[17849] in Perl-Users-Digest
Perl-Users Digest, Issue: 9 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Sun Jan 7 00:05:41 2001
Date: Sat, 6 Jan 2001 21:05:07 -0800 (PST)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <978843907-v10-i9@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Sat, 6 Jan 2001 Volume: 10 Number: 9
Today's topics:
Is there a Perl equivalent for servlets and jsp <Hans.de.Bruin@chello.nl>
Re: beginner question (Honza Pazdziora)
checking/deleting mail duplicates <t@inode.at>
Re: checking/deleting mail duplicates (Martien Verbruggen)
Re: Controlling a serial port nantogue@my-deja.com
Re: Controlling a serial port nantogue@my-deja.com
Re: files in directory (Tad McClellan)
Help with flat text database <newsgroups@jhorn.cjb.net>
Re: howto config windows98 dble-clk to open perl with l (Soren Andersen)
Re: Is there a Perl equivalent for servlets and jsp (Martien Verbruggen)
Re: Is there a standard, current Perl for Win32 (withou (Soren Andersen)
Re: Is there a standard, current Perl for Win32 (withou (Soren Andersen)
Re: LWP and referer (Randal L. Schwartz)
Re: LWP and referer (Randal L. Schwartz)
Re: Mac pathnames <kevin@vaildc.net>
MacPerl 5.20r4 <tjudd01@hotmail.com>
Modules for generating HTML Table of Contents <fvu@fvu.myweb.nl>
Re: Newbie but serious - Problems reading file from mul <joe+usenet@sunstarsys.com>
Re: Newbie but serious - Problems reading file from mul (Mark Jason Dominus)
Re: Newbie but serious - Problems reading file from mul (Mark Jason Dominus)
Re: Newbie question on Subs <nospam@mistnet.com>
Newbie question. <akmink@austin.rr.com>
Re: Newbie question. <tony_curtis32@yahoo.com>
Re: perl and zombies (Martien Verbruggen)
Re: perl and zombies (Mark Jason Dominus)
Re: Trouble with Interpolation (Martien Verbruggen)
xs trouble on Win32 (building Win32::API) (Soren Andersen)
YahooQuote debugging help needed, <hvcraft@my-deja.com>
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Sat, 06 Jan 2001 17:22:11 GMT
From: "Hans de Bruin" <Hans.de.Bruin@chello.nl>
Subject: Is there a Perl equivalent for servlets and jsp
Message-Id: <7vI56.462681$%C1.5715708@Flipper>
With java it is possible to separate html pages en cgi program by the use of
server side java pages and servlets . This makes it possible for someone to
edit the pages without tampering with the main script. I am looking for the
Perl equivalent of this but had no luck so far. Does it exist?
Hans
------------------------------
Date: Fri, 5 Jan 2001 12:59:42 GMT
From: adelton@fi.muni.cz (Honza Pazdziora)
Subject: Re: beginner question
Message-Id: <G6oxFI.KEn@news.muni.cz>
On Thu, 04 Jan 2001 22:41:18 GMT, hmm <heidi@nospamtreesforlife.org> wrote:
> I am reading from a text file. The first line is always empty and my
> contents get written from line 2 on. When I read that text file, how do I
> get my code to skip the blank line and write the remaining contents?
>
> open (OUTPUT,"< cgi-bin/step3file.txt") or print "Error opening file
> step3file.txt\n";
> while ($line=<OUTPUT>){
> print "<table align='center' width='400'>";
> if($line eq ???????){ # I don't know what to type here
if ($. == 1 ) {
next;
}
Yours,
--
------------------------------------------------------------------------
Honza Pazdziora | adelton@fi.muni.cz | http://www.fi.muni.cz/~adelton/
.project: Perl, DBI, Oracle, MySQL, auth. WWW servers, MTB, Spain.
Petition for a Software Patent Free Europe http://petition.eurolinux.org
------------------------------------------------------------------------
------------------------------
Date: Sun, 7 Jan 2001 02:44:49 +0100
From: "matthias tarasiewicz" <t@inode.at>
Subject: checking/deleting mail duplicates
Message-Id: <938hkl$asu$1@readme.inode.at>
i am searching for a script that checks for duplicates in your mailbox (unix
mbox format // pine for example)
the duplicates should then be deleted
-- does anybod< know if there is a script that can do this or is there any
other possibility for doing this?
thanks a lot
matt
------------------------------
Date: Sun, 7 Jan 2001 14:46:44 +1100
From: mgjv@tradingpost.com.au (Martien Verbruggen)
Subject: Re: checking/deleting mail duplicates
Message-Id: <slrn95fpl3.f4u.mgjv@martien.heliotrope.home>
On Sun, 7 Jan 2001 02:44:49 +0100,
matthias tarasiewicz <t@inode.at> wrote:
> i am searching for a script that checks for duplicates in your mailbox (unix
> mbox format // pine for example)
>
> the duplicates should then be deleted
First, you need to define what a 'duplicate' is. If you mean that it's
the same message twice (maybe it arrived through a different channel),
all you need to do is keep track of the Message-Id header. If you mean
that you want to check whether the message body is identical, you can
just compare those.
Get the MailTools package from CPAN, and either the Mail::Box or
Mail::Folder modules. The Mail::Box or Mail::Folder modules allow you to
deal with your mailbox, and the MailTools modules to work with
individual messages.
(MailTools is a prerequisite for Mail::Box anyway, and so is
MIME::Tools).
