[18719] in Perl-Users-Digest
Perl-Users Digest, Issue: 887 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Sun May 13 09:05:34 2001
Date: Sun, 13 May 2001 06:05:08 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <989759108-v10-i887@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Sun, 13 May 2001 Volume: 10 Number: 887
Today's topics:
Re: $a . $a++ or Perl for vulcans? <iltzu@sci.invalid>
Re: AND-connected search nobull@mail.com
Re: AND-connected search <goldbb2@earthlink.net>
Re: Existing Script To Add Time <iltzu@sci.invalid>
Re: Freaky hash <keesh@users.pleaseremovethisbit.sourceforge.net>
Re: if ($x in @a) equivalent in perl? (Rudolf Polzer)
Re: if ($x in @a) equivalent in perl? nobull@mail.com
Re: If statement question <abe@ztreet.demon.nl>
Re: Local Time <iltzu@sci.invalid>
Re: Local Time <iltzu@sci.invalid>
Re: Local Time (Anno Siegel)
Re: Monitring LOG files on Unix nobull@mail.com
Re: Net::TCP or other (easyish) sockets manipulation <goldbb2@earthlink.net>
Re: Pattern matching using variable ... <iltzu@sci.invalid>
Re: regex for html links nobull@mail.com
Re: regexp to expand variables <iltzu@sci.invalid>
Re: regexp to expand variables <joe+usenet@sunstarsys.com>
Re: Sockets, Time-outs, and Alarms <goldbb2@earthlink.net>
Re: sorting filenames alphanumerically <goldbb2@earthlink.net>
Re: testing offline (Rudolf Polzer)
Re: Unicode character (was: Re: If statement question) (Rudolf Polzer)
Re: Unicode character (was: Re: If statement question) <flavell@mail.cern.ch>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: 13 May 2001 09:13:03 GMT
From: Ilmari Karonen <iltzu@sci.invalid>
Subject: Re: $a . $a++ or Perl for vulcans?
Message-Id: <989744267.25616@itz.pp.sci.fi>
In article <qg66fazcjc.fsf@umpp41.gwdg.de>, Joerg Behrens wrote:
>
>Having the possibility to encounter an equivalence of $a+0 != $a
>in the context of integers (occupied by common human interpretation)
>doesn't really make Perl an intuitive language, IMHO. Use of this
When $a is a moving target that is changing its value *during* the
evaluating of the expression, which is what you get when you use $a++,
I'd rather expect such weirdness. You grab the value of $a twice,
compare them, and find that the value has been incremented in between.
Well, that's what you told perl to do.
It's rather like time() != time(). While the chance that that's true is
very small (about one in 50000 on my system), it's nonetheless not zero.
If you use Time::HiRes, it becomes practically certain.
--
Ilmari Karonen - http://www.sci.fi/~iltzu/
Please ignore Godzilla / Kira -- do not feed the troll.
------------------------------
Date: 13 May 2001 07:49:33 +0100
From: nobull@mail.com
Subject: Re: AND-connected search
Message-Id: <u9zoch920y.fsf@wcl-l.bham.ac.uk>
cberry@cinenet.net (Craig Berry) writes:
> Tim Lauterborn (Tim.Lauterborn@gmx.de) wrote:
> : Hi,
> :
> : Thanks for the quick answer!
> :
> : > /a/ and /b/ and /c/
> :
> : The problem is that I have to generate the expression dynamically: The user
> : can choose if he wants to search with an AND- or OR-connection. Is there any
> : known way to solve this problem non-recursively?
>
> And: /(?=.*a)(?=.*b)(?=.*c)/
Change that to
/^(?=.*a)(?=.*b)(?=.*c)/
Without that ^ the time taken to determine that the pattern does not
match rises very fast with the length of the string. I've not bothered
with a detailed analysis but it's probably O(n**2) or worse.
I still think the OP should change his program to remove the "single
regex" contstraint.
use Benchmark;
my $line = 'x' x 15;
timethese(200000, {
and => sub { $line =~ /a/ && $line =~ /c/ },
free => sub { $line =~ /(?=.*a)(?=.*c)/ },
anchor => sub { $line =~ /^(?=.*a)(?=.*c)/ }
});
__END__
Benchmark: timing 200000 iterations of anchor, and, free...
anchor: 2 wallclock secs ( 1.51 usr + 0.00 sys = 1.51 CPU) @ 132450.33/s (n=200000)
and: -1 wallclock secs ( 0.44 usr + 0.00 sys = 0.44 CPU) @ 454545.45/s (n=200000)
free: 10 wallclock secs ( 9.10 usr + 0.35 sys = 9.45 CPU) @ 21164.02/s (n=200000)
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
------------------------------
Date: Sun, 13 May 2001 05:22:12 -0400
From: Benjamin Goldberg <goldbb2@earthlink.net>
Subject: Re: AND-connected search
Message-Id: <3AFE5244.C678BC51@earthlink.net>
Tim Lauterborn wrote:
>
> Hi,
>
> Thanks for the quick answer!
