a database stored in text files which is interfaced to the web
>through a perl script. The script allows you to modify, add and delete
>customers from the database - but it's a bit more complex than having one
>database file to store all the information. Depending on the type of
>customer, the information is stored in a different file when adding the
>customer.
>I am writing the 'modify' part of the script and am having a few problems.
>The records in the file look like this:
>
>966266540|8/14/2000 at 17:22:40|Name of Customer|field1|field 2|field
>3|field n|
>
>I have a screen which opens the file, splits all the lines and displays the
>name of the customer in a scrolling list. When you select the customer and
>click 'View' the index is stored in $key (ie $key would be 966266540 in this
>case, is that customer was selected). What I want to be able to do is modify
>all the customer information through a form, then open the file, seek to the
>line beginning with $key, and overwrite that line with the updated
>information.
>
>What I want the perl to do:
>1. open file
>2. Seek to line beginning with $key
>3. print over that line with updated information
>4. close the file
>5. have the file locked while doing so (to avoid data corruption)
The simplest way to do this is to copy the file to a new file with the
desired changes, and then rename the new file to the old file name. This
does not handle concurrency problems; to avoid them, you can lock the
file you're reading with flock.
--
Rafael Garcia-Suarez
------------------------------
Date: 18 Aug 2000 12:45:00 +0100
From: nobull@mail.com
Subject: Re: Modifying a text file
Message-Id: <u9n1ian683.fsf@wcl-l.bham.ac.uk>
"Lincoln Marr" <lincolnmarr@nospam.europem01.nt.com> writes:
> I have a database stored in text files...
> .... What I want to be able to do is modify
> all the customer information through a form, then open the file, seek to the
> line beginning with $key, and overwrite that line with the updated
> information.
Are you sure the new records will always be exactly the same length as
the one you are replacing? If not then overwriting is not a viable
option, you must replace the file. This has nothing to do with Perl,
it has to do with, well, the nature of text files.
See FAQ: "How do I change one line in a file/delete a line in a
file/insert a line in the middle of a file/append to the beginning of
a file?"
If all records *are* exactly the same length when simply open
read/write (see perldoc -f open) and once you've found the record (in
the usual way), simply seek() relative backwards by the length of one
record (inclusing the EOL character(s)) and print() the replacement.
> 5. have the file locked while doing so (to avoid data corruption)
See FAQ: "How can I lock a file?"
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
------------------------------
Date: Fri, 18 Aug 2000 08:14:38 -0400
From: "Alex T." <samara_biz@hotmail.com>
Subject: Re: Out of memory! error. Working with arrays...
Message-Id: <399D28AE.63E22B42@hotmail.com>
> >Sure I will try what you suggested, but only after I get rid of "Out
> >of memory!" error.
>
> Then you're doomed, because that suggestion is the only thing that
> will fix the out-of-memory error.
Well, I said that because later in my program I had something like this:
#Print all addresses to a file
foreach my $index (@database){
print TARGET %{$database[$index]}->{Addresss}."\n";
} #foreach
and when I would comment out the sorting part, this little piece would still cause
"Out of Memory!" error. That's my first time using a data structure like this in
Perl and I was using the book "Perl 5 by Example" by David Medinets as a reference.
So no one pointed out that this part of my code also had an error in it and should
have looked:
#Print all addresses to a file
foreach my $index (@database){
print TARGET $index->{Address}."\n";
} #foreach
instead. So I didn't think this part was wrong and was confused why I would still
get "out of memory!" error even when my sort() function is commented out.
> In the time it took you to post your reply saying that you would not
> try it you could have tried it. You are not making good use of your
> time.
Well, I just wanted to fix the easier part of my code first so that I could better
figure out how data structures like that work. I wasn't saying that my I call
sort() function correctly.
> >Or... do you think that "Out of memory!" error is caused by the way I call the
> >sort() function?
>
> Yes. The records in @database are references to hashes. ...
Thank you for an extensive explanation!
> Many times when I teach people to program, I see them make this
> mistake: Their program has two errors in it, and it doesn't work.
