[16671] in Perl-Users-Digest
Perl-Users Digest, Issue: 4083 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Mon Aug 21 14:12:39 2000
Date: Mon, 21 Aug 2000 11:10:22 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <966881422-v9-i4083@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Mon, 21 Aug 2000 Volume: 9 Number: 4083
Today's topics:
opening several files with the same file handle <davem@skantech.net>
Re: opening several files with the same file handle <abe@ztreet.demon.nl>
Re: opening several files with the same file handle nobull@mail.com
Re: opening several files with the same file handle <amonotod@netscape.net>
Re: Parsing a variable (B Gannon)
Re: PERL and FTP nobull@mail.com
Re: Perl cgi-wrap issues and security problems <john@thinman.com>
Re: Perl CGI/forms question <eric.kort@vai.org>
Re: PERL file handling skesavan@my-deja.com
Re: perl's -T switch. (Greg Bacon)
Re: perl's -T switch. <care227@attglobal.net>
Re: perl's -T switch. (Greg Bacon)
Re: perl's -T switch. (Abigail)
Re: perl's -T switch. (Abigail)
Re: Pretty-printer - why not? (Greg Bacon)
regexing html-like tags <blair@geo-NOSPAM-soft.org>
Re: Search and replace character sections (Greg Bacon)
Template In/File Out <arawn_the_hunter@hotmail.com>
Re: Template In/File Out <tina@streetmail.com>
Re: Unpack won't unpack 1A 01 (liitle endian). <abe@ztreet.demon.nl>
Re: Unpack won't unpack 1A 01 (liitle endian). <eric.kort@vai.org>
Re: Unpack won't unpack 1A 01 (liitle endian). <lr@hpl.hp.com>
website member admin/authenticate package nicros@my-deja.com
Re: website member admin/authenticate package <amonotod@netscape.net>
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Mon, 21 Aug 2000 11:24:50 -0400
From: "David Mears" <davem@skantech.net>
Subject: opening several files with the same file handle
Message-Id: <39a149de.0@news.skantech.net>
I loaded a list of files to open (via opendir) in the array @items. It's
supposed to open each of these files via the same file handle, read it,
process it, and move on to the next file.
There seams to be a memory leak which I can't find associated with the way
I'm doing it. The first two files it processes in seconds. The third file,
which is about the same size as the first two loads really slowly. I think
it's slowing down further the further into it it goes.. clearing the array
doesn't do good things, pre-extending it doesn't seam to help much.. It
took several tries to get even this performance out of it. should I be
clearing the file handle? killing the array.. what? This isn't
specifically critical, but it vastly simplifies the process of going though
logs.
here's the version information:
This is perl, v5.6.0 built for MSWin32-x86-multi-thread
(with 1 registered patch, see perl -V for more detail)
Copyright 1987-2000, Larry Wall
Binary build 616 provided by ActiveState Tool Corp.
http://www.ActiveState.com
Built 13:47:17 Jul 14 2000
here's the source that I think is important.
Thanks in advance.
foreach $t_item (@items)
opendir (searchdir, $Root);
@thedirs = readdir(searchdir);
closedir(searchdir);
@sorta = sort {Decode_Month($b) <=> Decode_Month($a)} @thedirs;
foreach $thedir (@sorta)
{
if (($thedir ne ".") and ($thedir ne ".."))
{
$newroot = $Root . "/" . $thedir;
opendir (search2, $newroot);
@thedir2 = readdir(search2);
closedir(search2);
@sorteddir = sort {substr($a,8) <=> substr($b,8)} @thedir2;
foreach $the2 (@sorteddir)
{
if ($the2 =~ "^VPRAcct.")
{
$items[$nn_x] = $newroot . "/" . $the2;
$nn_x = $nn_x + 1;
}
}
}
}
{
print "\nOpening ",$t_item,"\n";
# $t_item = $items[x_cnt];
$t_item = "<" . $t_item;
open (DATABASE,$t_item) or die "Can't Open Radius Log.";
&processentrys;
close (DATABASE);
}
sub processentrys
{
print "Loading...";
@allentries = <DATABASE>;
print "Done, ",$#allentries + 1," lines.\n";
$n_line = 0;
foreach $_ (@allentries)
{
process stuff....
}
}
Dave Mears
Programmer/Webmaster Skantech Personal Computers
------------------------------
Date: Mon, 21 Aug 2000 19:14:51 +0200
From: Abe Timmerman <abe@ztreet.demon.nl>
Subject: Re: opening several files with the same file handle
Message-Id: <s9k2qs888vt2541givehdon8i8t0kiko3r@4ax.com>
On Mon, 21 Aug 2000 11:24:50 -0400, "David Mears" <davem@skantech.net>
wrote:
> I loaded a list of files to open (via opendir) in the array @items. It's
> supposed to open each of these files via the same file handle, read it,
> process it, and move on to the next file.