>
> > /a/ and /b/ and /c/
>
> The problem is that I have to generate the expression dynamically: The
> user can choose if he wants to search with an AND- or OR-connection.
> Is there any known way to solve this problem non-recursively?
Sure.
$_ = qr/\Q$_\E/ for (@searches);
while(<FILE>) BLOCKNAME: {
if( $use_ands ) {
next BLOCKNAME if !/$_/ foreach(@searches);
} else {
my $foundamatch = 0;
$foundamatch = 1, last if /$_/ foreach(@searches);
next BLOCKNAME unless $foundamatch;
}
....
}
Or perhaps:
my $regex = "";
$regex .= "(?i)" if( $ignore_case );
if( $use_ands ) {
$regex .= "(?=.*\Q$_\E)" foreach(@searches);
} else {
$regex .= "\Q$_\E|" foreach(@searches);
chop $regex;
}
$regex = qr/$regex/; # important for speed
while(<FILE>) {
next unless /$regex/;
}
--
Shift to the left, shift to the right, mask in, mask out, BYTE, BYTE,
BYTE !!!
------------------------------
Date: 13 May 2001 11:07:16 GMT
From: Ilmari Karonen <iltzu@sci.invalid>
Subject: Re: Existing Script To Add Time
Message-Id: <989751115.4073@itz.pp.sci.fi>
In article <bNJK6.22617$Hk4.384649@news1.rdc1.ab.home.com>, grasshopper wrote:
>Wondering if anyone has a script (bourne or perl) available which can
>calculate the elapsed time between two given times such as: 08:00 16:30
>which would be an elapsed time of 08:30.
#!/usr/bin/perl -w
use strict;
sub barf {die "Usage: $0 hh:mm hh:mm\n";}
barf unless @ARGV == 2;
my ($begin, $end) = map /^(\d\d?):(\d\d)$/ && $1 < 24 && $2 < 60 ?
60 * $1 + $2 : barf, @ARGV;
$end -= $begin; $end += 60*24 if $end < 0;
printf "%02d:%02d\n", int($end / 60), $end % 60;
Once you get into more complex time and date string parsing, you'll want
to get one of the date manipulation modules from http://www.cpan.org/
[Followups narrowed, dead group comp.lang.perl removed from headers.]
--
Ilmari Karonen - http://www.sci.fi/~iltzu/
Please ignore Godzilla / Kira -- do not feed the troll.
------------------------------
Date: Sun, 13 May 2001 13:28:27 +0100
From: "Ciaran McCreesh" <keesh@users.pleaseremovethisbit.sourceforge.net>
Subject: Re: Freaky hash
Message-Id: <9dluh8$phs$1@newsg4.svr.pol.co.uk>
In article <9dku49$9g$1@taliesin.netcom.net.uk>, "“Z©Ņ¤ō@!”±o^"
<crud_alex@yahoo.com> wrote:
> what do u mean the particular version of perl? my perl is activeperl623
> and what's the differnece?
In a later version of perl, the way hashes are implemented may change so
that you no longer get that order. Maybe in the next release there'll be
a revolutionary new way of hashing things and the order outputted will
change. I don't know about perl 4, maybe the order would have been
different there as well?
The important thing is, you're getting an ordered output because of a
coincidence. It just so happens that at the moment the current release of
perl uses a hashing function which gives that order. You can't rely on
the order being like that, use sort if you need things in that order.
Take this example:
#!/usr/bin/perl -w
my %h = ('2', 'two', 4, 'four', '6', 'six', '8', 'eight', '10', 'ten');
print join ' ', values %h;
This gives me "eight two ten four six", which isn't in any particular
order. That's with perl v5.6.0 on Linux. Maybe in some other version the
order will be different.
So yes, you've found a hash which outputs in sorted order. No, that
doesn't mean anything.