> They say "Oh, I see the error," and then they fix error A, but then
> their program still doesn't work. So they decide that they were
> wrong, and they undo the change. Then maybe they find error B and fix
> that. But the program still does not work because they still have
> error A. Then they think they don't know what is wrong, even though
> they found both errors! They give up, or they start trying all sorts
> of other things that are not connected with the real problem.
What I try to do in those cases is to do "one thing at a time". I comment out the
parts of the code which I'm not sure about and check the functionality of each
piece that I add until I find the problem code.
> When someone points out a serious error in your program, it is foolish
> not to fix it right away. It often happens that one error masks the
> behavior of another. Debugging is difficult, and when two or three
> errors combine the result can be impossible to figure out.
I just wanted to go "one step at a time" and figure out the easier problem with my
code first. (print statement)
Thank you for you comments!!!
Alex
------------------------------
Date: 18 Aug 2000 12:51:21 GMT
From: mgjv@martien.heliotrope.home (Martien Verbruggen)
Subject: Re: Out of memory! error. Working with arrays...
Message-Id: <slrn8pqc7c.n7v.mgjv@martien.heliotrope.home>
On Fri, 18 Aug 2000 08:14:38 -0400,
Alex T. <samara_biz@hotmail.com> wrote:
>
> #Print all addresses to a file
> foreach my $index (@database){
> print TARGET $index->{Address}."\n";
> } #foreach
>
> instead. So I didn't think this part was wrong and was confused why I
> would still get "out of memory!" error even when my sort() function is
> commented out.
I hope that now it has been explained WHY that out of memory error
occurs that you understand that the above code still show one serious
flaw: It has a severely misnamed variable. Variables with wrong names
can be the cause of quite serious and hard to track down bugs. You
should do yourself a favour, and change that to
foreach my $element (@database)
{
# ...
}
or even better, use a variable name that expresses what is actually
contained in each element of @database.
If you really had an index, you'd be using something like
for (my $i = 0; $i < @array; $i++)
{
#...
}
But this notation is hardly evwer used in Perl programs. The foreach[1]
notation above is much more common.
Martien
PS. for and foreach are really not different in Perl, syntactically.
However, semantically, for a human, they do make a difference.
--
Martien Verbruggen |
Interactive Media Division | The gene pool could use a little
Commercial Dynamics Pty. Ltd. | chlorine.
NSW, Australia |
------------------------------
Date: Fri, 18 Aug 2000 08:38:56 -0400
From: "Alex T." <samara_biz@hotmail.com>
Subject: Re: Out of memory! error. Working with arrays...
Message-Id: <399D2E60.8902A925@hotmail.com>
> > foreach my $index (@database){
> > print TARGET %{$database[$index]}->{Address}."\n";
> > } #foreach
>
> I'm not sure what that print statement is doing (something strange,
> anyway), and I know I don't want to think about it. What's wrong with
>
> print TARGET $index->{Address}."\n";
Yes. That was my problem. I didn't completely realize how this data structure
works when I wrote that.
I changed my code in the way that you and other people in this thread suggested
and everything seem to work just fine now.
> (I did test this. I got bored with testing it after I got up to 10 MB data
> files. My PC only has 128MB RAM, not 160.)(Only! I used to dream of 128
> MB RAM.... but tell the young folks today that...)
I wrote my first program on ZX Spectrum 48... you know those 8-bit computers
with ZX8000 3.5Mhz processor, 16 kb of ROM for operating system and 48 kb of
RAM which used cassette tapes for storage. Took 5 minutes to load a program. :)
160 MB that I have on this computer is work is probably too much for my needs
anyways, since I'm not running any image/video editing programs and it's not a
high-load web-server, but I don't complain :)))
Thank you and everybody here who took their time to point out to me the
mistakes in my code!
Alex
------------------------------
Date: Fri, 18 Aug 2000 08:48:07 -0400
From: "Alex T." <samara_biz@hotmail.com>
Subject: Re: Out of memory! error. Working with arrays...
Message-Id: <399D3087.2C556A2D@hotmail.com>
> One of the most important personality factors is the willingness to admit
> to yourself that you make mistakes, and to do it without regarding making
> a mistake as a blow to your ego. Nobody goes through life without making
> mistakes, and nobody programs without making *lots* of mistakes. But if
> you regard your own fallibility as threatening, you're not going to avoid
> making mistakes; instead you're going to avoid noticing the mistakes
> you've made, and you're going to insist that your mistaken code is
> correct. There is no possible way to be successful as a programmer with
> an attitude like that.
