[16691] in Perl-Users-Digest
Perl-Users Digest, Issue: 4103 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Wed Aug 23 06:10:50 2000
Date: Wed, 23 Aug 2000 03:10:36 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <967025435-v9-i4103@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Wed, 23 Aug 2000 Volume: 9 Number: 4103
Today's topics:
Intercepting STDERR under in95 <sebastien.cottalorda1@libertysurf.fr>
Re: Intercepting STDERR under in95 <graham.wood@iona.com>
Re: Is Perl a good choice for manipulating XML data? <gellyfish@gellyfish.com>
Re: Lotsa difiiculties - need help with my Perl !! reg_exp@my-deja.com
lwp post method matt@NOSPAMcipherdesign.com
Re: MSExcel as data for perl/cgi script <gellyfish@gellyfish.com>
Re: MSExcel as data for perl/cgi script <gellyfish@gellyfish.com>
Re: PLEASE HELP !!! What is wrong with Windows... (Dowe Keller)
Problem accessing CGI.pm <pham@148.123.86.151>
Re: Programming Ethics (Keith Calvert Ivey)
Re: Programming Ethics (Eric Bohlman)
Re: regexing html-like tags <uri@sysarch.com>
Regular expression, $1 in a $variable. <madings@baladi.bmrb.wisc.edu>
Re: Regular expression, $1 in a $variable. (Rafael Garcia-Suarez)
Re: Regular expression, $1 in a $variable. (Neil Kandalgaonkar)
self writing program <stephen@math.missouri.edu>
Re: self writing program (Gwyn Judd)
Re: self writing program (Marcel Grunauer)
Re: self writing program <pdcawley@bofh.org.uk>
Re: self writing program (Rafael Garcia-Suarez)
Re: Sorting by a subfield (WAS: Re: This is my last que <lr@hpl.hp.com>
TextAreas and Security <j-e-b@swbell.net>
Re: TextAreas and Security <timewarp@shentel.net>
Uploading files via post form alonio@my-deja.com
Using Perl to query MS Content Index Server <Roland@psychenet.co.uk>
Using Regular expressions on HTML (was Re: I =?ISO-8859 <gellyfish@gellyfish.com>
Re: write a file in an array <gellyfish@gellyfish.com>
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Wed, 23 Aug 2000 10:15:21 +0100
From: "Sébastien Cottalorda" <sebastien.cottalorda1@libertysurf.fr>
Subject: Intercepting STDERR under in95
Message-Id: <8o015t$2g12$1@news5.isdnet.net>
Hi all,
I'm trying to intercept the STDERR of a DOS command using OPEN(FH,"$command
|") ...
but I didn't manage at yet.
I only get STDOUT --> Nothing in error cases
Does somebody know the way to do that under ActivePerl 5.6 ?
If it's possible, I'd rather not use a temporary file but if it's the only
way ......
Thanks indvance.
Sébastien
------------------------------
Date: Wed, 23 Aug 2000 10:37:13 +0100
From: "Graham Wood" <graham.wood@iona.com>
Subject: Re: Intercepting STDERR under in95
Message-Id: <8o06d4$98m$1@bvweb.iona.com>
Have you tried this?
OPEN(FH,"$command 2>&1|");
Graham
Sébastien Cottalorda <sebastien.cottalorda1@libertysurf.fr> wrote in message
news:8o015t$2g12$1@news5.isdnet.net...
> Hi all,
>
> I'm trying to intercept the STDERR of a DOS command using
OPEN(FH,"$command
> |") ...
> but I didn't manage at yet.
> I only get STDOUT --> Nothing in error cases
>
> Does somebody know the way to do that under ActivePerl 5.6 ?
> If it's possible, I'd rather not use a temporary file but if it's the only
> way ......
>
> Thanks indvance.
>
> Sébastien
>
>
>
------------------------------
Date: 23 Aug 2000 07:04:29 +0100
From: Jonathan Stowe <gellyfish@gellyfish.com>
Subject: Re: Is Perl a good choice for manipulating XML data?
Message-Id: <8nvphd$4qm$1@orpheus.gellyfish.com>
On Tue, 22 Aug 2000 18:35:58 GMT john_s_brown@my-deja.com wrote:
> Yeah. The simple but also at the same time very controversial
> question is this:
I dont think its a particularly controversial question at all.