--
Ciaran McCreesh
mail: keesh@users.sourceforge.net
web: http://www.opensourcepan.com/
------------------------------
Date: Sun, 13 May 2001 11:30:58 +0200
From: eins@durchnull.de (Rudolf Polzer)
Subject: Re: if ($x in @a) equivalent in perl?
Message-Id: <slrn9fsl2h.tb0.eins@www42.t-offline.de>
Jürgen Exner <juex@my-deja.com> wrote:
> "Godzilla!" <godzilla@stomp.stomp.tokyo> wrote in message
> news:3AFD5FE9.79ECECFC@stomp.stomp.tokyo...
> > Jürgen Exner wrote:
> > > Wait a second, are you saying your method actually gains time?
> > > For the sake of argument lets assume 'the other method' takes 2 minutes.
> > > Now, your method being 700% faster would mean your method needs minus 12
> > > minutes (computed as 2min - 700/100*2min = -12min).
> >
> > You have created false parameters.
>
> Not exactly. I simply choose the number 2, because it is easier to
> demonstrate with a simple number like 2 instead of some lengthy, complex,
> real value. You may substitute whatever value you prefer, it doesn't change
> the argumentation.
>
> > Using your false parameters, code which runs seven times
> > faster than another which takes two minutes,
> > this faster code would complete in,
> >
> > 0.285714285 minutes or 17.14285714 seconds
>
> I wonder how you got this number.
> As you said:
> - Code A runs in 2 minutes.
> - 7 times 2 minutes is 14 minutes (at least by the usual rules of
> arithmetic)
> - code B runs 7 times faster than code A, in other words it runs 14 minutes
> faster than code A: that is 2 minutes minus 14 minutes which equals minus12
> minutes.
>
> Please let me know where I made the mistake
Not too complicated. Often speed is measured in cycles/sec (like MIPS, FLOPS
etc.).
Now assume some code takes two minutes, ie it is executed 30 times per hour.
Adding 700% to it, you get 240 times her hour, which is 15 seconds per cycle.
A mistake which everyone of you did is that you did not think that
700% faster
means
800% of the speed. So saying "100% faster" is not useless but means double
as fast. Many do this mistake, the interesting thing is that '100% faster'
means to most people the same as the incorrect '200% faster'.
--
#!/usr/bin/perl -- ! ! ! ! ! ! # PerlPaint
print 'You owe me $' . ! ! ! ! ! ! ! # (c)2001RP
! ! ! ! ! ! ! ###########
! ! !!!! !!!! !!!! 'NULL!' . ".\n"
------------------------------
Date: 13 May 2001 08:53:22 +0100
From: nobull@mail.com
Subject: Re: if ($x in @a) equivalent in perl?
Message-Id: <u9ofsx8z2l.fsf@wcl-l.bham.ac.uk>
eins@durchnull.de (Rudolf Polzer) writes:
> So saying "100% faster" is not useless but means double
> as fast.
While I would agree that that is probably the best interpretation I
should point out that the English language is even worse than Perl
when it comes to not having a definative standard.
It is not wrong in English to interpret n% faster as meaning "taking
(100-n)/100 of the elapsed time".
OK this is not an exact science but which interpretation is meant
would probably depend on whether it is the action or the outcome to
which "faster" is applied.
"I drove from Birmingham to London 50% faster than you".
"I completed the journey from Birmingham to London 50% faster than
you".
Some people will interpret these statements as being the same. Others
(probably a minority) will read the second as meaning "in half the
elapsed time". I do not think this minority are wrong.
> Many do this mistake, the interesting thing is that '100% faster'
> means to most people the same as the incorrect '200% faster'.
I agree with you that this third interpretation is just plain wrong
because if it were right then "50% faster" would mean "at half the
speed".
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
------------------------------
Date: Sun, 13 May 2001 13:01:54 +0200
From: Abe Timmerman <abe@ztreet.demon.nl>
Subject: Re: If statement question
Message-Id: <dppsftkjtuls8skj6ui8ntrnqv4vef4p1p@4ax.com>
On Sat, 12 May 2001 01:41:36 +0200, eins@durchnull.de (Rudolf Polzer)
wrote:
> Is there a Perl way to say (C):
>
> for (;/*ever*/;) { ... }
>
> for (;'ever';) { ... }
>
> works, but is 'ever' optimized away as a '1' constant?