>
> There seams to be a memory leak which I can't find associated with the way
> I'm doing it. The first two files it processes in seconds. The third file,
> which is about the same size as the first two loads really slowly. I think
> it's slowing down further the further into it it goes.. clearing the array
> doesn't do good things, pre-extending it doesn't seam to help much.. It
> took several tries to get even this performance out of it. should I be
> clearing the file handle? killing the array.. what? This isn't
> specifically critical, but it vastly simplifies the process of going though
> logs.
>
[snip of perl -v]
> here's the source that I think is important.
>
> Thanks in advance.
As a general note: I think you start scoping your variables properly and
let them live only where needed. All these global variables live
throughout your program and occupy memory and make 'memory leaks' very
hard to find.
Use the strict pragma and enable warnings as they help you with these
(and other) issues. Start your program with:
#!/path/to/your/perl -w
use strict;
>
> foreach $t_item (@items)
syntax error: missing '{'
I think this line should be somewhere else. You will get more helpful
responses in this group if you post code that compiles.
>
> opendir (searchdir, $Root);
You should check the result of that opendir() (as you did with the
file).
opendir SEARCHDIR, $Root or die "Can't opendir '$Root': $!";
It is convention to use all uppercase names for file/dir handles.
> @thedirs = readdir(searchdir);
> closedir(searchdir);
> @sorta = sort {Decode_Month($b) <=> Decode_Month($a)} @thedirs;
From what follows, I understand you only have subdirectories in this
directory ($Root). I would still check if that were true and throw away
'.' and '..'. There seems to be a naming convention for the directories,
I would use that to select only the valid ones.
something like:
my @thedirs = grep {
-d "$Root/$_" && name_ok($_) } readdir SEARCHDIR;
The sort is very inefficient and you might want to look at a better
alternative like Schwartz Transform (see the perlfunc manpage for sort):
perldoc -f sort
> foreach $thedir (@sorta)
> {
> if (($thedir ne ".") and ($thedir ne ".."))
> {
> $newroot = $Root . "/" . $thedir;
> opendir (search2, $newroot);
Again, you should check the result of opendir().
> @thedir2 = readdir(search2);
I would use grep again to get only the filenames I wanted. Your regex
isn't very clear and not really a regex. But something like:
my @thedir2 = grep {
-f "$newroot/$_" && /^VPRAcct\./ } readdir SEARCH2;
You can then sort it and use map() to prepend the directory
my @sorteddir = map "$newroot/$_" =>
sort {substr($a,8) <=> substr($b,8)} @thedir2;
and push @sorteddir onto @items.
Or do it all in one go like (using Schwartz Transform to sort):
push @items, map "$newroot/$_->[-1]" =>
sort { $a->[0] <=> $b->[0] }
map { [ substr($_, 8), $_ ] } @thedir2;
> closedir(search2);
...
> }
>
I think this is where you wanted that first foreach line.
> {
> print "\nOpening ",$t_item,"\n";
> # $t_item = $items[x_cnt];
> $t_item = "<" . $t_item;
> open (DATABASE,$t_item) or die "Can't Open Radius Log.";
It would help you more if you included '$!' in that diagnostic.
I don't like this construct of opening the file here and reading it
elsewhere. Why don't you do the complete processing in processentrys()
and pass it the file name?
processentrys($_) for @items;
...
>
> sub processentrys
> {
> print "Loading...";
> @allentries = <DATABASE>;
Is this really necessary? It looks like you are going to process the
file line by line, why not read it line by line?
sub processentrys {
my($fname) = @_;
print "Opening '$fname'\n";
local *DATABASE;
open DATABASE, $fname or die "Can't open '$fname': $!";
while ( <DATABASE> ) {
#process stuff
# $_ is the last line read from the file
}
print "Processed $. lines in file '$fname'.\n";
close DATABASE;
}
Since you don't show what happens during the processing, it's hard to
say where your program consumes memory if indeed at all.
--
Good luck,
Abe
------------------------------
Date: 21 Aug 2000 18:04:01 +0100
From: nobull@mail.com
Subject: Re: opening several files with the same file handle
Message-Id: <u91yziczr2.fsf@wcl-l.bham.ac.uk>
"David Mears" <davem@skantech.net> writes:
> There seams to be a memory leak which I can't find associated with the way
> I'm doing it. The first two files it processes in seconds.
> here's the source that I think is important.
Please make sure before you post. Top-and-tail the source you think
it important so that it actually runs, then check that it really does
reproduce the problem then post this actual source to the group.
Before you do that it's probably a good idea to fix all the things
that are wrong with the code and will distract us from seeing your
real problem.
> foreach $t_item (@items)
I think your cut-and-paste has gone mad. This belongs below.
You've missed out my. In general the loop control variable in a for
statement should always be prefixed my.
> opendir (searchdir, $Root);
You've missed out the "or die" clause.
> @thedirs = readdir(searchdir);
You've missed out my.
> closedir(searchdir);
> @sorta = sort {Decode_Month($b) <=> Decode_Month($a)} @thedirs;
You should consider a Swartzian-transform.
> foreach $thedir (@sorta)
You've missed out my.
> {
> if (($thedir ne ".") and ($thedir ne ".."))