Mail::Folder (0.07) is a bit out of date, and actually won't work well
for me on 5.6.0. It doesn't look like it has been maintained for a
while.
> -- does anybod< know if there is a script that can do this or is there any
> other possibility for doing this?
I think you probably have to write something yourself. But it wouldn't
be too hard. Mail::Box and Mail::Folder allow you to to loop through all
the mail in a box, and delete the ones you don't want. Keep a hash with
the message id, and if you encounter the same one again, remove the
current one (see the answer in the FAQ part 4 to the question "How can I
remove duplicate elements from a list or array?"). If you don't just
want to do this based on the Message-Id, maybe you can keep an MD5 sum
around of the message body. But that depends on what you think is a
duplicate.
Martien
--
Martien Verbruggen |
Interactive Media Division | Failure is not an option. It comes
Commercial Dynamics Pty. Ltd. | bundled with your Microsoft product.
NSW, Australia |
------------------------------
Date: Sun, 07 Jan 2001 02:32:02 GMT
From: nantogue@my-deja.com
Subject: Re: Controlling a serial port
Message-Id: <938kf3$l58$1@nnrp1.deja.com>
> I just would like to know where did you find the Win32::SerialPort
> Module. I can't find any modules about serial port.
>
> Thanks in advance.
Best of luck with it:
http://members.aol.com/Bbirthisel/
Sent via Deja.com
http://www.deja.com/
------------------------------
Date: Sun, 07 Jan 2001 02:38:27 GMT
From: nantogue@my-deja.com
Subject: Re: Controlling a serial port
Message-Id: <938kr3$lfs$1@nnrp1.deja.com>
> >But I can't get the BM_fCtsHold constant recognised by my perl
> >interpreter. I guess I am missing some kind of import clause in my
> >code? Any idea what this might be?
>
> use Win32::SerialPort qw( :STAT 0.19);
Thanks for that, I couldn't seem to get the syntax right.
> >Also, I need to set RTS low. I guess I use the rts_active method? I
> >can't seem to get this to have any effect either though, it just
> >returns 1 all of the time.
>
> rts_active returns the status of the API call (in case it fails), not
the state
> of the bit. But it sounds to me as if you are reinventing hadware
handshaking.
> That support is built-in:
>
> $ob->handshake('rts');
Well, I'm no expert on serial programming but the h/w with which I am
trying to communicate requires that I lower & raise RTS between
communication. A sample VB pgm is supplied and it does indeed
explicitly set this, as opposed to relying on the h/w to do it.
Hmm.. I have been playing around with java and while not fully working
yet, I have had much better success. I am thinking of learning java
instead now. Thanks for the help.
Paul
Sent via Deja.com
http://www.deja.com/
------------------------------
Date: Sat, 6 Jan 2001 18:10:07 -0500
From: tadmc@metronet.com (Tad McClellan)
Subject: Re: files in directory
Message-Id: <slrn95f9ef.t39.tadmc@magna.metronet.com>
snef <snef@soneramail.nl> wrote:
>In article <slrn95ebcp.sgh.tadmc@magna.metronet.com>, tadmc@metronet.com
>says...
>> snef <snef@soneramail.nl> wrote:
>> >
>> >open (DIR,"./dirname");
>>
>> You need to call opendir() for directories. open() is for files.
>Thanx!
You're welcome.
Please do something for me in return.
Do not quote an entire article. Quote only enough to establish
the context for your comments.
See:
http://www.geocities.com/nnqweb/nquote.html
>(i already had opendir in my file....just mistyped here...)
^^^^^
^^^^^
Do not do that!
Trying to type in code instead of using copy/paste or import
or something can get your postings ignored.
Troubleshooting code that does not exist is a waste of
everybody's time.
--
Tad McClellan SGML consulting
tadmc@metronet.com Perl programming
Fort Worth, Texas
------------------------------
Date: Sun, 07 Jan 2001 03:47:13 GMT
From: ^Jerry <newsgroups@jhorn.cjb.net>
Subject: Help with flat text database
Message-Id: <938os1$ojf$1@nnrp1.deja.com>
I have only been messing with CGI for a short time, since I finally got
the perl location from my server admin..
I'm working on a webpage where I want to show information about a
specific person through this script.. mainly to protect their email and
phone numbers from the spambots..
I wrote this last night, and thought I had it running great, but it
won't print anything out..
Thanks in advance if you can help..
the info, and closes the file
open (USERS,$datafile) or die "Couldn't open database file.. \n $!";
@temp = <USERS>;
close (USERS);
# start the command to get the correct profile
&get_info;
# subroutine to parse the profiles, and find the correct user
sub get_info {
foreach $info (@temp) {
chomp($info);
# split the data from this format.. username| real name | contact
info | grade | positions | additional info | url of picture
($user,$name,$contact,$grade,$positions,$additional,$picture) = split
(/\|/,$info);
# found the correct user, tells the script to print the data
if ($getuser eq $user) {
&printit;
}
}
# if no user found, tells the script to print the error message
&nouser;
}
# subroutine to show the profile info
sub printit {
print "Content-type: text/html\n\n";
Print <<EOF ;
<html><head>
<meta name="robots" content="noindex">
<title>Information for $grade $name Delaware Wing</title>
</head>
<body background="/wings.gif">
<font face="arial">
<center><table width="95%" bgcolor="#C0C0C0" height="220" border="1">
<tr bgcolor="#999999" height="50" width="736">
<b>
Member Profiles - Delaware Wing</b></tr>
<tr>
Name: $name
</tr>
<tr>
Grade: $grade
</tr>
<tr>
Positions: $positions
</tr>
<tr>
Contact info: $contact
</tr>
<tr>
Addtional data: $additional
</tr>
<tr>
<img src="$picture">
</tr>
</table>
<font size="-3">
<p>Profile script written by Jerry Horn</p></font></font>
</body>
</html>
EOF
exit;
