[16759] in Perl-Users-Digest
Perl-Users Digest, Issue: 4171 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Tue Aug 29 21:15:53 2000
Date: Tue, 29 Aug 2000 18:15:27 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <967598127-v9-i4171@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Tue, 29 Aug 2000 Volume: 9 Number: 4171
Today's topics:
Regexp help required marty_t@my-deja.com
Re: Regexp help required <hmerrill@my-deja.com>
Re: Regexp help required marty_t@my-deja.com
Re: Regexp help required <dietmar.staab@t-online.de>
Re: Regexp help required <lr@hpl.hp.com>
Re: REQ is there a script .... <stephenk@cc.gatech.edu>
Re: REQ is there a script .... <timewarp@shentel.net>
Re: REQ is there a script .... <lr@hpl.hp.com>
Re: selling perl to management (Ilya Zakharevich)
Some book review info (was: REQ is there a script ....) <lauren_smith13@hotmail.com>
Re: The Hacker signature disciplin <elephant@squirrelgroup.com>
Re: TMTOWTDI - but how best to do this ?? <abe@ztreet.demon.nl>
Trouble Reading From Database File... (Captain Ginyu)
Re: turn characters into meta characters <elephant@squirrelgroup.com>
Re: turn characters into meta characters <lr@hpl.hp.com>
Re: Unclosed HTML Tags <elephant@squirrelgroup.com>
Re: Use Mail:Sender with Use CGI. (brian d foy)
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Tue, 29 Aug 2000 22:52:30 GMT
From: marty_t@my-deja.com
Subject: Regexp help required
Message-Id: <8oher5$fjp$1@nnrp1.deja.com>
Hi,
I'm a novice Perl CGI programmer wishing to learn more about regexp'ing.
Am I right in saying that if I remove all occurances of ";" from a user
input, my CGI will be safe from haveful data?
Secondly, can anyone explain how to write a regexp to do this. (Untaint)
Thirdly and more helpfully, can anyone spend a little time and post a
bit of text on explaining how to write regexp's.
I am a good programmer of other languages, but have not come across
this regexp format.
Any help would be appreciated.
Thanks
Marty
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Tue, 29 Aug 2000 22:18:33 GMT
From: Hardy Merrill <hmerrill@my-deja.com>
Subject: Re: Regexp help required
Message-Id: <8ohcr5$d5q$1@nnrp1.deja.com>
In article <8ohajc$aan$1@nnrp1.deja.com>,
marty_t@my-deja.com wrote:
> Hi,
>
> I am a NOVICE Perl CGI programmer trying to learn more about regular
> expressions and untainting.
>
> I was wondering if removing the ";" from a user input was enough to
> stop malicious commands being executed. (Untainting)
>
> As far as I can understand the ";" is a command "breaker" allowing
> everything after it to be run seperately, am I right? So removing this
> from a string will not executed the bad command.
>
> Secondly, can anyone help me out with writing a regexp that will do
> this task. Or even better, give me a quick explaination of how to
write
> regular expressions.
>
> I've checked the perlsec docs, but it didn't help me much.
There are lots of things besides the semi-colon that you'll want to
check for - "perldoc perlsec" has a lot of good info - but here is some
code to check for a semi-colon:
--------------------
#!/usr/bin/perl -wT
#
use strict;
my $a = "abc; def";
if ($a =~ /;/) {
print "Found the semi-colon in string $a.\n";
}
else {
print "No semi-colon found in string $a.\n";
}
------------------------
This should work for you. It also works if you escape the semi-colon in
the regular expression - like this "$a =~ /\;/)"
HTH.
--
Hardy Merrill
Mission Critical Linux
http://www.missioncriticallinux.com
>
> Many thanks,
>
> Marty T
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Tue, 29 Aug 2000 23:00:03 GMT
From: marty_t@my-deja.com
Subject: Re: Regexp help required
Message-Id: <8ohf97$g0u$1@nnrp1.deja.com>
Thanks for this, but can anyone tell me how to write regular
expressions please.