> {
> $newroot = $Root . "/" . $thedir;
This is more simply written as:
$newroot = "$Root/$thedir";
> opendir (search2, $newroot);
You've missed out the "or die" clause.
> @thedir2 = readdir(search2);
You've missed out my.
> closedir(search2);
> @sorteddir = sort {substr($a,8) <=> substr($b,8)} @thedir2;
You should consider a Swartzian-transform.
> foreach $the2 (@sorteddir)
You've missed out my.
> {
> if ($the2 =~ "^VPRAcct.")
This is better written as:
if ($the2 =~ /^VPRAcct./ )
> {
> $items[$nn_x] = $newroot . "/" . $the2;
> $nn_x = $nn_x + 1;
> }
This is better done as:
push @items, "$newroot/$the2"
> }
> }
> }
In fact the whole preceding section is better written as
push @items, map { "$newroot/$_" } grep { /^VPRAcct./ } readdir(search2);
This is where the foreach at the start should be.
> {
> print "\nOpening ",$t_item,"\n";
> # $t_item = $items[x_cnt];
> $t_item = "<" . $t_item;
> open (DATABASE,$t_item) or die "Can't Open Radius Log.";
Bare in mind that $t_item is an alais for an entry in @items. You
probably don't want to be munging @items. You should also report the
error. So make that:
open (DATABASE,"<$t_item") or die "Can't Open Radius Log $t_item: $!";
> &processentrys;
> close (DATABASE);
> }
>
>
> sub processentrys
> {
> print "Loading...";
> @allentries = <DATABASE>;
You've missed out my.
> print "Done, ",$#allentries + 1," lines.\n";
This is more conventionally written as:
print "Done, ",scalar(@allentries)," lines.\n";
> $n_line = 0;
> foreach $_ (@allentries)
The whole point of $_ is that it is the default variable. If you are
going to explicitly name the variable don't use $_. If you want to
use $_ don't name it.
> {
> process stuff....
You memory leak is probably in there.
> }
> }
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
------------------------------
Date: Mon, 21 Aug 2000 17:53:19 GMT
From: amonotod <amonotod@netscape.net>
Subject: Re: opening several files with the same file handle
Message-Id: <8nrqa7$t61$1@nnrp1.deja.com>
In article <39a149de.0@news.skantech.net>,
"David Mears" <davem@skantech.net> wrote:
> I loaded a list of files to open (via opendir) in the array @items.
> It's supposed to open each of these files via the same file handle,
> read it, process it, and move on to the next file.
>
<snipped>
> here's the source that I think is important.
>
> Thanks in advance.
<snipped a ho'lotta'source>
Dave,
Here's some code I wrote a while back, just goofing around. It does a
perlfaq type search on the Perl install directory (very crude, and not
always helpful, perlfaq or perldoc are *much* better), but it may be
helpful to what you're doing...
#!perl -w
# faqgrep.pl
# by amonotod
# usage: perlfaq.pl pattern
use strict;
use File::Find;
my (@dirstruct, $status, $pattern);
my $faq_directory = 'd:/perl/';
foreach (@ARGV) {
if ($pattern) {
$pattern = "$pattern ". $_;
} else {
$pattern = $_;
}
}
#print "$pattern |\n";
$_ = $pattern;
if (m/\s\s/) {
die "no pattern available: $!";
}
find (\&wanted, $faq_directory);
print "Finding files in $faq_directory now...\n";
foreach my $afile (@dirstruct) {
$status = 0;
unless (open (FILE, $afile)) { die "Can't open $afile\n"; }
while ($_ = <FILE>){
if (m/$pattern/) {
$status = 1;
}
}
unless (close (FILE)) { die "Could not close $afile\n"; }
if ($status == 1) {
print "$pattern present in $afile\n";
}
}
sub wanted {
my $entry = "$File::Find::name" if -e;
push @dirstruct, $entry if (($entry ne '') && (( m/pod/) and (substr
$entry, 0, -3)));
}
HTH,
amonotod
--
`\|||/ amonotod@
(@@) netscape.net
ooO_(_)_Ooo________________________________
_____|_____|_____|_____|_____|_____|_____|_____|
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: 21 Aug 2000 15:52:35 GMT
From: admin@kopnews.co.uk (B Gannon)
Subject: Re: Parsing a variable
Message-Id: <8nrj83$lcs$1@news.liv.ac.uk>
Thanks for all the help. My final soloution is:-
@split = split(/\?/,$foo);
$address1 = $split[0];
$subject1 = $split[1];
($address) = $address1 =~ /^mailto:([^?]+)$/;
($subject) = $subject1 =~ /^subject:([^?]+)$/;
$foo is a mailto link which takes the form of mailto:emailaddress?subject=test
or
mailto:emailaddress?subject=test
or
mailto:emailaddress?subject=test?body=whatever.
The code above splits it into:-
mailto:emailaddress
subject=test
then to just:-
emailaddress
test
The good thing is that the code above works even if there is no subject given.
Thanks again for all your help.