}
# subroutine to show the error message, if no user was found.
sub nouser {
print "Content-type: text/html\n\n";
Print <<EOF ;
<html><head>
<title>No Such User</title>
</head>
<body background="/wings.gif">
<h1>No such user</h1>
Sorry, the user profile " $getuser " could not be found in the
database.<p>
Helpful info.. user profiles will be stored in this format:
<strong>firstinitial lastname</strong> such as <strong>jhorn</strong>
standing for C/1st Lt Jerry Horn the wing webmaster.<br>
http://www.delawarewing.org/Directorates/profiles.cgi?jhorn
</html>
EOF
}
Sent via Deja.com
http://www.deja.com/
------------------------------
Date: 7 Jan 2001 00:05:43 GMT
From: soren2000@noYOUknowWHAT.juno.com (Soren Andersen)
Subject: Re: howto config windows98 dble-clk to open perl with local dir as working dir?
Message-Id: <9021CFA00soren2000j@198.99.146.10>
dtbaker_dejanews@my-deja.com wrote in <91ui4m$ckt$1@nnrp1.deja.com>:
>This is probably mostly a windows issue
absolutely.
>The problem is that I have one machine that I cant seem to get to
>use the current . directory as the working directory when firing up
>a scipt with a dble-click from an explorer window. I dont really
>want to add the full path in the script, I have a couple utility
>scripts I just want to be able to double-click a fire up to run on
>some files in the "local" directory. I KNOW its not a good idea to
>assume the path, but in this case I'd like to cheat a little.... and
>I'm frustrated because it works on one. ;)
>I have checked the file association for the .pl extension and it
>looks identical.... opening with C:\usr\bin\Perl.exe "%1" %*
>
>I have poked around win98 help but have not found a way to set the
>dir an executable opens IN.......
>
>any ideas?
The only idea I have is to do what I have always done to make similar utilities
(local filesystem scripts) work on WinBoxen: run batwrap.pl or pl2bat on your
script (to thus create a *.bat file) and then drag-and-drop the dir you want to
work in to the iconic representation (on your desktop or in an Explorer folder,
for instance) to that .bat file. You will get the directory as $ARGV[0], string
value will be a Windoze short-file-name ("DOS" name) for the folder in this
case and you may/will need to use some of my tips at
www.wonderstorm.com/techstuff/Perl_dex.html to fix that up.
Of course you can also run such a bat-chified Perl script from a command prompt
in your desired dir. It's a flexible approach, probably the best generalized
one around.
HTH,
soren andersen
------------------------------
Date: Sun, 7 Jan 2001 12:20:38 +1100
From: mgjv@tradingpost.com.au (Martien Verbruggen)
Subject: Re: Is there a Perl equivalent for servlets and jsp
Message-Id: <slrn95fh36.f4u.mgjv@martien.heliotrope.home>
On Sat, 06 Jan 2001 17:22:11 GMT,
Hans de Bruin <Hans.de.Bruin@chello.nl> wrote:
> With java it is possible to separate html pages en cgi program by the use of
> server side java pages and servlets . This makes it possible for someone to
> edit the pages without tampering with the main script. I am looking for the
> Perl equivalent of this but had no luck so far. Does it exist?
You're looking for a templating system?
http://search.cpan.org
There are several modules with template in their name. Most of them will
allow you to split HTML and code.
But maybe what you're really looking for is Mason. Info available at
http://www.masonhq.org/. Integrates well with mod_perl and the Apache
server.
Martien
--
Martien Verbruggen |
Interactive Media Division |
Commercial Dynamics Pty. Ltd. | Curiouser and curiouser, said Alice.
NSW, Australia |
------------------------------
Date: 6 Jan 2001 23:45:35 GMT
From: soren2000@noYOUknowWHAT.juno.com (Soren Andersen)
Subject: Re: Is there a standard, current Perl for Win32 (without ActivePerl?)
Message-Id: <9021B98DAsoren2000j@198.99.146.10>
bart.lateur@skynet.be (Bart Lateur) wrote in
<vv194t027aguphemlt7abg0u5lnfugj70i@4ax.com>:
>I would be surprised if there's wasn't a binary port in Cygwin (GPP
>for Win32), too. AH, yes: <http://cygutils.netpedia.net/>. Perl
>5.6.0 exists for V1.1.
That's just been superceeded, and maybe won't now even be on that site.
Because a Perl 5.6.1 beta is now rolled into the Cygwin latest
distribution (IOW, you can install Perl along with many binutils, etc,
from the rather neat Cygwin setup.exe installer program.
The maintainer of the CygUtils site has stated he won't keep
maintaining a Cygwin Perl binary anymore, now that it's available
as part of core Cygwin.