Although this is very useful.
I know that I have to use the $1 and put the expression in braces ()
Like
$data =~ (/;/);
$data = $1;
Is that right?
God am I clueless or what?
Thanks in advance.
Marty
In article <8ohcr5$d5q$1@nnrp1.deja.com>,
Hardy Merrill <hmerrill@my-deja.com> wrote:
> In article <8ohajc$aan$1@nnrp1.deja.com>,
> marty_t@my-deja.com wrote:
> > Hi,
> >
> > I am a NOVICE Perl CGI programmer trying to learn more about regular
> > expressions and untainting.
> >
> > I was wondering if removing the ";" from a user input was enough to
> > stop malicious commands being executed. (Untainting)
> >
> > As far as I can understand the ";" is a command "breaker" allowing
> > everything after it to be run seperately, am I right? So removing
this
> > from a string will not executed the bad command.
> >
> > Secondly, can anyone help me out with writing a regexp that will do
> > this task. Or even better, give me a quick explaination of how to
> write
> > regular expressions.
> >
> > I've checked the perlsec docs, but it didn't help me much.
>
> There are lots of things besides the semi-colon that you'll want to
> check for - "perldoc perlsec" has a lot of good info - but here is
some
> code to check for a semi-colon:
> --------------------
> #!/usr/bin/perl -wT
> #
>
> use strict;
>
> my $a = "abc; def";
>
> if ($a =~ /;/) {
> print "Found the semi-colon in string $a.\n";
> }
> else {
> print "No semi-colon found in string $a.\n";
> }
> ------------------------
>
> This should work for you. It also works if you escape the semi-colon
in
> the regular expression - like this "$a =~ /\;/)"
>
> HTH.
>
> --
> Hardy Merrill
> Mission Critical Linux
> http://www.missioncriticallinux.com
>
> >
> > Many thanks,
> >
> > Marty T
> >
> > Sent via Deja.com http://www.deja.com/
> > Before you buy.
> >
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Wed, 30 Aug 2000 02:02:18 +0100
From: "Dietmar Staab" <dietmar.staab@t-online.de>
Subject: Re: Regexp help required
Message-Id: <8ohj2f$nrd$18$1@news.t-online.com>
In article <8ohf97$g0u$1@nnrp1.deja.com>, marty_t@my-deja.com wrote:
> Thanks for this, but can anyone tell me how to write regular expressions
> please.
perls documentation is your source
perldoc perlre
give's all you need to write regular expressions. ;-)
D.
------------------------------
Date: Tue, 29 Aug 2000 17:34:57 -0700
From: Larry Rosler <lr@hpl.hp.com>
Subject: Re: Regexp help required
Message-Id: <MPG.1415f687376e7f3998acfc@nntp.hpl.hp.com>
In article <8ohj2f$nrd$18$1@news.t-online.com> on Wed, 30 Aug 2000
02:02:18 +0100, Dietmar Staab <dietmar.staab@t-online.de> says...
> In article <8ohf97$g0u$1@nnrp1.deja.com>, marty_t@my-deja.com wrote:
> > Thanks for this, but can anyone tell me how to write regular expressions
> > please.
>
> perls documentation is your source
>
> perldoc perlre
>
> give's all you need to write regular expressions. ;-)
I hope the smiley is because you realize how bad that advice is. It is
truly sadistic to suggest that one learn about regular expressions from
perlre, which is a reference manual, not a tutorial.
There are excellent Perl tutorials on the Web that include regular
expressions.
The best source is the book 'Mastering Regular Expressions' by Friedl,
which doesn't cover the latest Perl enhancements (see perlre for that),
but is nevertheless quite helpful.
--
(Just Another Larry) Rosler
Hewlett-Packard Laboratories
http://www.hpl.hp.com/personal/Larry_Rosler/
lr@hpl.hp.com
------------------------------
Date: Tue, 29 Aug 2000 19:30:48 -0400
From: Stephen Kloder <stephenk@cc.gatech.edu>
Subject: Re: REQ is there a script ....