B Gannon
http://www.kopnews.co.uk
------------------------------
Date: 21 Aug 2000 18:44:41 +0100
From: nobull@mail.com
Subject: Re: PERL and FTP
Message-Id: <u9wvhabjau.fsf@wcl-l.bham.ac.uk>
dob_3001@my-deja.com writes:
> We want to steer clear of FTP due to the size the log file gets (we do
> a transfer every 3ish seconds).
Sounds like a serious case of thowing the baby out with the bath
water. Why not just disable logging! Or if you want logging on the
main FTP server why not install another FTP server on a non-standard
port.
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
------------------------------
Date: Mon, 21 Aug 2000 16:27:07 GMT
From: John van V <john@thinman.com>
Subject: Re: Perl cgi-wrap issues and security problems
Message-Id: <8nrl82$n4f$1@nnrp1.deja.com>
> >>1. CGI-wrap is the only solution?
Wow, what a can of worms.
Facing the truth head on for a minute, half the apps I have down loaded
are suid or sudo (like there is a difference). I still cant see an easy
way to join the shell logins and cgi seamlessly wrt to permissions.
Futhermore, all the best code uses eval somewhere.
Josh Kronenberg helped me a little here, but I think we need module to
end the debate.
Shell also needs to be protected.
> Alternatively the Opcode module allows you to disable groups of
functions
> this could be turned on in a small wrapper if necessary.
And this is perl6 :), file/directory permissions on the modules.
> In the end however minimizing the risk ...
> ...is down to good administration.
Keep in mind good adm is really expensive if you have to pay for it ;)
Thats why I think we need a wrapper module, just end it once and for
all.
I'm beginning to think that the answer is virtual machines running on a
LibOS, oh yeah, I nearly forgot.... PerlOS
http://puny.vm.com/cgi-bin/Depth/?depth=PerlOS
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Mon, 21 Aug 2000 10:56:29 -0400
From: "Eric" <eric.kort@vai.org>
Subject: Re: Perl CGI/forms question
Message-Id: <8nrfto$10h4$1@msunews.cl.msu.edu>
You are on base, Ted. The problem arises when you invoke a shell command
from your perl script, and the command uses parameters passed from a form.
Malicious user input may invoke additional commands. A security check is to
strip out meta characters (including semi-colons, pipes, etc.), or not use
shell commands. So, most important is to verify that the data coming in
from a form is what you had in mind and contains no meta characters by
testing for a regular expression like this:
if (/([;<>\*|'&\$!#(\)\[\]\{\}:'"])/){ # assuming you don't expect any of
those charcters
#write a warning to the log
#write a warning to the web browser
#end script execution
}
For an overview of these and other issues (including how to avoid the shell
altogether) see http://www.w3.org/Security/Faq/www-security-faq.html (I'm
certainly no security expert, so read this over).
"Ted Marz" <tfm@sei.cmu.edu> wrote in message
news:39A131E7.3F95A397@sei.cmu.edu...
> My understanding is that it is not so much a security issue, but a
> configuration management issue.
>
> Rather than having to maintain 2 items (a chunk of HTML, and a
> processing program), you only have to maintain 1 item, which happens to
> be both. This way you know that the form and the form processor are in
> sync with each other.
>
> Someone can always create a different input document and try to route
> this into your processing script... there is (in general) no way to keep
> this from happening. So, all you can do is do a complete job of
> verifying your input.
>
> There are other security problems with CGI, if I remember correctly.
> Seems that there was a way you could format a combined string, and part
> of it would be executed by a script processor, and part could be
> executed by the shell under the webservers permissions. I didn't look
> into this in detail, and haven't kept up to date, so I may be completely
> off base.
>
> Ted
>
>
> arctic@pdinnen.plus.com wrote:
> >
> > ATM i am working on a project, a simple form with some Perl (Win32)
> > scripted validation writing to a flat file. This project involves my
> > looking at security issues, which i haven't got much experience in. I
> > have looked at various FAQs, including: -
> >
> > http://www.go2net.com/people/paulp/cgi-security/safe-cgi.txt
> > http://www.perl.com/CPAN-local/doc/FAQs/cgi/wwwsf1.html
> >
> > I would be interested in any other useful CGI/Perl security resources
> > thart people can reccomend.
> >
> > My specific query is regarding the use of HTML forms. The scripts that
> > i have inherited generate the HTML of the form page from within the
> > script and then process the returned data within the same script. As
> > far as i can see it would be simpler to write the form as a straight
> > HTML page and only use Perl to validate and store the data. However i
> > might be missing something, can anyone suggest any security benefits to
> > either of these methods.
> >
> > Thanks, Patrick Dinnen
> >
> > Sent via Deja.com http://www.deja.com/
> > Before you buy.
------------------------------
Date: Mon, 21 Aug 2000 15:16:14 GMT
From: skesavan@my-deja.com
Subject: Re: PERL file handling
Message-Id: <8nrh39$ho1$1@nnrp1.deja.com>
In article <8nqgq0$dhl$1@nnrp1.deja.com>,
srikdvs@my-deja.com wrote:
> I am using a PERL script to split an input file.What is the maximum
> file size that PERL can handle?When I used a 3.6GB file the script
> failed.What is the alternative for handling such big files??