> Is Perl a good choice for manipulating XML data? So,
> should I start learning Perl or would Java be a better language, for
> example.
>
> Can I handel DOM and SAX with Perl? I know that SAX stands for Simple
> API for XML, but can I use SAX with Perl. And what about DOM?
>
There are a variety of XML modules available from CPAN that cater for a
variety of tastes and appplications. You should be able to find one that
does what you want.
/J\
--
yapc::Europe in assocation with the Institute Of Contemporary Arts
<http://www.yapc.org/Europe/> <http://www.ica.org.uk>
------------------------------
Date: Wed, 23 Aug 2000 06:47:17 GMT
From: reg_exp@my-deja.com
Subject: Re: Lotsa difiiculties - need help with my Perl !!
Message-Id: <8nvs1i$jr3$1@nnrp1.deja.com>
thanks a lot, ppl,
passing the argument to split in the wrong order was a real goof !!
things are working a lot better now with the split working, thanks to a
great newsgroup.
cheers,
-reg_exp
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Wed, 23 Aug 2000 09:53:03 GMT
From: matt@NOSPAMcipherdesign.com
Subject: lwp post method
Message-Id: <39a39ce6.6916625@news.ntlworld.com>
hello all,
i have sucessfully used LWP::UserAgent to submit to search pages, but
i am having problems logging in to a site that requires a name and
password.
I have read LWP, LWP:useragent and lwpcook, but can't find why things
are not working.
my perl looks like this:
#!/usr/bin/perl -w
use strict;
use LWP::UserAgent;
use HTTP::Request::Common qw(POST);
my $ua = LWP::UserAgent->new();
my $req = POST 'http://www.mtnsms.com',
[ username => 'username', password => 'password' ];
$req->content_type('application/x-www-form-urlencoded');
$req->content('match=www&errors=0');
my $content = $ua->request($req)->as_string;
print $content;
and i get a result back that starts with this:
HTTP/1.0 405 Method Not Allowed
any ideas? also, is there any other documentation about this that i
can read? theres only a small section in the perfaq, and the
documentation with LWP seems brief too. (or am i missing something?)
thanks,
matt
------------------------------
Date: 23 Aug 2000 07:13:17 +0100
From: Jonathan Stowe <gellyfish@gellyfish.com>
Subject: Re: MSExcel as data for perl/cgi script
Message-Id: <8nvq1t$4rs$1@orpheus.gellyfish.com>
On Tue, 22 Aug 2000 16:38:10 GMT Peter B. Ensch wrote:
> I have a project where I need to write a perl CGI script that
> reads from and and outputs data contained in an Excel spreadsheet.
>
> I've done this before using a .csv file, but this time the sp/sheet
> contains hyperlinks and cell-background coloring - neither of
> which is dumped to CSV, and both need to be reproduced in my output.
>
> I don't think I can use the Win32::OLE module because the cgi
> script needs to run on a UNIX server.
>
> Any ideas? I'm thinking of using for my raw input, the HTML that
> Excel can generate (Save As HTML). This would be a lot tougher
> to parse, but would at least contain the data, hyperlinks, and
> coloring I need.
>
Not really if you use HTML::Parser although Excel is not exactly renowned
for producing entirely compliant HTML. You might also want to examine
whether the module OLE::Storage can do what you want as this is designed
for doing this kind of stuff.
/J\
--
yapc::Europe in assocation with the Institute Of Contemporary Arts
<http://www.yapc.org/Europe/> <http://www.ica.org.uk>
------------------------------
Date: 23 Aug 2000 07:17:56 +0100
From: Jonathan Stowe <gellyfish@gellyfish.com>
Subject: Re: MSExcel as data for perl/cgi script
Message-Id: <8nvqak$4s9$1@orpheus.gellyfish.com>
On Tue, 22 Aug 2000 16:38:10 GMT Peter B. Ensch wrote:
> I have a project where I need to write a perl CGI script that
> reads from and and outputs data contained in an Excel spreadsheet.
Oh, I forgot to mention that you might want to look at the Gnumeric
spreadsheet program as this reads in Excel files and has an XML output
format (among others) - I believe that you can automate it via CORBA::ORBit,
though I havent tried.