Why would it? It looks like perl thinks different about the optimezed
form of that statement:
$ perl -MO=Deparse -e 'for (;"ever";) { }'
for (;;) {
();
}
-e syntax OK
--
Good luck, Abe
Amsterdam Perl Mongers http://amsterdam.pm.org
perl -wle '$_=q@Just\@another\@Perl\@hacker@;print qq@\@{[split/\@/]}@'
------------------------------
Date: 13 May 2001 08:10:44 GMT
From: Ilmari Karonen <iltzu@sci.invalid>
Subject: Re: Local Time
Message-Id: <989739665.22179@itz.pp.sci.fi>
In article <2ykK6.1560$I5.480701@news1.rdc1.tn.home.com>, Todd Smith wrote:
>"Craig Berry" <cberry@cinenet.net> wrote in message
>news:tfjksuogg3gcdd@corp.supernews.com...
>>
>> By the way, "naus" is the Greek for "ship" (with a clear relation to
>> "nautos"), which was borrowed into Latin as "navis", which is in turn the
>> root of such English words as "navigate" and "navy". So "nautical" means
>> "about sailors", but "naval" means "about ships".
>>
>> What a great language we have. Oh, and perl is pretty cool, too. :)
>
>now this is a post I can learn from!
Yes, it was quite interesting. Now I know what "ship" is in Greek, a
bit of infromation that might well turn out to be useful someday.
I'm wondering, however, if you fully appreciate the irony of that fact
that the branch of this thread started by Craig is the only one that is
100% outside the actual topic of this newsgroup -- as he's fully aware
of, based on his final remark.
Such off topic digressions are commonplace on Usenet, and aren't usually
considered a problem. In fact, many newsgroups would be a lot duller
without them. However, the fact that this particular post struck you as
more informative than, say, the explanation of insecure PATH dependency
_might_ be an indication that your areas of interest don't in fact quite
match the topic of this newsgroup.
There's nothing wrong with that, of course. There are plenty of reasons
to be here other than being interested in discussing miscellaneous stuff
about Perl. (I used to spend quite a lot of time on AFU despite really
having no interest at all in urban legends except when I need to debunk
them. Then I came here and found I didn't have time to read both.) But
it is something that one should be aware of, particularly when one wants
to contribute to the discussion.
--
Ilmari Karonen - http://www.sci.fi/~iltzu/
Please ignore Godzilla / Kira -- do not feed the troll.
------------------------------
Date: 13 May 2001 08:38:38 GMT
From: Ilmari Karonen <iltzu@sci.invalid>
Subject: Re: Local Time
Message-Id: <989741712.23474@itz.pp.sci.fi>
In article <slrn9fliqp.7ok.abigail@tsathoggua.rlyeh.net>, Abigail wrote:
>
>By the time an attacker gets to install a program in your PATH, you
>are comprimised already. Don't give yourself a false sense of security
>that using "localtime" gives you any additional security.
While it would indeed mean the system is compromised already, it might
be a way for the attacker to extend the scope of the compromise. Of
course, it pretty much requires one to do something else stupid, like
putting '.' in root's PATH, and some might say that anyone who does that
deserves whatever they get.
Nevertheless, the principle of "don't trust anything you don't have to"
is still valid. It just might make the difference between "oops, I'm
glad nothing serious happened" and a total disaster.
You do have a point, however, in that using localtime() should not give
one any sense of security. Neither should plugging any other potential
or actual security hole, really. At best, it should only reduce one's
sense of insecurity a bit.
Once you've formally proven the program secure _and_ tested its security
in practice, _then_ you get to feel secure. Until then, trust nothing.
--
Ilmari Karonen - http://www.sci.fi/~iltzu/
Please ignore Godzilla / Kira -- do not feed the troll.
------------------------------
Date: 13 May 2001 13:01:49 GMT
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Re: Local Time
Message-Id: <9dm0jt$s9l$1@mamenchi.zrz.TU-Berlin.DE>
According to Ilmari Karonen <usenet11455@itz.pp.sci.fi>:
> about Perl. (I used to spend quite a lot of time on AFU despite really
Of course. Spending time on AFU is a requirement when you want to join
the caba&%?a@kk+++NO CARRIER
------------------------------
Date: 13 May 2001 07:52:49 +0100
From: nobull@mail.com
Subject: Re: Monitring LOG files on Unix
Message-Id: <u9wv7l91vi.fsf@wcl-l.bham.ac.uk>
"Gary" <reachus@nslnet.net> writes becasue he wrongly belives that
writing is easier than reading the FAQ:
> I need a way for perl to open a unix file which is a log file and beng
> written to all the time.