>
You can try the IO::Handle module to get a file descriptor and then use
the sysread or read command to read blocks of data.
Refer the manual for IO::Handle provides for more info.
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Mon, 21 Aug 2000 16:22:35 GMT
From: gbacon@HiWAAY.net (Greg Bacon)
Subject: Re: perl's -T switch.
Message-Id: <sq2lqbcq87v47@corp.supernews.com>
In article <39A13645.94BDC1@attglobal.net>,
Drew Simonis <care227@attglobal.net> wrote:
: Abigail wrote:
:
: > Probably. But not because of this statement. In the posted program, the
: > above line never gets executed.
:
: I thought that any data from the shift function was immediately
: considered tainted? Or is it only if that data is used to act
: on an external file or process?
Nope and nope. Read man perlsec.
: Also, why does the line not get executed? (I am assuming that the
: real code has data being passed to that sub. Are you not making
: that assumption?)
New here, aren't you? :-) It's perilous to make any assumptions about
someone else's code.
Greg
--
Working in groups is difficult when you're omnipotent.
-- Q
------------------------------
Date: Mon, 21 Aug 2000 12:46:40 -0400
From: Drew Simonis <care227@attglobal.net>
Subject: Re: perl's -T switch.
Message-Id: <39A15CF0.7DB01ADD@attglobal.net>
Greg Bacon wrote:
>
> In article <39A13645.94BDC1@attglobal.net>,
> Drew Simonis <care227@attglobal.net> wrote:
>
> : Abigail wrote:
> :
> : > Probably. But not because of this statement. In the posted program, the
> : > above line never gets executed.
> :
> : I thought that any data from the shift function was immediately
> : considered tainted? Or is it only if that data is used to act
> : on an external file or process?
>
> Nope and nope. Read man perlsec.
>
I did read perlsec, and the only example I find on shift is:
:For example:
:
: $arg = shift; # $arg is tainted
shift is never mentioned again. So, if a scalar extracted from
a shift is not always tainted, under what circumstances is it?
I suppose that if the shifted value wasn't considered tainted
in the array it was shifted from, then it is OK, is this correct?
------------------------------
Date: Mon, 21 Aug 2000 17:01:13 GMT
From: gbacon@HiWAAY.net (Greg Bacon)
Subject: Re: perl's -T switch.
Message-Id: <sq2o2po087v124@corp.supernews.com>
In article <39A15CF0.7DB01ADD@attglobal.net>,
Drew Simonis <care227@attglobal.net> wrote:
: Greg Bacon wrote:
:
: > [...] Read man perlsec.
:
: I did read perlsec, and the only example I find on shift is:
:
: :For example:
: :
: : $arg = shift; # $arg is tainted
:
: shift is never mentioned again. So, if a scalar extracted from
: a shift is not always tainted, under what circumstances is it?
Here's the rule (from the fourth paragraph of the perlsec manpage):
You may not use data derived from outside your program to affect
something else outside your program--at least, not by accident.
All command line arguments, environment variables, locale
information (see the perllocale manpage), results of certain system
calls (readdir, readlink, the gecos field of getpw* calls), and all
file input are marked as "tainted". Tainted data may not be used
directly or indirectly in any command that invokes a sub-shell, nor
in any command that modifies files, directories, or processes.
(Important exception: If you pass a list of arguments to either
`system' or `exec', the elements of that list are NOT checked for
taintedness.)
: I suppose that if the shifted value wasn't considered tainted
: in the array it was shifted from, then it is OK, is this correct?
Right. Remember that shift()'s implicit operand depends on the context.
Inside a subroutine, that operand is @_. Otherwise, it's @ARGV, and
@ARGV is tainted.
Greg
--
Our game plan is first year, a .500 season. Second year, a conference
championship. Third year, undefeated. Fourth, a national championship.
And by the fifth year, we'll be on probation, of course.
-- Bear Bryant
------------------------------
Date: 21 Aug 2000 17:29:21 GMT
From: abigail@foad.org (Abigail)
Subject: Re: perl's -T switch.
Message-Id: <slrn8q2pm8.tj3.abigail@alexandra.foad.org>
Drew Simonis (care227@attglobal.net) wrote on MMDXLVII September MCMXCIII
in <URL:news:39A13645.94BDC1@attglobal.net>:
\\ Abigail wrote:
\\ >
\\ > Drew Simonis (care227@attglobal.net) wrote on MMDXLIV September MCMXCIII
\\ > in <URL:news:399DAB51.8D5DF8A0@attglobal.net>:
\\ > ][ Jordan Katz wrote:
\\ > ][ >
\\ > ][ > my $url = shift;
\\ > ][
\\ > ][ Tainted.
\\ >
\\ > Probably. But not because of this statement. In the posted program, the
\\ > above line never gets executed.