/J\
--
yapc::Europe in assocation with the Institute Of Contemporary Arts
<http://www.yapc.org/Europe/> <http://www.ica.org.uk>
------------------------------
Date: 22 Aug 2000 23:43:39 -0700
From: dowe@krikkit.localdomain (Dowe Keller)
Subject: Re: PLEASE HELP !!! What is wrong with Windows...
Message-Id: <slrn8q6t4g.9id.dowe@localhost.localdomain>
On Tue, 22 Aug 2000 20:27:36 GMT, comet999 <comet999@my-deja.com> wrote:
>Hi,
>
>I'm using the following code to dump the contents of a db ("cats.db")
>and running into problems. The code works just fine on Unix. But, when
>I try the same code on Windows NT the output is blank as if there were
>no records in the database. On unix this code prints 4 records.
>
>I'm using ActivePerl on Windows NT.
>
>Can someone shed some light please. Thanks.
>
>***********************************************************************
>use AnyDBM_File;
>
>%cats = &readdatabase("h:\data\cats");
Make that:
%cats = &readdatabase("h:\\data\\cats");
Perl was looking for:
h:datacats which probably isn't what you wanted.
I had this very same problem in a C prog I was working on mumble
days ago. we can partly blame Microsoft for stupidly choosing
the '\' character to show directory hierarchy.
--
dowe@sierratel.com http://www.sierratel.com/dowe
------------------------------
Date: Wed, 23 Aug 2000 09:49:42 +0200
From: Pham <pham@148.123.86.151>
Subject: Problem accessing CGI.pm
Message-Id: <39A38216.16EFB043@148.123.86.151>
Hi
My Perl script works fine under Linux but when moving it onto a
Solaris server I have trouble running the script because problem with
accessing CGI.pm. It can't see CGI.pm even though the module is on the
system. So I wonder if there is any config. files or variables on the
system that should be reconfigured?
Thanks for help.
Perl Amateur
------------------------------
Date: Wed, 23 Aug 2000 03:22:34 GMT
From: kcivey@cpcug.org (Keith Calvert Ivey)
Subject: Re: Programming Ethics
Message-Id: <39a341cc.1690815@news.newsguy.com>
stevel@bluetuna.com (Steve Leibel) wrote:
>ebohlman@netcom.com (Eric Bohlman) wrote:
>> Keith Calvert Ivey (kcivey@cpcug.org) wrote:
>> : Jason Maggard <jmaggard@va.mediaone.net> wrote:
>> : >The ethics of this really are not your concern, as programmers,
>> : >we supply information and methods of dealing with it.
>> :
>> : "Once ze rockets go up, who cares vhere zey come down? Zat's
>> : not my department, says Wernher von Braun."
>>
>Credit where credit's due, isn't that a Tom Lehrer lyric?
Perhaps we should add footnotes with references on the Spanish
Inquisition thread. After all, we wouldn't want to be accused
of stealing credit from Monty Python. The comment loses most of
its entertainment value if the reader doesn't already recognize
it as part of the Lehrer song.
--
Keith C. Ivey <kcivey@cpcug.org>
Washington, DC
------------------------------
Date: 23 Aug 2000 04:47:30 GMT
From: ebohlman@netcom.com (Eric Bohlman)
Subject: Re: Programming Ethics
Message-Id: <8nvl12$g2g$4@slb2.atl.mindspring.net>
Keith Calvert Ivey (kcivey@cpcug.org) wrote:
: stevel@bluetuna.com (Steve Leibel) wrote:
: >Credit where credit's due, isn't that a Tom Lehrer lyric?
:
: Perhaps we should add footnotes with references on the Spanish
: Inquisition thread. After all, we wouldn't want to be accused
: of stealing credit from Monty Python. The comment loses most of
: its entertainment value if the reader doesn't already recognize
: it as part of the Lehrer song.
And it's not as if anyone is going to assume that the OP let no one else's
work evade his eyes, remembered why the Good Lord made his eyes, didn't
shade his eyes, etc. and then called it, please, "research."