Message-Id: <39AC47A8.F9A2EFDE@cc.gatech.edu>
Sven wrote:
> Is there a script that display number of days since a (in script)
> given date ?
>
>
perldoc -f localtime
perldoc Time::Local
--
Stephen Kloder | "I say what it occurs to me to say.
stephenk@cc.gatech.edu | More I cannot say."
Phone 404-874-6584 | -- The Man in the Shack
ICQ #65153895 | be :- think.
------------------------------
Date: Tue, 29 Aug 2000 19:29:45 -0400
From: Albert Dewey <timewarp@shentel.net>
Subject: Re: REQ is there a script ....
Message-Id: <39AC4769.31D141DB@shentel.net>
Sven wrote:
> Is there a script that display number of days since a (in script)
> given date ?
>
> (For display in webpage via SSI-tag).
>
> Regards,
> Sven
Not to give you a hard time here but most beginner books on Perl have
this as an example in them, probably next in frequency to printing
"Hello World." Pony up the $25 or so that a good beginner book will run
you and you will have a lot of really useful info at your fingertips in
the bargain.
Albert Dewey
--
@i = ('a' .. 'z', 'A' .. 'Z', ' ');
print "$i[35]$i[20]$i[18]$i[19]$i[52]$i[26]$i[13]$i[14]";
print "$i[19]$i[7]$i[4]$i[17]$i[52]$i[41]$i[4]$i[17]";
print "$i[11]$i[52]$i[33]$i[0]$i[2]$i[10]$i[4]$i[17]";
------------------------------
Date: Tue, 29 Aug 2000 17:06:24 -0700
From: Larry Rosler <lr@hpl.hp.com>
Subject: Re: REQ is there a script ....
Message-Id: <MPG.1415efda6003204498acfa@nntp.hpl.hp.com>
In article <643oqscnpbte3l2ac5fj9p0r0fbvjvuv13@4ax.com> on Tue, 29 Aug
2000 19:29:32 GMT, Sven <sven-s@hushmail.com> says...
>
> Is there a script that display number of days since a (in script)
> given date ?
perlfaq4: "How can I compare two dates and find the difference?"
--
(Just Another Larry) Rosler
Hewlett-Packard Laboratories
http://www.hpl.hp.com/personal/Larry_Rosler/
lr@hpl.hp.com
------------------------------
Date: 29 Aug 2000 23:38:44 GMT
From: ilya@math.ohio-state.edu (Ilya Zakharevich)
Subject: Re: selling perl to management
Message-Id: <8ohhi4$rif$1@charm.magnus.acs.ohio-state.edu>
[A complimentary Cc of this posting was sent to Abigail
<abigail@foad.org>],
who wrote in article <slrn8qo3bo.bbg.abigail@alexandra.foad.org>:
> That's the most idiotic attitude to the problem of Perl breaking code
> I've ever heard off.
> "" that most likely wouldn't be defined by a standard anyway. But I do take
>
> Then it isn't a standard.
Using your own words, "That's the most idiotic attitude to" standards
etcetcetc. If everything that "works" (=compiles) is defined, then
the language is dead.
Ilya
------------------------------
Date: Tue, 29 Aug 2000 17:08:46 -0700
From: "Lauren Smith" <lauren_smith13@hotmail.com>
Subject: Some book review info (was: REQ is there a script ....)
Message-Id: <8ohj6j$vpf$2@brokaw.wa.com>
Albert Dewey <timewarp@shentel.net> wrote in message
news:39AC4769.31D141DB@shentel.net...
> Sven wrote:
>
> > Is there a script that display number of days since a (in script)
> > given date ?
> >
> > (For display in webpage via SSI-tag).
> >
> > Regards,
> > Sven
>
> Not to give you a hard time here but most beginner books on Perl have
> this as an example in them, probably next in frequency to printing
> "Hello World." Pony up the $25 or so that a good beginner book will run
> you and you will have a lot of really useful info at your fingertips in
> the bargain.