FAQ: "How do I do a `tail -f' in perl?"
> If certain text is seen in the log file it should be mailed out
FAQ: "How do I send mail?"
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
------------------------------
Date: Sun, 13 May 2001 04:20:32 -0400
From: Benjamin Goldberg <goldbb2@earthlink.net>
Subject: Re: Net::TCP or other (easyish) sockets manipulation
Message-Id: <3AFE43D0.8168D98D@earthlink.net>
Tom Groves wrote:
>
> Hi there,
>
> I'm playing around with developing a set of IRC Services in perl and
> so far it's reasonable....i only have one problem.
>
> I'm using Net::TCP for my connection to the ircd, which works FINE for
> sending messages. I have it connecting without a problem. But I
> can't find a SINGLE example of how to RECEIVE data using this...some
> sort of event handler for "on_receive" or suchlike would be nice :)
>
> Anybody know of a way to continually monitor incoming data? Or
> alternatively another module to use.
Net::TCP is not really the best way to do network communication.
Study up on the IO::Socket module, especially the IO::Socket::INET
submodule.
--
Shift to the left, shift to the right, mask in, mask out, BYTE, BYTE,
BYTE !!!
------------------------------
Date: 13 May 2001 09:46:59 GMT
From: Ilmari Karonen <iltzu@sci.invalid>
Subject: Re: Pattern matching using variable ...
Message-Id: <989746160.28472@itz.pp.sci.fi>
In article <tflhdma3riv791@corp.supernews.com>, Chris Stith wrote:
>
> Benchmark: running qr, scalar, each for at least 10 CPU seconds...
> qr: 11 wallclock secs @ 12295.51/s (n=126029)
> scalar: 11 wallclock secs @ 22140.40/s (n=221404)
>
>It seems the scalar method is actually faster, although I had
>heard the opposite. Here's the code I used:
[snip]
> sub qr {
> my $string = 'foobarbaz';
> my $pattern = qr/(foo)/;
> $string =~ s/$pattern.*/$1/;
> }
Your benchmark looks valid, and does indeed show why qr// should not be
used in cases like that (expect for convenience and to avoid excessive
backslashes). However, for completeness let me provide a benchmark that
shows a case where qr// _is_ useful:
#!/usr/bin/perl -w
use strict;
use Benchmark;
use vars qw/@qr @qq/;
@qr = map qr/($_)/i, qw/foo bar baz/;
@qq = map "$_", @qr;
timethese shift,
{ qr => '"foobarbaz" =~ /$_/ for @qr',
qq => '"foobarbaz" =~ /$_/ for @qq',
};
__END__
Benchmark: timing 65536 iterations of qq, qr...
qq: 13 wallclock secs (11.63 usr + 0.01 sys = 11.64 CPU)
qr: 3 wallclock secs ( 2.41 usr + 0.00 sys = 2.41 CPU)
This is perl, version 5.005_03 built for i386-linux
Granted, that benchmark was designed to maximize the difference, but in
general you'll get a speed increase from qr// in cases where you can use
it to factor the regex compilation out of a loop.
--
Ilmari Karonen - http://www.sci.fi/~iltzu/
Please ignore Godzilla / Kira -- do not feed the troll.
------------------------------
Date: 13 May 2001 08:21:04 +0100
From: nobull@mail.com
Subject: Re: regex for html links
Message-Id: <u9r8xt90kf.fsf@wcl-l.bham.ac.uk>
Andras Malatinszky <andras@mortgagestats.com> writes:
> nobull@mail.com wrote:
>
> > phocjop@hotmail.com (Moriarty) writes:
> >
> > > I'm trying to make a regex to find web links in a text file and ad <a href
> > > stuff around it to link it up.
> >
> > RE is not powerful enough to parse HTML reliably.
>
> That probably would have been good advice, had the OP in fact wanted to parse
> HTML. Alas, he wanted to go the other way.
Oops.
> Good thing other posters actually took the time to read and
> understand the OP's question and pointed out the solution to his
> problem.
Yes it is good that Ciaran McCreesh correctly pointed out the trivial
typo in the OP's code.
Personally I'd think the OP could probably get what they want much
more easily with:
s!(\bhttp://\S+)!<a href="$1">$1</a>!g;
Still if you think my answer was bad you should take a look at the
puhishment meeted out by Godzilla's on the OP for asking such a simple
and underspecified question.