>
> And in order to use this group effectively, you have to be willing to let
> other people point out your mistakes and *not* regard such communication
> as an attack you must defend yourself against. Due to the phenomenon
> called "psychological set" (the natural tendency to see what you want to
> be there rather than what's actually there), other people can often do a
> better job of spotting your mistakes than you can. When they point out
> your mistakes, they're *helping* you.
I agree with everything you say. I posted parts of my code for the only reason
- to get other people to point out my mistakes to me.
> Yes, I've *occasionally* seen
> people do it in a gloating and hostile manner, but far more times I've
> seen someone factually and non-judgmentally point out someone's mistake
> and then the original poster acts as if he's been attacked.
We all know there are people like that.
> But if you can get over this stupid notion that every
> interaction between two human beings has to be a battle with a winner and
> a loser, you can become a better programmer through feedback.
By the way, the things you're talking about in this posting do not only apply
to programming, but I think to life in general. :)
Alex
------------------------------
Date: 18 Aug 2000 12:57:41 +0100
From: nobull@mail.com
Subject: Re: perl / unix question
Message-Id: <u9k8den63k.fsf@wcl-l.bham.ac.uk>
arun_rajappa@my-deja.com writes:
> Subject: Re: perl / unix question
^^
frequently asked
> i have this problem that seems impossible to crack !
Did it occur to you that you might not be the first? That your
question might be frequently asked? That is might be answered in
_both_ the Perl FAQ _and_ the Unix FAQ?
> my program finds the user name, (in some way) spawns off a new shell,
> and within the new shell set an environment variable with the users
> name, in a way so that when my perl scripts are run, the shell they are
> running in will also have the value of that environment variable.
See FAQ: "I {changed directory, modified my environment} in a perl
script. How come the change disappeared when I exited the script?
How do I get my changes to be visible?"
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
------------------------------
Date: Fri, 18 Aug 2000 10:20:43 GMT
From: <dwb1@home.com>
Subject: Re: perl 5.6
Message-Id: <Pine.LNX.4.20.0008180526380.12595-100000@ethyl.addictmud.org>
On 17 Aug 2000, Abigail wrote:
> dwb1@home.com (dwb1@home.com) wrote on MMDXLII September MCMXCIII in
> <URL:news:Pine.LNX.4.20.0008160554320.9939-100000@ethyl.addictmud.org>:
> }}
> }} I'm about to upgrade some servers from perl 5.005_03 to 5.6. I'm
> }} wondering if there are any traps I should watch out for. We have
> }} an aweful lot of source code written in perl, (near 200000 lines
> }} of code), so I'm naturally concerned.
>
> You're about to do an upgrade of an production environment, and your
> idea of regression testing is to ask on Usenet?
>
> That's why you hava a test environment, and regression test, right?
>
Yes, I have run tests, but with that large amount of code, and our small
team, it's very difficult to test the entire application and all other
scripts 100%. We may think we got everything, but the chances are good
that we missed a few things. I asked on usenet because it's typically a
great place to get info on known problems, or and stumbling blocks that
others have had to overcome when doing the same thing.
So far the basic feeling I get is to wait for 5.6.1.
Dan.
------------------------------
Date: Fri, 18 Aug 2000 12:44:48 GMT
From: Sandra <sandra@siliconrack.com>
Subject: Perl cgi-wrap issues and security problems
Message-Id: <8RTMNszorBtJsbcgp8Pt2ZEfD1+q@4ax.com>
We have a redhat 6.1 dedicated server with 18gb hd,
php4, perl 5.x and mysql installed.
We want to give out free /cgi-bin/ space for users
(something like geocities but only for perl scripts)
We are having a lot of problems setting up the cgi-wrap
system to avoid malicious users hacking the server through
perl scripts with system("rm etc...") and things like that.
We do know there are lots of hackers around, and they
will try to hack our server, we are sure.
At first we don't want to give private FTP accounts to
every user (like geocities). At first, users will upload
through the browser. We can use a parse function to
reject .cgi files with common words like "system", `xxx`,
"sendmail", socket functions, rm, etc, etc. but we can't
figure out all available possibilities of malicious code.