------------------------------
Date: Wed, 23 Aug 2000 05:04:06 GMT
From: Uri Guttman <uri@sysarch.com>
Subject: Re: regexing html-like tags
Message-Id: <x7hf8ctvp5.fsf@home.sysarch.com>
>>>>> "BH" == Blair Heuer <blair@geo-NOSPAM-soft.org> writes:
BH> Yours on the other hand was completely useless (the skeleton
BH> script. I did not bother to try out the other because a) Larry
BH> Rosler's code was working just fine {modified, but, and I
BH> paraphrase, why would I expect it to be perfectly tailored (aka on
BH> a silver platter) and b) I don't like you. )
just when will moronzilla realize that b) is the operative mode for all
regulars here but herself? after months of trolling, she has not a
single friend here and less than zero respect for her or her perl
skills. this will go on for years and she will never get it. i am
leaning more and more to just ignoring her posts but too many newbies
get suckered in and need guidance in avoiding her. maybe we should just
form a group for her like alt.perl.godzilla.is.stupid and stash her
there to attract the clueless.
uri
--
Uri Guttman --------- uri@sysarch.com ---------- http://www.sysarch.com
SYStems ARCHitecture, Software Engineering, Perl, Internet, UNIX Consulting
The Perl Books Page ----------- http://www.sysarch.com/cgi-bin/perl_books
The Best Search Engine on the Net ---------- http://www.northernlight.com
------------------------------
Date: 23 Aug 2000 07:49:09 GMT
From: Steve Mading <madings@baladi.bmrb.wisc.edu>
Subject: Regular expression, $1 in a $variable.
Message-Id: <8nvvll$kja$1@news.doit.wisc.edu>
Okay, I've got a weird problem here:
If I do this:
$searchfor = '([0-9]+)\.txt';
$replacewith = '$1-num-text';
$str =~ s/$searchfor/$replacewith/eg;
I want it to work the same as this:
$str =~ s/([0-9]+)\.txt/$1-num-text/eg;
But it doesn't. I think the problem is the $1 in the
string. It's only being evaled once, so the $1 is coming
out literally in the replacement instead of evaled as the
first parenthesized match.
How do I change the code to make this work the way I want?
The reason I'm trying to do this is that I'm trying to
have my program read some config file that tells it what
the search and replace patterns are. This means they can't
be hardcoded into the perl code.
One thing I've thought of that would work, but it's really
slow, is to write the config file as actual perl syntax,
and then eval() the statements in it.
--
-- ------------------------------------------------------------------
Steven L. Mading at BioMagResBank (BMRB). UW-Madison
Programmer/Analyst/(acting SysAdmin) mailto:madings@bmrb.wisc.edu
B1108C, Biochem Addition / 433 Babcock Dr / Madison, WI 53706-1544
------------------------------
Date: Wed, 23 Aug 2000 08:53:34 GMT
From: rgarciasuarez@free.fr (Rafael Garcia-Suarez)
Subject: Re: Regular expression, $1 in a $variable.
Message-Id: <slrn8q74j7.dsi.rgarciasuarez@rafael.kazibao.net>
Steve Mading wrote in comp.lang.perl.misc:
>
>Okay, I've got a weird problem here:
>If I do this:
>
> $searchfor = '([0-9]+)\.txt';
> $replacewith = '$1-num-text';
> $str =~ s/$searchfor/$replacewith/eg;
>
>I want it to work the same as this:
>
> $str =~ s/([0-9]+)\.txt/$1-num-text/eg;
>
>But it doesn't. I think the problem is the $1 in the
>string. It's only being evaled once, so the $1 is coming
>out literally in the replacement instead of evaled as the
>first parenthesized match.
In fact $1 is never evaluated, it appears in a single-quoted string.
Try the following:
$str =~ s/$searchfor/eval qq("$replacewith")/eg;
Note also that eval'uating untrusted data may lead to security issues.
Make sure that your config file is not writable by any untrusted users.
--
Rafael Garcia-Suarez
------------------------------
Date: Wed, 23 Aug 2000 09:01:53 GMT
From: neil@brevity.org (Neil Kandalgaonkar)
Subject: Re: Regular expression, $1 in a $variable.