\\
\\ I thought that any data from the shift function was immediately
\\ considered tainted? Or is it only if that data is used to act
\\ on an external file or process?
\\
\\ Also, why does the line not get executed? (I am assuming that the
\\ real code has data being passed to that sub. Are you not making
\\ that assumption?)
Both questions can be answered by the same answer: the line is in a sub.
Hence, shift shifts out of @_, not @ARGV, and the sub never gets called.
Abigail
--
perl -le 's[$,][join$,,(split$,,($!=85))[(q[0006143730380126152532042307].
q[41342211132019313505])=~m[..]g]]e and y[yIbp][HJkP] and print'
------------------------------
Date: 21 Aug 2000 17:33:02 GMT
From: abigail@foad.org (Abigail)
Subject: Re: perl's -T switch.
Message-Id: <slrn8q2pt6.tj3.abigail@alexandra.foad.org>
Drew Simonis (care227@attglobal.net) wrote on MMDXLVII September MCMXCIII
in <URL:news:39A15CF0.7DB01ADD@attglobal.net>:
|| Greg Bacon wrote:
|| >
|| > In article <39A13645.94BDC1@attglobal.net>,
|| > Drew Simonis <care227@attglobal.net> wrote:
|| >
|| > : Abigail wrote:
|| > :
|| > : > Probably. But not because of this statement. In the posted program, the
|| > : > above line never gets executed.
|| > :
|| > : I thought that any data from the shift function was immediately
|| > : considered tainted? Or is it only if that data is used to act
|| > : on an external file or process?
|| >
|| > Nope and nope. Read man perlsec.
|| >
||
|| I did read perlsec, and the only example I find on shift is:
||
|| :For example:
|| :
|| : $arg = shift; # $arg is tainted
||
|| shift is never mentioned again. So, if a scalar extracted from
|| a shift is not always tainted, under what circumstances is it?
It doesn't matter what function is used. It matters where the data
comes from. It's the where, not the how that matters. The example
from perlsec shifts from @ARGV, which contains tainted data.
The line in the quoted program shifts from @_. In general, @_ may,
or may not contain tainted data. In the quoted program, the sub never
actually gets called, so there's never anything in @_, nor does anything
get shifted out.
|| I suppose that if the shifted value wasn't considered tainted
|| in the array it was shifted from, then it is OK, is this correct?
Correct.
Abigail
--
map{${+chr}=chr}map{$_=>$_^ord$"}$=+$]..3*$=/2;
print "$J$u$s$t $a$n$o$t$h$e$r $P$e$r$l $H$a$c$k$e$r\n";
------------------------------
Date: Mon, 21 Aug 2000 16:40:06 GMT
From: gbacon@HiWAAY.net (Greg Bacon)
Subject: Re: Pretty-printer - why not?
Message-Id: <sq2mr6ig87v93@corp.supernews.com>
In article <39a0b398$0$72520$3c090ad1@news.plethora.net>,
Peter Seebach <seebs@plethora.net> wrote:
: I know you're supposed to "just write it right in the first place",
: but as someone who gets called in to *fix* 5,000 line perl programs
: with, uhm, "sporadic" indentation, I really wish this would get done.
We're getting closer. Simon Cozens is writing a Perl parser (but I
don't know the status).
: No, I'm not volunteering, just griping, and reminding everyone that
: you don't always *get* to write the code right the first time, because
: it may not be your code.
:
: I just have to share this example:
:
: if ($a{'b'} eq "c") {
: $a{'d'} =~ s/\s+/\|/g; }
:
: Note the careful alignment of braces.
Been there, feel your pain. Have you considered using B::Deparse as
a pretty printer until we have a real one? Here's its output for your
example:
% perl -MO=Deparse
if ($a{'b'} eq 'c') {
$a{'d'} =~ s/\s+/\|/g; }
- syntax OK
if ($a{'b'} eq 'c') {
$a{'d'} =~ s/\s+/|/g;
}
Some of the results can be a little disconcerting, but it gets
indentation right and helps me see how weird code parses, e.g.,
% perl -MO=Deparse -e 'y===c'
-e syntax OK
tr//\000-\377/c;
The -p (more parentheses) option is nice too.
Hope this helps,
Greg
--
The first thing we do, let's kill all the idiots who quote Shakespeare
out of context.
------------------------------
Date: Mon, 21 Aug 2000 18:02:53 GMT
From: "Blair Heuer" <blair@geo-NOSPAM-soft.org>
Subject: regexing html-like tags
Message-Id: <h9eo5.260$D4.10837@newsread1.prod.itd.earthlink.net>
Hello,
I am trying to write a regular expression that is able to parse a
variable for "tags" and return the tag attributes and values. I worked on
this a while to find out what I could come up with via testing things out
and reading perl documentation on regex.
What I currently have:
$template =~ s/\[(\w+)\s+([\w+=\w+\s*]+)\]/replace('tag',$1,$2)/ges;
# replace takes the values and returns what should be displayed for that
tag
# I use [] tags rather than the regular <> to help differentiate
And in replace() I have:
...
my %attr;
my @attr = split( /\s+/, $_[2] );
foreach my $each (@attr) {
my @temp = split( /=/, $each );
$attr{ $temp[0] } = $temp[1];
}
...