Questions:
1. CGI-wrap is the only solution?
2. We would like to have a modified version of Perl
with exec() disabled, system() disabled, eval disabled,
and most server/disk access disabled etc, etc.
is this possible?
3. Is it possible to install background procs through
a Perl script? system("./malicious_hidden_server &") ???
Thanks
------------------------------
Date: Fri, 18 Aug 2000 12:48:43 GMT
From: Sandra <sandra@siliconrack.com>
Subject: Perl guestbook hacking (with HTML enabled)
Message-Id: <bRjMNlKIyaRCv5FEiOYI8cnLJWDg@4ax.com>
We have a simple Perl guestbook based on Matt W.'s guestbook,
we have HTML enabled. Server is redhat 6.1
Question:
1. I read somewhere it's easy to hack servers using
HTML-enabled perl guestbooks. Is this true? which procedure?
2. How to protect an HTML-enabled guestbook?
I have a function to strip <script></script> <object>, etc, etc
but I don't know if this is enough protection.
Any ideas
Thanks
------------------------------
Date: 18 Aug 2000 12:38:10 +0100
From: nobull@mail.com
Subject: Re: Problem with hash initialization using list
Message-Id: <u9lmxun655.fsf@wcl-l.bham.ac.uk>
priitr.randla@eyp.ee (Priit Randla) writes:
> ($key,$info{$key}) = split /=/ while <> ;
> Obviously this does not work and i do understand why($key not evaluated yet
> when evaluating $info{$key}).
> Is there some way to initialize hash _elements_ using lists as
> %hash = ($key1, $val1, $key2, $val2 ) is doing for _entire_ hash?
%hash = %hash, $key, $val;
But this is not efficient since it unrolls and rerolls the hash each time.
> I'm simply trying to avoid unneccessary temporary variables.
%hash = map { /(.*?)=(.*)/ } <>;
Note: I've not used split because you presumably want to ignore lines
that contain no "=".
BTW: are you sure you didn't want a chomp() in there somewhere?
%hash = map { chomp; /(.*?)=(.*)/ } <>;
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
------------------------------
Date: 18 Aug 2000 12:05:20 -0000
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Re: Problem with hash initialization using list
Message-Id: <8nj8q0$o5h$1@lublin.zrz.tu-berlin.de>
Priit Randla <priitr.randla@eyp.ee> wrote in comp.lang.perl.misc:
> Hello
>
> I have a configuration file whose lines look like key=value.
> I'd like to initialize a hash using something like this:
> ($key,$info{$key}) = split /=/ while <> ;
> Obviously this does not work and i do understand why($key not evaluated yet
> when evaluating $info{$key}).
> Is there some way to initialize hash _elements_ using lists as
> %hash = ($key1, $val1, $key2, $val2 ) is doing for _entire_ hash?
> I'm simply trying to avoid unneccessary temporary variables.
This does what I think you want to do:
%info = map split( /=/), <>;
but unlike your lie-wise approach it reads the whole file into memory.
Another problem (that it shares with your approach) is that it neglects
to chomp() the input lines, so all the values in %info are going to
have a trailing newline.
map chomp, values %info
can correct that, but that's map in void context, anathema to some.
Blindly accepting everything on each side of a "=" may turn out
to be a problem too if the configuration file isn't very carefully
maintained. It's probably best in a case like this to put up with
a temporary variable or two (lexicals, of course), and do some
cleanup and checking at leisure.
Anno
------------------------------
Date: Fri, 18 Aug 2000 11:18:20 GMT
From: Jonathan Stowe <gellyfish@gellyfish.com>
Subject: Re: problems with Tk and NT4
Message-Id: <0Y8n5.228$NE3.22426@news.dircon.co.uk>
On Fri, 18 Aug 2000 10:48:14 +0200, "chris müller" Wrote:
> Jonathan Stowe schrieb in Nachricht <8nin12$2s5$1@orpheus.gellyfish.com>...
>>On Thu, 17 Aug 2000 14:22:55 +0200 chris wrote:
>>> hi all
>>> i get perl of a NT4 box with sp6 .