So the destination you want is the Cygwin site (www.cygwin.com?) --
it's part of RedHat now anyway. Click on "install Cygwin now" on the
main page. It's that easy to get a non-AS perl for Win32 setup on yer
WinBoxen. Or, .. do the real work: compile Perl 5.6.x using MinGW
(headers etc. for a port of gcc 2.95.2; www.mingw.org) from source, so
that you can freely extend it with CPAN modules written in XS, and so
it's 100% native win32 (no Cygwin POSIX overlayer). I did this.
soren andersen
------------------------------
Date: 6 Jan 2001 23:56:42 GMT
From: soren2000@noYOUknowWHAT.juno.com (Soren Andersen)
Subject: Re: Is there a standard, current Perl for Win32 (without ActivePerl?)
Message-Id: <9021CECE6soren2000j@198.99.146.10>
nagle@animats.com (John Nagle) wrote in
<3A43830E.1116EAD0@animats.com>:
>Also, I use MSVC++ 5.x, and Perl is usually built with
>gcc or Borland compilers. I hate to download and install
>another development environment just to build Perl.
As pointed out, you really just haven't (hadn't when you wrote) done
your homework -- but then some of what you'd be benefitted by reading
is installed to the ActivePerl installation dir tree (i.e., the HTML
documentation) or available at the ActiveState website, and so if you
don't have activeperl and don't want it, you're in a chicken-and-egg
quandary.
Perl on Win32 is NOT usually compiled with either gcc (I wish!) or
Borland. ActiveState is (has been) distributing it's binaries by the
megabushels and every last one is built by them with MSVC++. I think if
you are attached to that M$ product you had better stick with
ActivePerl. Your objections to AS Perl seem more based on ignorance
than anything else to me (why the prejudice against ActivePerl's
extensions when you use MSVC++?! -- they are highly effective and
valuable to users on Win32 platforms!). OTOH, someone (like me) who
doesn't own MSVC++ and doesn't want to, but wants to use a Free
Software cc to build more Free Software, has a challenge with using
ActivePerl; therefore I (finally) built Perl 5.7.x (devel branch Perl)
from source using MinGW. It took some work but isn't as hard as people
seem to (widely) suppose.
soren andersen
P.S. Those who want there to be an alternative prebuilt Perl for Win32
binary distro for free download online should probably keep watching
www.mingw.org -- or better yet, get involved there as a
contributor/volunteer and MAKE it happen.
------------------------------
Date: 06 Jan 2001 09:33:17 -0800
From: merlyn@stonehenge.com (Randal L. Schwartz)
Subject: Re: LWP and referer
Message-Id: <m1hf3cmvqa.fsf@halfdome.holdit.com>
>>>>> "Maarten" == Maarten Veerman <news@_NOSPAM_mtvwebdesign.hypermart.net> writes:
Maarten> Is there a way to set a specific URL as a referer when asking
Maarten> for a page using LWP::UserAgent?
Maarten> For example, when I access a script form a page, my browser
Maarten> sends the page where the request was made to the script, so
Maarten> the script can use $ENV{'HTTP_REFERER'}. Now, when I make a
Maarten> LWP request, can I also send the page which made the request?
The referer[sic] is part of a request, which has a header object.
"perldoc HTTP::Headers" says:
$h->referer
Used to specify the address (URI) of the document from
which the requested resouce address was obtained.
But look at the context for more examples.
print "Just another Perl hacker,"
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
------------------------------
Date: 06 Jan 2001 12:36:21 -0800
From: merlyn@stonehenge.com (Randal L. Schwartz)
Subject: Re: LWP and referer
Message-Id: <m1y9wol8oq.fsf@halfdome.holdit.com>
>>>>> "Bjoern" == Bjoern Hoehrmann <bjoern@hoehrmann.de> writes:
Bjoern> $request->header('Referer' => 'http://websitedev.de/');
More typing than needed. See my post.
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
------------------------------
Date: Sat, 06 Jan 2001 19:38:54 -0500
From: Kevin Michael Vail <kevin@vaildc.net>
Subject: Re: Mac pathnames
Message-Id: <kevin-7901AA.19385406012001@news.his.com>
In article <978819565.41200@shelley.paradise.net.nz>, "Tintin"
<you.will.always.find.him.in.the.kitchen@parties> wrote:
[snip]
> so I'm assuming that you have to use a : as the Mac directory separator.
> Is converting Unix pathnames to Mac as simple as converting / to :'s? I
> suspect not.
Yes, the directory separator under MacOS is the colon, and yes, it's not
as simple as all that.
There are some fundamental differences between Mac pathnames and Unix
pathnames. First, there is no single "root" point of the Mac
filesystem. Each volume has its own "root" (it isn't called that), and
to name a file you must specify the volume name as the first component.
(This is not unlike drive letters under Windows, but they go with the
volume, not the physical location of the volume.) So an _absolute_ file
name consists of a volume name, one or more folder (directory) names,
and a file name, all separated by colons.
If the pathname doesn't contain any colons _or_ begins with a colon,
it's relative to the current directory; two colons together mean "go up
a level".
Thus:
"My Hard Disk:Documents:example.doc" is a complete pathname.
"example.doc" or ":example.doc" refers to the same file if the current
directory is "My Hard Disk:Documents:".
":Documents:example.doc" refers to the document named example.doc in the
folder named Documents in the current directory.
"::OtherFolder:document" refers to a file named document in a directory
named OtherFolder that's in the parent of the current directory.
To really confound matters, you don't generally refer to files with
pathnames under MacOS anyway, but use a triple { volume reference
number, directory ID, filename } which uniquely identifies a file even
if there are multiple volumes on the desktop with the same name. (And
there's not really a concept of "current directory" on the Mac, either.)