Now, that works as long as the tags are simple, like:
[out name=author]
or
[out name=subject limit=20]
But, I would really like to figure out a way to be able to parse tags like:
[out name=status img="online.gif" alt="This is the status"]
or
[out name=message value="This has non alpha-numeric values! ::Gasp::"]
You get the point.
I can't seem to figure how to setup a parse that can handle name=value,
name="value", and name="this is the value". The spaces inbetween qoutes and
having to use . to get all possible values mess me up.
I could parse it like so:
$template =~ s/\[(\w+)\s+(.*?)\]/replace('tag',$1,$2)/ges;
Which would theoretically (not sure how well that would function with two
tags touching { i.e.: [out name=value][out name=value] } ), but then how
would I process the $2 ( $_[2] ) in the replace sub routine in order to get
the name/value pairs into the hash?
I hope I was sufficient enough in explaining what I mean. If not, just ask,
I'll try to elaborate.
Thanks for any help you can give.
-Blair Heuer
------------------------------
Date: Mon, 21 Aug 2000 16:51:51 GMT
From: gbacon@HiWAAY.net (Greg Bacon)
Subject: Re: Search and replace character sections
Message-Id: <sq2nh7hj87v146@corp.supernews.com>
In article <MPG.1406029e32ffb5ab98ac8d@nntp.hpl.hp.com>,
Larry Rosler <lr@hpl.hp.com> wrote:
: Look, Ma, no excessive capturing and copying.
:
: $addr =~ s/@(.+)\./@@{['*' x length $1]}./;
$addr = '".leg@l."@example.com';
Greg
--
The most incomprehensible thing about the universe is that it is
comprehensible.
-- Albert Einstein
------------------------------
Date: Mon, 21 Aug 2000 09:19:11 -0700
From: "James Hunter" <arawn_the_hunter@hotmail.com>
Subject: Template In/File Out
Message-Id: <8nrkj6$l6@gap.cco.caltech.edu>
I'm trying to read in a template file -- basically, something that has a lot
of text I'll be reusing -- and turn it into an actual file. What I'd like
to be able to do is something like:
Include in the template file:
...this results in a net profit of $net_profit dollars...
Set $net_profit = 1000000 (for example) in the script, and print to the
actual file:
...this results in a net profit of 1000000 dollars...
Is there a way to do this? I've checked the docs, and can't find anything.
Thanks,
James Hunter
------------------------------
Date: 21 Aug 2000 16:43:16 GMT
From: Tina Mueller <tina@streetmail.com>
Subject: Re: Template In/File Out
Message-Id: <8nrm74$91fqb$4@ID-24002.news.cis.dfn.de>
hi,
James Hunter <arawn_the_hunter@hotmail.com> wrote:
> I'm trying to read in a template file -- basically, something that has a lot
> of text I'll be reusing -- and turn it into an actual file. What I'd like
> to be able to do is something like:
> Include in the template file:
> ...this results in a net profit of $net_profit dollars...
> Set $net_profit = 1000000 (for example) in the script, and print to the
> actual file:
> ...this results in a net profit of 1000000 dollars...
$text =~ s/\$(\w+)/${$1}/g;
tina
--
http://tinita.de \ enter__| |__the___ _ _ ___
tina's moviedatabase \ / _` / _ \/ _ \ '_(_-< of
search & add comments \ \__,_\___/\___/_| /__/ perception
please don't email unless offtopic or followup is set. thanx
------------------------------
Date: Mon, 21 Aug 2000 17:28:23 +0200
From: Abe Timmerman <abe@ztreet.demon.nl>
Subject: Re: Unpack won't unpack 1A 01 (liitle endian).
Message-Id: <u9i2qs4u363vdo4ii6rtjfhvgcjr0pj39d@4ax.com>
On Mon, 21 Aug 2000 10:35:37 -0400, "Eric" <eric.kort@vai.org> wrote:
> Hello. I am writing a program to manipulate data from tiff graphics files.
> In unpacking the 2-byte "tags" that mark the various data fields within the
> file, I cannot unpack 1A 01 (little endian, = 282 decimal).
>
> Here is the code:
>
> $lookup = read(tiff_file, $vector, 2);
> $tag = unpack("v", $vector);
Works for me:
my $vec = "\x1A\x01";
print "unpack:\n", unpack('v', $vec), "\n";
>
> This works properly for all the tags (mostly numbers between 100 and 300),
> but I get a blank when the tag is 282. Could it be related to the fact that
> the first byte (1A) is the ASCII code for end of file?
>
> So how can I successfully return the number 282 from unpacking 2 bytes of
> binary data?
When you find yourself asking that sort of question, you should check to
see if you binmode()d the file handle correctly.
perldoc -f binmode
--
Good luck,
Abe
------------------------------
Date: Mon, 21 Aug 2000 11:33:04 -0400
From: "Eric" <eric.kort@vai.org>
Subject: Re: Unpack won't unpack 1A 01 (liitle endian).