>>> even when i try to start a perl with use::Tk i get a Dr.Watson.
>>
>>Then there must have been a crime. Unfortunately you dont give
>>enough information for us to solve it - at a guess you are using a version
>>of Tk that is incompatible with the Perl version you have.
>>
>
> I use perl v5.6.0 built for MSWin32-x86-multi-thread and the Tk-Modul from
> Activestate Tk.zip
Let PPM select the appropriate package to install and download it -
PPM install Tk
/J\
------------------------------
Date: Fri, 18 Aug 2000 14:52:54 +0200
From: "chris müller" <jemand@klop.com>
Subject: Re: problems with Tk and NT4
Message-Id: <8njbgu$1pe$1@pollux.ip-plus.net>
hi
i got problems with the firewall.i have tryed with the set-variables , but i
did not work.
cu chris
------------------------------
Date: Fri, 18 Aug 2000 11:32:29 GMT
From: kingofkingston@my-deja.com
Subject: Re: read files from dir then write as csv???
Message-Id: <8nj6sd$h7p$1@nnrp1.deja.com>
In article <399C27B9.9A7EF4AC@vpservices.com>,
Jeff Zucker <jeff@vpservices.com> wrote:
>
> There are many ways to do this. Here is one way using DBI (which you
> are probably already using for Oracle) and DBD::RAM. It creates a
> single CSV file called 'alldata.csv' that has three columns --
> table_name, date, and rows. It gathers its data from whatever list of
> files you feed it (just put in your list of files where I have
> 'clpm1','clpm2', etc.
>
> #!/usr/local/bin/perl -w
> use strict;
> use DBI;
> my $dbh = DBI->connect('DBI:RAM:',,,{RaiseError=>1});
> $dbh->func([['alldata','CSV','alldata.csv']],'catalog');
> $dbh->do(qq/
> CREATE TABLE alldata (
> table_name TEXT,
> date TEXT,
> rows INTEGER
> )/);
> my $sth = $dbh->prepare(qq/
> INSERT INTO alldata VALUES(?,?,?)
> /);
> for my $file('clpm1','clpm2') {
> open(IN,$file) or die "Can't open $file: $!";
> my $date = <IN>;
> $date =~ s/.*,(.*)\n/$1/;
> while (<IN>) {
> chomp;
> my($table_name,$rows) = split ',';
> $sth->execute($table_name,$date,$rows);
> }
> close(IN) or die "Can't close $file: $!";
> }
> __END__
>
> --
> Jeff
>
Many thanks for the reply Jeff. Looks like a good solution,
(particularly as you wrote the module :-) ). Unfortunately I dont think
I'll be able to implement it as the unix box the Ora DB is on is a
client's box (internal department) and they are being very cranky about
having to install things on it. Seems very silly to me.
It look like I'll have to resort to using arrays and hashes to
manipulate the data in the files, and find some way of outputing a CSV
file.
If anyone has another suggestion, it would be most appreciated.
Thanks
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Fri, 18 Aug 2000 13:41:58 +0200
From: Jonas Reinsch <Jonas.Reinsch@ppi.de>
Subject: Re: Regex Alternation Question
Message-Id: <399D2106.184AAF56@ppi.de>
At first, thanks to all of you out there investing time for
thinking about my question.
What I want to do now is to sum up some of your replies and
outline my question a bit more precise (I guess from some
of your answers that it was not precise enough).
a) tzz@iglou.com (Teodor Zlatanov) and nobull@mail.com
both suggested looking at the FAQ solution to the
question: How do I efficiently match many regular
expressions at once?
In principle, the solution(s) suggest(s) to use separate
matching instead of an alternation.
This is faster (yes, even without precompilation), but
it doesn't do the same. Consider the following:
$string = "bla bli blub";
$string =~ /(blub)|(bli)|(bla)/; # (bla) matches
$string=~/(blub)/||$string=~/(bli)/||$string=~/(bla)/;#
(blub) #
matches
That is, using seperate matching, the order of the
patterns matters, while it doesn't when using an
alternation (neglecting of course cases like
$reg1="match";$reg2="matched").