All of this is in _Inside Macintosh: Files_ which is on Apple's web site
somewhere. I'm not sure how this is implemented in MacPerl, but I'd bet
that Files.pm or MoreFiles.pm (both supplied as part of the MacPerl
distribution) is a good place to look.
MacOS X _really_ confuses the issue because it's Unix under the hood,
and from the shell or native applications you can use "/" as the
directory separator. I don't know what happens if you have existing
files with a slash in the name, or what happens if you try to refer to a
MacOS X-created file with a colon in its name.
--
Kevin Michael Vail | a billion stars go spinning through the night,
kevin@vaildc.net | blazing high above your head.
. . . . . . . . . | But _in_ you is the presence that
. . . . . . . . . | will be, when all the stars are dead. (Rainer Maria Rilke)
------------------------------
Date: Sat, 6 Jan 2001 19:22:38 -0900
From: Tim Judd <tjudd01@hotmail.com>
Subject: MacPerl 5.20r4
Message-Id: <161922.PGMNALYW@news.gci.net>
Hi, I'm having a couple problems with making a module using MacPerl. When I use the module Exporter.pm (standard one that came w/ 5.20r4 distribution), it sets the variable $! to "No such file or directory."
Since I use the line
$! ? 0 : 1;
at the end of my modules, it never returns a true value. I've even tried to set $! to '', but MacPerl sais
# Argument "" isn't numeric in sassign.
File 'Untitled'; Line 4
line 4 being $! = '';
Can I get around this, and still export?
-----------
On another thought, is there a perl 5.006 version coming out for Mac?
I bet Matthias can answer that.
any pointers or help would be appreciated.
--Tim
------------------------------
Date: Sun, 7 Jan 2001 01:17:13 +0100
From: "Freddy Vulto" <fvu@fvu.myweb.nl>
Subject: Modules for generating HTML Table of Contents
Message-Id: <938cib$f30$1@azure.nl.gxn.net>
I'm planning to release modules which are capable of generating
table-of-contents out of one or more HTML files, using either the h1..h6
tags or customizable tags. Or is such a script already available? Are the
module names underneath available?
HTML::Toc
HTML::TocGenerator
HTML::TocInsertor
Gr, Freddy Vulto
------------------------------
Date: 06 Jan 2001 18:45:44 -0500
From: Joe Schaefer <joe+usenet@sunstarsys.com>
Subject: Re: Newbie but serious - Problems reading file from multipart forms (no binmode!) (repost)
Message-Id: <m3u27c1byv.fsf@mumonkan.sunstarsys.com>
mjd@plover.com (Mark Jason Dominus) writes:
> In article <m37l4831nh.fsf@mumonkan.sunstarsys.com>,
> Joe Schaefer <joe+usenet@sunstarsys.com> wrote:
> >> What's bad about it? I don't know much about windows systems, but on
> >> Unix it would be safe.
> >
> >No it would not. In the context that OP is using it,
> >it's very bad.
> >% try.pl f=.htaccess
>
> In that case, the sercurity problem is in putting .htaccess, which is
> a security contrtol file, into the directory that is is supposed to be
> controlling. That is like putting the keys to the jail incide the
> cell, instead of outside.
Yes, and the point I'm trying to make is that unless you taint check
the filename somehow, the "prisoner" is permitted to put the keys
inside the jail cell him/herself.
> If the directory is asupposed to be writable---which it is---then the
> .htaccess file should be elsewhere. Good security practice is that
> user upload directories should not be in the server's HTML tree at
> all, for precisely this kind of reason.
>
> >Note that looking for correct file extensions in an effort
> >to detaint the filename can also be very difficult.
>
> Yes, and that is why you should avoid the whole problem, by assigning
> one meaning ('uploads') to the directory, rather than two
> ('downloads') or three ('security controls').
<offtopic>
But sometimes this just isn't practicable, especially if your
web hosting company only provides you with FTP or "Frontpage2000"
access to your directory tree. Often you can take some preventative
measures; but sometimes you just can't, and taint checks are your
last and only line of defense. In a situation like OP's, Apache's
suexec wrapper actually makes his site less secure than without it,
for reasons that you mention above.
</offtopic>
--
Joe Schaefer
------------------------------
Date: Sun, 07 Jan 2001 03:05:03 GMT
From: mjd@plover.com (Mark Jason Dominus)
Subject: Re: Newbie but serious - Problems reading file from multipart forms (no binmode!) (repost)
Message-Id: <3a57dcde.192c$d8@news.op.net>
In article <Y7M56.71$UQ5.3737@eagle.america.net>,
Garry Williams <garry@zvolve.com> wrote:
>I don't know what you expected to happen. $fileName is tainted. You
>didn't untaint it. The code above will fail because of that, a
>priori. See perlsec, "Laundering and Detecting Tainted Data".
See, kids, this is what happens when you come into the thread in the
middle and respond to an article without having any idea what is
being discussed or what the participanrts have already said.