Message-Id: <8o03gm$ac8$1@localhost.localdomain>
In article <8nvvll$kja$1@news.doit.wisc.edu>,
Steve Mading <madings@baladi.bmrb.wisc.edu> wrote:
>If I do this:
>
> $searchfor = '([0-9]+)\.txt';
By the way, [0-9] can be changed to \d there.
> $replacewith = '$1-num-text';
> $str =~ s/$searchfor/$replacewith/eg;
>
>I want it to work the same as this:
>
> $str =~ s/([0-9]+)\.txt/$1-num-text/eg;
I don't think that's what you want. perl would think the replacement was
the results of evaluating $1 minus num() minus text(). You probably meant
that not to have an e.
How about this:
$replacewith = '"$1-num-text"';
$str =~ s/$searchfor/$replacewith/eeg;
>How do I change the code to make this work the way I want?
>The reason I'm trying to do this is that I'm trying to
>have my program read some config file that tells it what
>the search and replace patterns are.
Sure. You don't have to put the "" in the config file, just stick
them on as they are read in. For replace strings which don't use
backreferences, a double eval should be harmless.
If you use those $searchfor entries many times during execution,
consider using qr// to cache the regex. See man perlop.
--
Neil Kandalgaonkar <neil@brevity.org>
------------------------------
Date: Wed, 23 Aug 2000 05:01:13 GMT
From: Stephen Montgomery-Smith <stephen@math.missouri.edu>
Subject: self writing program
Message-Id: <39A35A98.24D8538E@math.missouri.edu>
I wanted to write a program in perl that when invoked
prints out a copy of exactly itself.
The shortest I could come up with was:
$_='$_=X;s/X/\x27$_\x27/;print
';s/X/\x27$_\x27/;print
Has anyone come up with anything shorter?
(Is this a FAQ?)
--
Stephen Montgomery-Smith
stephen@math.missouri.edu
http://www.math.missouri.edu/~stephen
------------------------------
Date: Wed, 23 Aug 2000 05:24:37 GMT
From: tjla@guvfybir.qlaqaf.bet (Gwyn Judd)
Subject: Re: self writing program
Message-Id: <slrn8q6o71.10j.tjla@thislove.dyndns.org>
I was shocked! How could Stephen Montgomery-Smith <stephen@math.missouri.edu>
say such a terrible thing:
>I wanted to write a program in perl that when invoked
>prints out a copy of exactly itself.
>
>The shortest I could come up with was:
>
>$_='$_=X;s/X/\x27$_\x27/;print
>';s/X/\x27$_\x27/;print
This is shorter:
#!/usr/bin/perl -w -p
(run it as perl quine.pl quine.pl)
Hope that helps.
--
Gwyn "one born every minute" Judd
(print `echo 'tjla@guvfybir.qlaqaf.bet' | rot13`)
Get Revenge! Live long enough to be a problem for your children!
------------------------------
Date: Wed, 23 Aug 2000 08:35:00 GMT
From: marcel@codewerk.com (Marcel Grunauer)
Subject: Re: self writing program
Message-Id: <slrn8q7347.16i.marcel@gandalf.local>
On Wed, 23 Aug 2000 05:01:13 GMT, Stephen Montgomery-Smith
<stephen@math.missouri.edu> wrote:
>I wanted to write a program in perl that when invoked
>prints out a copy of exactly itself.
[...]
>Has anyone come up with anything shorter?
open+0;print<0>
>(Is this a FAQ?)
Maybe it should be one...
--
Marcel Gr\"unauer - Codewerk plc . . . . . . . . . . . <http://www.codewerk.com>
Perl Consulting, Programming, Training, Code review . . . <marcel@codewerk.com>
mod_perl, XML solutions - email for consultancy availability
sub AUTOLOAD{($_=$AUTOLOAD)=~s;^.*::;;;y;_; ;;print} Just_Another_Perl_Hacker();
------------------------------
Date: 23 Aug 2000 09:37:40 +0100
From: Piers Cawley <pdcawley@bofh.org.uk>
Subject: Re: self writing program
Message-Id: <m1bsyks78r.fsf@rt158.private.realtime.co.uk>
tjla@guvfybir.qlaqaf.bet (Gwyn Judd) writes:
> I was shocked! How could Stephen Montgomery-Smith <stephen@math.missouri.edu>
> say such a terrible thing:
> >I wanted to write a program in perl that when invoked
> >prints out a copy of exactly itself.