Of course problems exist where the two solutions are
interchangable, but in other cases, they aren't.
b) Larry Rosler <lr@hpl.hp.com> suggested using $+. Of
course he's right when he claims that all his
patterns are literal strings (and I don't want to
prevent him from popularizing the use of $+ ;-) ).
But, on the other hand, mjd@plover.com (Mark-Jason Dominus)
is right when he says:
> You don't want to know what the matching substring is;
> you want to know *which* pattern matched.
Let me clarify that: Each part of the alternation
can be anything that is a valid regex (again excluding
further catching parentheses). When I used
literal strings myself in example (a, see above),
this was only for clarity.
c) In the description of my problem I was not precise enough:
I said:
>> But with alternations consisting of many parts it becomes
>> rather slow.
(the loop over the array containing the match as one element)
mjd@plover.com (Mark-Jason Dominus) is right when he says:
> I'm very surprised by that. I use it regularly on
> alternations with a few thousand parts and I have not
> noticed that it is slow. My feeling is that if it is slow
> to run a simple loop over an array, then you have a
> more serious problem.
Sorry for my misleading statement. The thing is, I use the
algorithm as part of an inner loop (and I have nearly 3000
alternatives), so with precompiling the alternation, I think
that the loop over the array *does* cost a noticable amount
of time (currently I'm doing profiling tests).
So to reformulate my question:
I'm thinking of a feature analogous to $+.
While $+ gives the text that was matched
by the last matching parenthesized pattern,
the feature I think of would give the pattern of
the last matching parenthesized pattern.
Do you think that such a feature would be
-useful (given it's fast); I mean useful to more people
than just me
-possible to implement (again, I didn't do something like
this before)?
Or, has anybody already started implementing anything
similar?
Apart from this, thank you for all your optimizations and
hints, I didn't think of many of them before.
Thanks, Jonas.
------------------------------
Date: 18 Aug 2000 11:06:23 GMT
From: Adrian Taylor <at99@active22.doc.ic.ac.uk>
Subject: Regex: finding location in (?{})
Message-Id: <8nj5bf$j62$1@lux.doc.ic.ac.uk>
Hi folks
I have a regular expression with (?{}) in it. The code inside that
calls a function to check whether the last match was a noun, a verb
or something else. For instance:
(\w+?)(?{ $wasNoun = isNoun($+); })
which works fine. However I am using a parser which decides word
types on the basis of their context in the sentence; i.e. if there
are two words "fly" in the sentence one might be a noun and one
might be a verb. So when I check isNoun($+) I have no way of
knowing which "fly" it would be referring to.
So I wonder if there is a variable somewhere which can tell me,
from within the (?{}) block, how far through the string it is
at that point, in terms of the number of characters since the
beginning of the string. If I passed that to is_noun then it would
be able to verify the word type of the correct word instead of just
hoping there is only one instance of "fly" in the sentence.
Does such a variable exist?
I could extract the word using () and then check it afterwards,
using the length of $' or something, but I'm extracting various
other things from the sentences and it would be *much* easier to
check it in-line.
Thanks for any help.
Cheers
Ade
------------------------------
Date: 18 Aug 2000 12:48:16 -0000
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Regex: finding location in (?{})
Message-Id: <8njbag$oed$1@lublin.zrz.tu-berlin.de>
Adrian Taylor <at99@active22.doc.ic.ac.uk> wrote in comp.lang.perl.misc:
>Hi folks
>
>I have a regular expression with (?{}) in it. The code inside that
>calls a function to check whether the last match was a noun, a verb
>or something else. For instance:
>
>(\w+?)(?{ $wasNoun = isNoun($+); })
>
>which works fine. However I am using a parser which decides word
>types on the basis of their context in the sentence; i.e. if there
>are two words "fly" in the sentence one might be a noun and one
>might be a verb. So when I check isNoun($+) I have no way of
>knowing which "fly" it would be referring to.
>
>So I wonder if there is a variable somewhere which can tell me,
>from within the (?{}) block, how far through the string it is
>at that point, in terms of the number of characters since the
>beginning of the string. If I passed that to is_noun then it would
>be able to verify the word type of the correct word instead of just
>hoping there is only one instance of "fly" in the sentence.
>Does such a variable exist?