--
@P=split//,".URRUU\c8R";@d=split//,"\nrekcah xinU / lreP rehtona tsuJ";sub p{
@p{"r$p","u$p"}=(P,P);pipe"r$p","u$p";++$p;($q*=2)+=$f=!fork;map{$P=$P[$f|ord
($p{$_})&6];$p{$_}=/ ^$P/ix?$P:close$_}keys%p}p;p;p;p;p;map{$p{$_}=~/^[P.]/&&
close$_}%p;wait until$?;map{/^r/&&<$_>}%p;$_=$d[$q];sleep rand(2)if/\S/;print
------------------------------
Date: Sun, 07 Jan 2001 03:50:39 GMT
From: mjd@plover.com (Mark Jason Dominus)
Subject: Re: Newbie but serious - Problems reading file from multipart forms (no binmode!) (repost)
Message-Id: <3a57e78e.1aa8$182@news.op.net>
In article <m3u27c1byv.fsf@mumonkan.sunstarsys.com>,
Joe Schaefer <joe+usenet@sunstarsys.com> wrote:
>> In that case, the sercurity problem is in putting .htaccess, which is
>> a security contrtol file, into the directory that is is supposed to be
>> controlling. That is like putting the keys to the jail incide the
>> cell, instead of outside.
>
>Yes, and the point I'm trying to make is that unless you taint check
>the filename somehow, the "prisoner" is permitted to put the keys
>inside the jail cell him/herself.
I think we're talking past each other. There are three problems here.
1. OP did not have taint checking on.
2. OP sanitized the input data in a way that was not completely effective.
3. Files in the upload area might have a meta-meaning for the web server.
All three of these are contributing to the security problem.
You appear to be saying that the big problem is #1.
But it should be evident that #1 is not actually the big problem here.
Perl has taint checking in place to force the programmer to sanitize
input data.
We just saw that the OP tried to sanitize the input data even though
he *didn't* have taint checking on. He did it this way:
$fileName =~ s!^.*(\\|\/)!!;
it didn't work.
If you're suggesting that taint checking would have solved this guy's
problem, I think you're wrong. I think that if he had enabled taint
checking he would likely have ended up with something like this:
($filename) = ($filename =~ m{^.*((\\|\/).*)$});
In which case the taint checking has contibuted exactly nothing.
The only thing that taint checking does is force the programmer to try
to sanitize the data. It can't ensure that they get it right. In
this case, the programmer *did* try to sanitize the data, without
being forced. He screwed it up, but turning on taint checking would
not have helped him not screw it up.
So, contrary to what you say, I don't believe that enabling taint
checking is going to help this guy in this case.
#1, the taint checking, is not going to help, and OP screwed up #2.
He didn't screw it up completely. In fact, he hardly screwed up at
all. He did, in fact, confine the uploaded file to the appropriate
upload directory. The file is going right where it is supposed to.
The remote user is not going to overwrite /etc/passwd or anything like
that.
So what's the real problem? The real problem is that someone decided
that it would be a good idea to allow magical files in the upload
directory.
Taint checking cannot help you with this. Look:
#!/usr/bin/perl -T
...
($filename) = ($filename =~ /^([a-z]+)$/m);
Here I sanitized $filename heavily. It must be a sequence of
lowercase letters. Surely this is safe.
No, some idiot sysadmin has configured the web server to use 'config'
as a synonym for '.htaccess'. Sanitize that, babe!
How can you fix this? You have to know every detail of how the server
is configured, not just today, but forever. That's clearly
impossible. And I bet you can't tell me right now whether the default
Apache configuration uses a per-directory control file whose name is
all-lowercase. (1.3.12 has at least 200 different configuration
directives.)
So the .htaccess problem you brought up is not with the sanitization,
and it's not with the lack of taint checking. The problem is that
some idiot sysadmin *did* configure the web server to support control
files in the upload directory.
--
@P=split//,".URRUU\c8R";@d=split//,"\nrekcah xinU / lreP rehtona tsuJ";sub p{
@p{"r$p","u$p"}=(P,P);pipe"r$p","u$p";++$p;($q*=2)+=$f=!fork;map{$P=$P[$f|ord
($p{$_})&6];$p{$_}=/ ^$P/ix?$P:close$_}keys%p}p;p;p;p;p;map{$p{$_}=~/^[P.]/&&
close$_}%p;wait until$?;map{/^r/&&<$_>}%p;$_=$d[$q];sleep rand(2)if/\S/;print
------------------------------
Date: Sun, 7 Jan 2001 15:24:57 +1030
From: "nospam" <nospam@mistnet.com>
Subject: Re: Newbie question on Subs
Message-Id: <3a57f2d4$1@news.iprimus.com.au>
?? wouldn't this do it?
#!/usr/bin/perl
&getwebparams unless $Webaddress;
"Mike McPherson" <hafateltec@hotmail.com> wrote in message
news:935no6$g6r$1@brokaw.wa.com...
> I am obviosly a newbie to perl. Can somebody please help me out on
this
> one.
> What I want this sub to do is simple:
> 1. Sombody imputs a URL in either xxx.xxx.xxx.xxx or
http://www.whatever.com
> format
> 2. If they do not input anything by just hitting retrun for
$Webaddress I
> want it to loop back up to the line above it again and reask untill
they
> fill it out?
>
>
> sub getwebparams {
> print "\nPlease input the URL (Use xxx.xxx.xxx.xxx or www.whatever.com
> Format)\n";
> $Webaddress = <STDIN>;
> unless
> ined($Webaddress)){
> print "\nYou must enter a value\n";
> return &getparams;
> }
> print "\nPlease enter the port for the website. ie. 80\n";
> $Webport = <STDIN>;
> }
>
>
> Thanks in advance
>
>
>
------------------------------
Date: Sun, 07 Jan 2001 00:45:36 GMT
From: "Adrian Mink" <akmink@austin.rr.com>
Subject: Newbie question.