> >
> >The shortest I could come up with was:
> >
> >$_='$_=X;s/X/\x27$_\x27/;print
> >';s/X/\x27$_\x27/;print
>
> This is shorter:
>
> #!/usr/bin/perl -w -p
>
> (run it as perl quine.pl quine.pl)
>
> Hope that helps.
Shortest perl program that outputs itself is: ''
It's also the shortest sh,python,java,... program.
Degenerate cases, I love 'em.
--
Piers
'063039183598121887134041122600:1917131105:Jaercunrlkso tPh.'=~/^(.{6})*
(.{6})[^:]*:(..)*(..).*:(??{'.{'.$2%$4.'}'})(.)(??{print$5})/x;print"\n"
------------------------------
Date: Wed, 23 Aug 2000 09:10:23 GMT
From: rgarciasuarez@free.fr (Rafael Garcia-Suarez)
Subject: Re: self writing program
Message-Id: <slrn8q75io.e03.rgarciasuarez@rafael.kazibao.net>
Stephen Montgomery-Smith wrote in comp.lang.perl.misc:
>I wanted to write a program in perl that when invoked
>prints out a copy of exactly itself.
>
>The shortest I could come up with was:
>
>$_='$_=X;s/X/\x27$_\x27/;print
>';s/X/\x27$_\x27/;print
>
>Has anyone come up with anything shorter?
Some time ago, the following was posted here:
open 0;print<0>
The main advantage of this program is that it lets you learn something
about open. (see perlfunc...)
--
Rafael Garcia-Suarez
------------------------------
Date: Tue, 22 Aug 2000 22:05:15 -0700
From: Larry Rosler <lr@hpl.hp.com>
Subject: Re: Sorting by a subfield (WAS: Re: This is my last question, I swear!!!!!!!!!!)
Message-Id: <MPG.140cfb6afebcef1098acc5@nntp.hpl.hp.com>
In article <8nv28o$nao$1@nnrp1.deja.com>, pape_98@my-deja.com says...
> Thank you guys this all very helpfull.
> Now my problem is that I might end up having to sort more than one
> field. By this I mean that I would have to do something like this:
>
> for ($i=0; $i <= $#lines; $i++) {
> @names = split(/,/,$lines[$i]);
> Once the lines would have been broken down (into 6 sections), how (if I
> can) do I go about sorting both fields; the first by letter and the
> second by numbers in increasing number.
This is discussed in the Perl documentation:
perldoc -f sort
perldoc -q sort
and in our paper on sorting techniques (which includes other
references):
http://www.hpl.hp.com/personal/Larry_Rosler/sort/
> I'm sorry if I seem to be dragging this discussion into eternity, but
> this is all new to me; and not as easy to soak in.
You will have to do some reading, and some playing with simple examples.
> PS: Larry, couldn't do newsgroup style because I wasn't responding to
> your points; But you've been very helpful.
If there is nothing to quote, quote nothing, not everything.
> Thanks again,
You're welcome. Now go and learn.
<SNIP of previous article, quoted in its entirety>
--
(Just Another Larry) Rosler
Hewlett-Packard Laboratories
http://www.hpl.hp.com/personal/Larry_Rosler/
lr@hpl.hp.com
------------------------------
Date: Wed, 23 Aug 2000 01:14:31 -0500
From: Eric Benson <j-e-b@swbell.net>
Subject: TextAreas and Security
Message-Id: <39A36BC7.4041262F@swbell.net>
I have a Perl book that has the following quotes:
"...it would be relatively simple for a visitor...to crank up a file
transfer and dump a few megabytes of garbage (into a Text of TextArea
input field)."
The book goes on to say that this could crash my web server. Or, at the
least, it would hog disk space, and my Perl program would email all of
this garbage to the address of whoever the perpetrator entered in the
email address field.
Of course, the Text tag in HTML has a MAXLENGTH attribute which will
prevent this. However, the TextArea tag does not have a MAXLENGH
attribute. About this, the book I have says:
"You'll fall back on a second line of defense for (preventing transfer
of huge amounts of data via a TextArea field): the Perl-CGI script
itself."