Message-Id: <8nri2u$21iu$1@msunews.cl.msu.edu>
Ah ha! I had NOT binmode()d correctly. That fixed it. Thanks so much.
Eric
"Abe Timmerman" <abe@ztreet.demon.nl> wrote in message
news:u9i2qs4u363vdo4ii6rtjfhvgcjr0pj39d@4ax.com...
> On Mon, 21 Aug 2000 10:35:37 -0400, "Eric" <eric.kort@vai.org> wrote:
>
> > Hello. I am writing a program to manipulate data from tiff graphics
files.
> > In unpacking the 2-byte "tags" that mark the various data fields within
the
> > file, I cannot unpack 1A 01 (little endian, = 282 decimal).
> >
> > Here is the code:
> >
> > $lookup = read(tiff_file, $vector, 2);
> > $tag = unpack("v", $vector);
>
> Works for me:
>
> my $vec = "\x1A\x01";
> print "unpack:\n", unpack('v', $vec), "\n";
>
> >
> > This works properly for all the tags (mostly numbers between 100 and
300),
> > but I get a blank when the tag is 282. Could it be related to the fact
that
> > the first byte (1A) is the ASCII code for end of file?
> >
> > So how can I successfully return the number 282 from unpacking 2 bytes
of
> > binary data?
>
> When you find yourself asking that sort of question, you should check to
> see if you binmode()d the file handle correctly.
>
> perldoc -f binmode
>
> --
> Good luck,
> Abe
------------------------------
Date: Mon, 21 Aug 2000 10:54:48 -0700
From: Larry Rosler <lr@hpl.hp.com>
Subject: Re: Unpack won't unpack 1A 01 (liitle endian).
Message-Id: <MPG.140b0cc62a5ce15b98acaa@nntp.hpl.hp.com>
In article <8nremk$t0f$1@msunews.cl.msu.edu> on Mon, 21 Aug 2000
10:35:37 -0400, Eric <eric.kort@vai.org> says...
> Hello. I am writing a program to manipulate data from tiff graphics files.
> In unpacking the 2-byte "tags" that mark the various data fields within the
> file, I cannot unpack 1A 01 (little endian, = 282 decimal).
>
> Here is the code:
>
> $lookup = read(tiff_file, $vector, 2);
> $tag = unpack("v", $vector);
>
> This works properly for all the tags (mostly numbers between 100 and 300),
> but I get a blank when the tag is 282. Could it be related to the fact that
> the first byte (1A) is the ASCII code for end of file?
Very likely, if the file is being read as a text file on a Windows/DOS
system.
> So how can I successfully return the number 282 from unpacking 2 bytes of
> binary data?
As you didn't mention binmode(), I assume that you're not using it, but
you should be.
perldoc -f binmode
--
(Just Another Larry) Rosler
Hewlett-Packard Laboratories
http://www.hpl.hp.com/personal/Larry_Rosler/
lr@hpl.hp.com
------------------------------
Date: Mon, 21 Aug 2000 17:06:22 GMT
From: nicros@my-deja.com
Subject: website member admin/authenticate package
Message-Id: <8nrnht$prm$1@nnrp1.deja.com>
I am looking for a free or shareware membership management package that
will be useable for a non-technical person. It would need to control
multiple users via a simple hmtl page (this user will not have root
access), and any other features are a bonus, like any kind of tracking.
It can be either a .htaccess parser/manipulator or deal directly with a
db (mysql is my choice).
Before I reinvent the wheel, does anyone have any suggestions on what is
the best or most standard script/module for this? What is the most
popular, professional, etc.
Thanks!
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Mon, 21 Aug 2000 17:28:57 GMT
From: amonotod <amonotod@netscape.net>
Subject: Re: website member admin/authenticate package
Message-Id: <8nroru$rk0$1@nnrp1.deja.com>
In article <8nrnht$prm$1@nnrp1.deja.com>,
nicros@my-deja.com wrote:
> I am looking for a free or shareware membership management package
> that will be useable for a non-technical person. It would need to
> control multiple users via a simple hmtl page (this user will not
> have root access), and any other features are a bonus, like any
> kind of tracking.
>
> It can be either a .htaccess parser/manipulator or deal directly
> with a db (mysql is my choice).
Netscape Directory Server (LDAP) works great for me. There is
capability builtin for user to self-administrate personal details and
passwords.
http://www.iplanet.com/downloads/download/detail_8_398.html
>
> Before I reinvent the wheel, does anyone have any suggestions on
> what is the best or most standard script/module for this? What is
> the most popular, professional, etc.
Any web server that can integrate with LDAP for authentication can use
the above, but I still prefer Netscape:
http://www.iplanet.com/downloads/download/detail_161_419.html
>
> Thanks!
Sure!
amonotod
--
`\|||/ amonotod@
(@@) netscape.net
ooO_(_)_Ooo________________________________
_____|_____|_____|_____|_____|_____|_____|_____|
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 4083
**************************************