Message-Id: <Q_O56.12840$dZ5.276309@typhoon.austin.rr.com>
I want to be able to pass my script a variable from the command line, like
this:
perl perl.pl somevalue
Where does "somevalue" get stored and how do I access it from within the
script?
Thanks for any help.
--
------------------------------------------------------------------
Do not reply via email, the reply address is
strictly for spam. Thanks!
Adrian
MCSE, CCNA
------------------------------------------------------------------
------------------------------
Date: 06 Jan 2001 19:05:34 -0600
From: Tony Curtis <tony_curtis32@yahoo.com>
Subject: Re: Newbie question.
Message-Id: <87hf3cdvdt.fsf@limey.hpcc.uh.edu>
>> On Sun, 07 Jan 2001 00:45:36 GMT,
>> "Adrian Mink" <akmink@austin.rr.com> said:
> I want to be able to pass my script a variable from the
> command line, like this:
> perl perl.pl somevalue
> Where does "somevalue" get stored and how do I access it
> from within the script?
It's in @ARGV, see
perldoc perlvar
hth
t
--
Eih bennek, eih blavek.
------------------------------
Date: Sun, 7 Jan 2001 10:30:24 +1100
From: mgjv@tradingpost.com.au (Martien Verbruggen)
Subject: Re: perl and zombies
Message-Id: <slrn95fakg.7ou.mgjv@martien.heliotrope.home>
On Sat, 06 Jan 2001 09:34:11 -0500,
Bernie Cosell <bernie@fantasyfarm.com> wrote:
> mgjv@tradingpost.com.au (Martien Verbruggen) wrote:
>
> } This is where the process gets waited on. I bet that if you check
> } _after_ the close you won't find the zombie. The original complaint was
> } that the zombies remained after the close, until the program terminates.
> }
> } See the parallell thread in which MJD tells us all why :)
>
> can you be a bit less elliptic about this? I didn't see MJD's answering
> this on *this* thread, and I can't figure out which is the 'parallel
> thread' you're referring to... What's the 'subject' for this other thread?
I should have said: Another branch of this same thread.
If your server doesn't carry a message, you can always use deja. The
whole thread is available there (just checked). Have a look at the
branch that starts with message <3a55d3a3.4dfc$14@news.op.net>
If you can't use deja: All he says is to try it without die-ing if the
open fails, and to make sure to use a non-existing path.
Martien
--
Martien Verbruggen |
Interactive Media Division | The world is complex; sendmail.cf
Commercial Dynamics Pty. Ltd. | reflects this.
NSW, Australia |
------------------------------
Date: Sun, 07 Jan 2001 03:54:04 GMT
From: mjd@plover.com (Mark Jason Dominus)
Subject: Re: perl and zombies
Message-Id: <3a57e85c.1aba$89@news.op.net>
>If you can't use deja: All he says is to try it without die-ing if the
>open fails, and to make sure to use a non-existing path.
Yes. When the initial open fails, you get a zombie.
Radu Greab contributed a patch, so it should be fixed in the next release.
--
@P=split//,".URRUU\c8R";@d=split//,"\nrekcah xinU / lreP rehtona tsuJ";sub p{
@p{"r$p","u$p"}=(P,P);pipe"r$p","u$p";++$p;($q*=2)+=$f=!fork;map{$P=$P[$f|ord
($p{$_})&6];$p{$_}=/ ^$P/ix?$P:close$_}keys%p}p;p;p;p;p;map{$p{$_}=~/^[P.]/&&
close$_}%p;wait until$?;map{/^r/&&<$_>}%p;$_=$d[$q];sleep rand(2)if/\S/;print
------------------------------
Date: Sun, 7 Jan 2001 10:57:16 +1100
From: mgjv@tradingpost.com.au (Martien Verbruggen)
Subject: Re: Trouble with Interpolation
Message-Id: <slrn95fc6s.f4u.mgjv@martien.heliotrope.home>
On 06 Jan 2001 19:11:36 GMT,
kevin metcalf <xzrgpnys@yvtugubhfrovm.pbz> wrote:
>> > Here's the part of the code that matters:
>> > *******
>> > $option_line = "<option ";
>> > unless ($contents{print_option} == 0) { $option_line .=
>> > 'value="$i"';}
>> $option_line = "value=\"$i\"";
>> or a bit cleaner:
>> $option_line = qq{value="$i"};
>
> You were sorta right. I tried this already, and it didn't fix it. The
> problem is that the response you gave me will evaluate the variable $i
> BEFORE the program gets to the loop. Ex:
> #!/usr/bin/perl
> $counter=123;
> $my_var = qq/Count=$counter/;
> for ($counter=0; $counter<3; $counter++) {
> print $my_var;
> }
>
> Gives me:
> Count=123Count=123Count=123
> When I want it to give me:
> Count=0Count=1Count=2
Oh, is this what you are trying to do. I didn't understand that from the
first post. And now that I have just reread it I can indeed see it in
there, somewhere. Not entirely clear though.
Maybe you should have posted this short example right away.
First of all: you really should use -w and strict, especially if you're
going to fiddle with these things.
Secondly, what you're trying to do is a really bad idea. You're
introducing extra interpolation levels and evals and stuff like that,
just to print something out (which is what you stated in the first
post). Just print the thing.