Here's the good part - the book NEVER says anything further about this
subject. It does not show how to use Perl to prevent this. I have
searched numerous FAQs and this newsgroup, and could find nothing on the
subject.
My questions are:
1) Is this true? Could someone send a large file to my Perl script via
a Text or TextArea field?
2) I currently have a routine to check for any characters that could be
used to enter system commands or HTML code into a Text or TextArea field
(i.e., [;<>%\*`|]). The code is:
for($n = 0; @in[$n]; $n++)
{
($dummy, $temp) = split(/=/, @in[$n]);
$temp =~ tr/+/ /;
$temp=~ s/%([\ dA-Fa-f][\ dA-Fa-f])/
pack ("C", hex ($1))/eg;
if ($temp =~ /[;<>%\*`|]/)
{
#The error message goes here.
}
@in[$n] = $temp;
}
If the answer to 1) above is "yes", will this prevent that from being
done with a TextArea field?
3) If the above code would not secure against an action like this, how
can it be prevented and/or dealt with?
Thanks,
Eric Benson
--
Be just...fear not.
------------------------------
Date: Wed, 23 Aug 2000 02:41:37 -0400
From: Albert Dewey <timewarp@shentel.net>
Subject: Re: TextAreas and Security
Message-Id: <39A37221.56A8B2BD@shentel.net>
$CGI::POST_MAX=1024 * 450;
This will limit the max size that Perl will process in a single form
submission to 450K in size. Adjust the number to suit your needs.
Albert Dewey
Eric Benson wrote:
> I have a Perl book that has the following quotes:
>
> "...it would be relatively simple for a visitor...to crank up a file
> transfer and dump a few megabytes of garbage (into a Text of TextArea
> input field)."
>
> The book goes on to say that this could crash my web server. Or, at the
> least, it would hog disk space, and my Perl program would email all of
> this garbage to the address of whoever the perpetrator entered in the
> email address field.
>
> Of course, the Text tag in HTML has a MAXLENGTH attribute which will
> prevent this. However, the TextArea tag does not have a MAXLENGH
> attribute. About this, the book I have says:
>
> "You'll fall back on a second line of defense for (preventing transfer
> of huge amounts of data via a TextArea field): the Perl-CGI script
> itself."
>
> Here's the good part - the book NEVER says anything further about this
> subject. It does not show how to use Perl to prevent this. I have
> searched numerous FAQs and this newsgroup, and could find nothing on the
> subject.
>
> My questions are:
>
> 1) Is this true? Could someone send a large file to my Perl script via
> a Text or TextArea field?
>
> 2) I currently have a routine to check for any characters that could be
> used to enter system commands or HTML code into a Text or TextArea field
> (i.e., [;<>%\*`|]). The code is:
>
> for($n = 0; @in[$n]; $n++)
> {
> ($dummy, $temp) = split(/=/, @in[$n]);
> $temp =~ tr/+/ /;
> $temp=~ s/%([\ dA-Fa-f][\ dA-Fa-f])/
> pack ("C", hex ($1))/eg;
> if ($temp =~ /[;<>%\*`|]/)
> {
> #The error message goes here.
> }
>
> @in[$n] = $temp;
> }
>
> If the answer to 1) above is "yes", will this prevent that from being
> done with a TextArea field?
>
> 3) If the above code would not secure against an action like this, how
> can it be prevented and/or dealt with?
>
> Thanks,
>
> Eric Benson
> --
> Be just...fear not.
------------------------------
Date: Wed, 23 Aug 2000 07:21:31 GMT
From: alonio@my-deja.com
Subject: Uploading files via post form
Message-Id: <8nvu1i$m9c$1@nnrp1.deja.com>
I know how to make the form for uploading a file:
<FORM ENCTYPE="multipart/form_data" METHOD="post" ...>
...
<INPUT TYPE=file ...>
...
</FORM>
BUT I don't know how to receive the data in a cgi perl script.
I tried the <STDIN> or the 'QUERY_STING' but didn't succeed.
Can you help?
Alon. (alonk@msil.sps.mot.com)
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Wed, 23 Aug 2000 10:39:43 +0100
From: "Roland Corbet" <Roland@psychenet.co.uk>
Subject: Using Perl to query MS Content Index Server
Message-Id: <39a39bac.0@news.myratech.net>
I have to reasearch if it is possible to query the indexes produced by
Microsoft Content Index Server using Perl. I have seen some exaples of this
in ASP, and so wondered if Perl was capable of doing it.