Look before you leap, though. Not all beginner books are created equal.
Try reading a few reviews at www.perl.com or www.sysarch.com or
http://www.plover.com/~mjd/perl/reviews/
I'm sure there are more sites that would have good reviews. See
perlfaq2:Perl Books for more info.
Lauren
--
print grep ord $_,map{y/a-zA-Z//d;$x.="+ $_";chr(eval $x)}
'J74u43-s2tA1-84n33o45th1er5-12-P3e13-82r48l21H13-a6-76
c40k25er2wx8-y6z13-81'=~m#([^!\n]{3})#g#tr/-0-9//d;print
------------------------------
Date: Wed, 30 Aug 2000 00:55:24 GMT
From: jason <elephant@squirrelgroup.com>
Subject: Re: The Hacker signature disciplin
Message-Id: <MPG.1416f8f5e7ab2521989728@localhost>
Jakob Schmidt <sumus@aut.dk> wrote ..
>Tony L. Svanstrom <tony@svanstrom.com> wrote:
>
>> jason <elephant@squirrelgroup.com> wrote:
>>
>> > I think the only rule that I'm aware of is that if you have to ask -
>> > then you shouldn't use it *8^)
>>
>> I can't but agree. *L*
>
>Hehe - I reckoned you'd give me that.
>
>That's a standard rule of just about any subculture. Well - I'm a
>determined subculture crasher and it's your turn :-)
>
>It's the kind of rules that 10.000 lurkers decide to let themselves
>scare off by. I'm the one who has little enough sense of occasion - or
>maybe I'm just the only one who's priorities are twisted enough - to go
>and break it.
*8^)
>print "I'm a loser baby\n";
lol .. you mean (in the style of one of Ilmari's examples)
print @{{split//,qq.q\nf d l b'iscmeanaaIglkrhopyjembob.}}{a..q.q.};
--
jason -- elephant@squirrelgroup.com --
------------------------------
Date: Wed, 30 Aug 2000 01:48:32 +0200
From: Abe Timmerman <abe@ztreet.demon.nl>
Subject: Re: TMTOWTDI - but how best to do this ??
Message-Id: <onioqsoqso313l5m5cm7vbjijelpbqhq5a@4ax.com>
On Tue, 29 Aug 2000 17:21:38 GMT, reg_exp@my-deja.com wrote:
> whoops, sorry, the example should be:
>
> for eg: for the 8 digit number
>
> 04 997 747 -
> multiplying alternately by 1,2 we get :
>
> 0 4 9 9 7 7 4 7
> x1 2 1 2 1 2 1 2
> ------------------------
> 0 8 9 18 7 14 4 14
>
> summing the digits of each number we get (note 18 is 1+8):
> 0+8+9+1+8+7+1+4+4+1+4 = 47
> next highest number divisible by 10 without remainder = 50
> last digit = 50-47 = 3
>
> so final number = 04 997 747 3
$_ = '04 997 747';
my($i, $sum) = (0, 0);
$sum += $_ for map /(\d)/g =>
map { ($i++ % 2 + 1) * $_ } /(\d)/g;
printf "$_ - %d\n", (10 - $sum % 10) || 10;
--
Good luck,
Abe
------------------------------
Date: Tue, 29 Aug 2000 19:39:32 -0500 (CDT)
From: SeiferAlmasy-@webtv.net (Captain Ginyu)
Subject: Trouble Reading From Database File...
Message-Id: <13348-39AC57C4-64@storefull-107.iap.bryant.webtv.net>
I've tried and tried...but it never works. I've even been told this
*should* work....
It *only* checks the _first_ line or the file.
open(TXT, "data.txt");
@TEXT = <TXT>;
close(TXT);
foreach $i(@TEXT){
($username,$password) = split(/\|/,$i);
if($user_name eq $username){
&login;
} else {
&home;
}
}
Any help/ideas?