If you're still not convinced, your first attempt was close. You can do
this with an eval, but I really do not think it's a good idea. You could
do it with a double ee on a s///, but please, don't think that way. It's
not necessary. DO NOT DO THIS
Something a lot safer would be to explicitly look for the variable you
dumped in there:
s/\$i/$i/;
or even better better, a special marker:
s/__SPECIAL_MARKER__/$i/;
But even better is not to do it like that in the first place:
$foo = q/Count=/;
for my $i (0 .. 2)
{
print "${foo}$i\n";
# or
$bar = "${foo}$i";
}
> For those of you just joining us, the acctual code like this:
>
> $option_line = "<option ";
> unless ($contents{print_option} == 0) {
> $option_line .= qq/value="$i"/;
> }
> unless ($contents{extra} eq "") {
> $option_line .= " $contents{extra}";
> }
> $option_line .= qq/>$i/;
> if ($contents{newlinechar} eq "ret") {
> $option_line .= "\n";
> }
> else { $option_line .= "$newlinechar"; }
> $countfrom=$contents{countfrom};
> $countto=$contents{countto};
> $countto++;
> for ($i=$countfrom; $i<$countto; $i++){
> print $option_line;
> }
I would just put the loop around the whole thing, or use a marker in
$option_line.
But I would most certainly get into the habit of using -w and strict, if
I were you. It will be tremendously helpful to you some day.
Martien
--
Martien Verbruggen |
Interactive Media Division | Freudian slip: when you say one thing
Commercial Dynamics Pty. Ltd. | but mean your mother.
NSW, Australia |
------------------------------
Date: 7 Jan 2001 00:40:26 GMT
From: soren@spmfoiler.removethat.wonderstorm.com (Soren Andersen)
Subject: xs trouble on Win32 (building Win32::API)
Message-Id: <938dtq$83k$1@slb7.atl.mindspring.net>
[posted and mailed]
Hello Mages {ONLY, pleeeaze),
I am trying to compile the module Win32::API (http://dada.perl.it/) on WinNT4
sp6 using MinGW - gcc-2.95.2.1 and having a rough go of it with the xs code.
The compilation fails because this code has an undeclared identifier:
--- console output, watch for wrapping --
Reading L:/develperl/site/lib/Make.pm
Reading L:\develperl\usr\manual_build\Win32-API-0.20\makefile
gcc -c -g -O2 -DWIN32 -fno-strict-aliasing -DPERL_MSVCRT_READFIX -
DPERL_POLLUTE -g -O2 -DVERSION=\"0.20\" -DXS_VERSION=\"0.20\" -
I..\..\..\lib\CORE API.c
API.xs: In function `AbstractCallback':
API.xs:52: `_asm' undeclared (first use in this function)
API.xs:52: (Each undeclared identifier is reported only once
API.xs:52: for each function it appears in.)
API.xs:52: parse error before `{'
API.xs: At top level:
API.xs:56: parse error before string constant
API.xs:56: warning: data definition has no type or storage class
API.xs: In function `XS_Win32__API_Call':
API.xs:282: `_asm' undeclared (first use in this function)
API.xs:282: parse error before `{'
API.xs:290: parse error before `{'
API.xs:298: parse error before `{'
API.xs:306: parse error before `{'
API.xs:316: parse error before `{'
API.xs:326: parse error before `{'
API.xs:342: parse error before `{'
API.xs:351: parse error before `{'
Code 256 from gcc -c -g -O2 -DWIN32 -fno-strict-aliasing -
DPERL_MSVCRT_READFIX -DPERL_POLLUTE -DVERSION=\"0.20\" -DXS_VERSION=\"0.20\" -
I..\..\..\lib\CORE API.c
at L:/develperl/site/l ib/Make.pm line 265.
--- code snippet quote w/ line nos., watch for wrapping --
# from Win32-API-0.20/API.xs
48
49 void AbstractCallback() {
50
51 LPBYTE self;
52 _asm {
53 pop eax
54 mov dword ptr self, eax
55 }
56 printf("AbstractCallback: got eax=%ld\n", self);
57 }
58
--- end code snippet quote ------------------------------
So, this _asm critter seems to be the first problem to tackle. I think the
possibility exists that some #define isn't happening, that needs to, and maybe
it's one that the MSVC would do by default (but not MinGW). The author of this
module, Aldo 'dada' Capini, uses MSVC++ to build his binaries. Nobody that I
know of has built this mod using something else.
Anybody (perhaps familiar with xs and Win32/MSVC++) got any insights?
Thanks,
soren andersen
------------------------------
Date: Sun, 07 Jan 2001 04:50:43 GMT
From: hvcraft <hvcraft@my-deja.com>
Subject: YahooQuote debugging help needed,
Message-Id: <938sj2$r8b$1@nnrp1.deja.com>
Why isn’t Finance::YahooQuote working for me?
When I execute this script, I get the following output in about 3
seconds (more information is after the output).
SCRIPT:
use strict; use diagnostics; use Finance::YahooQuote;
$Finance::YahooQuote::TIMEOUT = 60;
my $quote;
my $symbol = "sunw";
my @quote = getonequote $symbol; # Get a quote for a single symbol
foreach $quote (@quote) {
print "$quote\n";
}
print "done";
OUTPUT:
0
done
OTHER INFORMATION:
NT4sp5
DSL connection
When I use UserAgent (e.g., 20.1 (p708) of Perl Cookbook I get the
expected response from a web site.
I installed the activestate ZIP version of Finance::YahooQuote. I see
it in C:\Perl\site\lib\Finace as expected
Sent via Deja.com
http://www.deja.com/
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 9
************************************