Maybe Win32::OLE is the way to go?
The main thing we want to be able to do is get Perl to be able to process
the results that are returned from the search.
If anyone has any ideas or pointers on this topic, then I would be very
grateful.
Many thanks in anticipation of your help.
Regards
Roland
------------------------------
Date: 23 Aug 2000 07:34:21 +0100
From: Jonathan Stowe <gellyfish@gellyfish.com>
Subject: Using Regular expressions on HTML (was Re: I =?ISO-8859-1?Q?haven=B4t?= exleined the problem clearly)
Message-Id: <8nvr9d$4t8$1@orpheus.gellyfish.com>
On Tue, 22 Aug 2000 13:45:43 +0200 Paulino wrote:
> I need to change the table where is the program2.gif text by a table with
> other tags.
>
> <table>
> ..
> <table>
> ..
> <table>
> ..
> <td>program2.gif</td>
> ..
> </table>
> ..
> </table>
> ..
> </table>
>
>
> If i aply the Regular Expresion
> 's/<table>.*?program2.gif.*?\/table>/$tablenew/igs' i get it next:
>
> <newtable>
> <td>program3.gif</td>
> ..
> </newtable>
> ..
> </table>
> ..
> </table>
>
> and i have lost the first part of the original text.
>
You need to use parentheses to capture the parts you dont want to lose and
replace them (using $1, $2 etc ) in the RHS of the substitution - read
the perlre manpage for more on that matter. However you might find it more
efficacious to use the module HTML::Parser to do this sort of stuff -
search on Deja News (http://www.deja.com/home_ps.shtml> for posts by
myself and others on the subject.
/J\
--
yapc::Europe in assocation with the Institute Of Contemporary Arts
<http://www.yapc.org/Europe/> <http://www.ica.org.uk>
------------------------------
Date: 23 Aug 2000 08:08:34 +0100
From: Jonathan Stowe <gellyfish@gellyfish.com>
Subject: Re: write a file in an array
Message-Id: <8nvt9i$51g$1@orpheus.gellyfish.com>
On Tue, 22 Aug 2000 13:16:29 GMT Scott Kirk wrote:
> In article <39A24AF5.3B7A9862@yahoo.es>,
> Javier Hijas <jhijas@yahoo.es> wrote:
>
>> > Can you tell me a nice way to copy an entire file in an array?
>>
>> Ok, I already found a fancy way!!:
>>
>> while (<FILE>) {
>> push @file,$_;
>> }
>
> Yes. But _why_ would you want to do it this way?
>
Memory consumption. In crude tests I find that the push() method uses
about 20% less memory for a file of ~400k - this might become extremely
significant for a large file. I would imagine that the reason for this
is that the array slurp must build the entire list before assigning it
to the array though I can't be arsed to look at the source right now
to find out.
Oh what the hell Let's Benchmark !
Benchmark: timing 100 iterations of Push, Slurp...
Push: 9 wallclock secs ( 8.82 usr + 0.21 sys = 9.03 CPU) @ 11.07/s (n=100)
Slurp: 9 wallclock secs ( 8.15 usr + 0.24 sys = 8.39 CPU) @ 11.92/s (n=100)
Not a great deal in it really - I think the memory considerations will
outweigh the speed of execution for most likely applications.
#!/usr/bin/perl -w
use strict;
use Benchmark;
my $file = '/home/gellyfish/.cpan/sources/modules/02packages.details.txt';
sub push_while
{
open(FILE,$file) || die "Can't open $file - $!\n";
my @file;
push @file,$_ while (<FILE>);
close FILE;
}
sub slurp_array
{
open(FILE,$file) || die "Can't open $file - $!\n";
my @file;
@file = <FILE>;
close FILE;
}
timethese(100, {
Push => \&push_while,
Slurp => \&slurp_array
});
/J\
--
yapc::Europe in assocation with the Institute Of Contemporary Arts
<http://www.yapc.org/Europe/> <http://www.ica.org.uk>
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 4103
**************************************