------------------------------
Date: Tue, 29 Aug 2000 22:33:24 GMT
From: jason <elephant@squirrelgroup.com>
Subject: Re: turn characters into meta characters
Message-Id: <MPG.1416d7a88bfbb356989721@localhost>
Jonathan Stowe <gellyfish@gellyfish.com> wrote ..
>On Mon, 28 Aug 2000 17:01:11 GMT aaronp243@my-deja.com wrote:
>> Hi, I have a programming question. I have a string that contains
>> "\t\t\t\t". Those are not tabs, they would be matched like this:
>> m/\\t/g
>>
>> but I want to turn them in to tabs. However, I don't want to hardcode
>> anything. I want to turn all "\n"'s into newlines, any "\t"'s into
>> tabs, etc. Any help would be greatly appreciated.
>>
>
>This is a not unreasonable use for the widely disparaged 'eval STRING' :
>
>use strict;
>
>my $foo = '*\t*\n*\t*';
>
>eval "\$foo = qq%$foo%";
>
>print $foo;
don't forget that a string is a valid Perl statement .. so you need only
do
my $foo = '*\t*\n*\t*';
$foo = eval qq("$foo");
print $foo;
--
jason -- elephant@squirrelgroup.com --
------------------------------
Date: Tue, 29 Aug 2000 16:13:29 -0700
From: Larry Rosler <lr@hpl.hp.com>
Subject: Re: turn characters into meta characters
Message-Id: <MPG.1415e37227b2505a98acf6@nntp.hpl.hp.com>
In article <MPG.1416d7a88bfbb356989721@localhost> on Tue, 29 Aug 2000
22:33:24 GMT, jason <elephant@squirrelgroup.com> says...
...
> don't forget that a string is a valid Perl statement .. so you need only
^^^^^^^^^
s/statement/expression/;
> do
>
> my $foo = '*\t*\n*\t*';
> $foo = eval qq("$foo");
> print $foo;
But, as I have shown, hash lookup is *lots* faster.
--
(Just Another Larry) Rosler
Hewlett-Packard Laboratories
http://www.hpl.hp.com/personal/Larry_Rosler/
lr@hpl.hp.com
------------------------------
Date: Tue, 29 Aug 2000 23:34:07 GMT
From: jason <elephant@squirrelgroup.com>
Subject: Re: Unclosed HTML Tags
Message-Id: <MPG.1416e5e4a7ed1596989727@localhost>
Bart Lateur <bart.lateur@skynet.be> wrote ..
>jason wrote:
>
>>as an aside - you'll probably get a better answer in a CGI specific
>>newsgroup
>
>I don't see why processing HTML is a better subject for the CGI
>newsgroup. HTML ne CGI.
didn't say it was a better subject .. just that the originator would
'probably get a better answer' .. you do notice that I answered them
quite voluminously
>That aside, I think I'd look at HTML::Treebuilder, a side module for
>HTML::Parser. Build the HTML structure tree, and regenerate the HTML.
I've never used it before .. would you then manually strip off the HTML,
BODY and P element tags ? .. or is there a way to have the module only
provide the parse tree for a given element ?
--
jason -- elephant@squirrelgroup.com --
------------------------------
Date: Tue, 29 Aug 2000 18:57:19 -0400
From: brian@smithrenaud.com (brian d foy)
Subject: Re: Use Mail:Sender with Use CGI.
Message-Id: <brian-ya02408000R2908001857190001@news.panix.com>
In article <39ACB9F7.C4EE5969@yahoo.com>, hyachan@yahoo.com posted:
I am writing a send email program using "use Mail:Sender...SMTP..."
> written to /cgi-bin/sendemail.pl.
> However, I am stuck with the problem if I don't use "Use CGI",
...
why don't use just use CGI.pm?
--
brian d foy
CGI Meta FAQ <URL:http://www.smithrenaud.com/public/CGI_MetaFAQ.html>
Perl Mongers <URL:http://www.perl.org/>
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 4171
**************************************