Yes, or rather no. It's not a variable but a function named pos
(look-upable in perldoc -f), and pos( $str) gives you the position
of the place where the last m///g ended. Note that you need the
/g modifier for this to work, even if you aren't going for multiple
matches.
As a quick demo, the following line builds a hash with the words in
$str for keys and their positions for values:
1 while $str =~ /(\w+)(?{ $h{ $+} = pos( $str) - length $+})/g;
Anno
------------------------------
Date: Fri, 18 Aug 2000 14:42:04 +0200
From: "Guenther Degenfelder" <guenther.degenfelder@datev.de>
Subject: Re: Running Perl-Script as NT-Service
Message-Id: <399d2fa1$1@news.datev.de>
"Guenther Degenfelder" <guenther.degenfelder@datev.de> schrieb im
Newsbeitrag news:399c0912$1@news.datev.de...
> Yes. Very ugly. I know...
...
Thank you for the very helpful hints!!!
The solution with SRVANY (NT ResKit) is running!!!
The Win32::Deamon module sounds very good, but yet i haven't tested it.
I'm sure it will run too!
rgds
Guenther
------------------------------
Date: 18 Aug 2000 11:04:37 GMT
From: mgjv@tradingpost.com.au (Martien Verbruggen)
Subject: Re: SUID in perl
Message-Id: <slrn8pq62m.6h5.mgjv@martien.heliotrope.home>
On Thu, 17 Aug 2000 14:31:13 -0700,
Jürgen Exner <juex@deja.com> wrote:
> "Lithium" <lithium@ev1.net> wrote in message
> news:spo8e2bfr5j53@corp.supernews.com...
> > After asking a dumb question, doing research using the info I was
> > (thankfully) given, and going down a number of other avenues, I now know
> how
> > to write a program that uses suid in C (which is all the manpages seem to
> > cover on this area). Regrettably, I needed to do this in perl. I can't
> > find a command remotely like setuid or setguid or anything similar for
> perl,
> > and so far haven't found a module that seems to do something similar to
> the
> > c library for it.
>
> You don't want to.
You don't know that. The poster already seems to be writing this stuff
in C. All that's wanted is a pointer to some documentation on how to do
it in Perl. A better answer is
# perldoc perlseo
or, Read the manual.
You could just say something like 'If you don't know already: Be
careful', 'Make sure you know what you're doing', or 'Be aware that
there are security issues'. But perlsec explains that.
> Just the other day there was a CERT advise about a security issue with SUID
> Perl, affecting all versions of Perl.
There isn't a security issue with perl itself, but with the suidperl (or
sperl) binary. Not the same thing. However, on some systems the suidperl
binary can be used to do the setuid thing. If yours is one of those
systems: Don't do it, or make sure you install a version of suidperl
that doesn't use /bin/mail (i.e. apply the patch). Even better: write a
dedicated C wrapper, as the perlsec pageadvises you to do. I never
install suidperl.
Martien
--
Martien Verbruggen |
Interactive Media Division | Hi, Dave here, what's the root
Commercial Dynamics Pty. Ltd. | password?
NSW, Australia |
------------------------------
Date: Fri, 18 Aug 2000 10:29:16 GMT
From: jponder9@my-deja.com
Subject: version control win32
Message-Id: <8nj35f$d7k$1@nnrp1.deja.com>
hi all,
My colleague and I r experiencing problems when working on the
same code modules with version control (e.g. how we incorporate each
others updates!) Does anyone know of good version control software
suitable for Perl on Win32? It will make us so much more productive!!
:-)
Thanx,
Jimbo
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Fri, 18 Aug 2000 11:10:17 GMT
From: Jonathan Stowe <gellyfish@gellyfish.com>
Subject: Re: version control win32
Message-Id: <tQ8n5.226$NE3.22426@news.dircon.co.uk>
On Fri, 18 Aug 2000 10:29:16 GMT, jponder9@my-deja.com Wrote:
> hi all,
> My colleague and I r experiencing problems when working on the
> same code modules with version control (e.g. how we incorporate each
> others updates!) Does anyone know of good version control software
> suitable for Perl on Win32? It will make us so much more productive!!
CVS is available for Windows. However this questioned would be better
asked in a general programming group as it is not specific to Perl.
/J\
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 4056
**************************************