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
------------------------------
Date: 13 May 2001 10:22:15 GMT
From: Ilmari Karonen <iltzu@sci.invalid>
Subject: Re: regexp to expand variables
Message-Id: <989749118.564@itz.pp.sci.fi>
In article <m3lmo4fkvi.fsf@mumonkan.sunstarsys.com>, Joe Schaefer wrote:
>
>Although this is a nice and simple solution, in light of the
>recent discussions of security here I'd like to point out
>that, unlike the FAQ answer, passing tainted data through this
>s///eeg regexp is IMHO far worse than backticking `date`. I think
Yes, definitely.
>it would be safer and better to avoid the regexp stuff altogether
>and just use eval:
>
> $text = eval "qq{$text}"; die $@ if $@;
Actually, it isn't. Consider $text = '@{[`rm -rf *`]}' for example.
--
Ilmari Karonen - http://www.sci.fi/~iltzu/
Please ignore Godzilla / Kira -- do not feed the troll.
------------------------------
Date: 13 May 2001 08:23:43 -0400
From: Joe Schaefer <joe+usenet@sunstarsys.com>
Subject: Re: regexp to expand variables
Message-Id: <m3zoch30a8.fsf@mumonkan.sunstarsys.com>
Ilmari Karonen <iltzu@sci.invalid> writes:
> In article <m3lmo4fkvi.fsf@mumonkan.sunstarsys.com>, Joe Schaefer wrote:
>
> >it would be safer and better to avoid the regexp stuff altogether
> >and just use eval:
> >
> > $text = eval "qq{$text}"; die $@ if $@;
>
> Actually, it isn't. Consider $text = '@{[`rm -rf *`]}' for example.
Or just $text = '};`rm -rf /`;{' for that matter, but that wasn't the
point I was trying to make. Here's the next few sentences snipped
from that quote:
>> That way taint-checks are not subverted should OP choose to use them.
>> Otherwise subtle and wicked things can happen:
>> % perl -Mstrict -wTpe 's/(\$\w+(?:\[.*?\]|\{.*?\})?)/$1/eeg'
>> $ENV{ENV}
>> /home/joe/.bashrc
[...]
Now let's try the same thing with the eval line:
% perl -Mstrict -wTpe 'eval "qq{$_}"; die $@ if $@'
$ENV{ENV}
Insecure dependency in eval while running with -T switch
at -e line 1, <> line 1.
%
The point I'm trying to make is that using a simple eval will not untaint
the string, but using s///ee will of necessity detaint the string before
eval'ing it. Unless you are aware of that, it can leave a gaping
security hole in your script because perl will never warn you about
passing tainted data through it.
That being said, I think Craig's can be tightened up to be safe on
tainted data:
s/(\$\w+(?:\[-?\d+\]|\{\w+\})?)/$1/eeg;
Can anyone find an way to exploit this?
--
Quintessential Williams: architect mission-critical e-markets
------------------------------
Date: Sun, 13 May 2001 04:04:56 -0400
From: Benjamin Goldberg <goldbb2@earthlink.net>
Subject: Re: Sockets, Time-outs, and Alarms
Message-Id: <3AFE4028.A9508CC3@earthlink.net>
Lyle Goldman wrote:
>
> Hello. I am running a Perl client application that uses a socket to
> connect to a server application. The code to open the socket and
> connect to the server (which must already be running) is as follows:
>
> socket SOCKET, PF_INET, SOCK_STREAM, getprotobyname 'tcp'
> or die "socket: $!\n";
> connect SOCKET, sockaddr_in($port, $iaddr) or die "connect: $!\n";
> select SOCKET;
> $| = 1;
> select STDOUT;
Wouldn't you be better off using the OO version?
use IO::Socket::INET;
my $socket = new Socket::INET(PeerPort => $port, PeerAddr => $iaddr)
or die "socket: $!";
# $socket->autoflush();
select [select $socket, $|=1]->[0];
>
> Now, this application has to have a continuous conversation with the
> server, and therefore needs to know when the server is finished
> sending without knowing how much data it is sending or how many lines
> it is sending? What is the best way to do this?
Usually by having some kind of end of file embedded in the stream. If
all the data being sent is ascii, then set $/ to some non-ascii
character, and have the server send that character when it's done with
sending regular data. Another posibility is to do what nntp and smtp
use -- keep reading lines until you get the string "\n.\n"; to allow
that to occur normally escape it. Whenever "\n." appears at your data,
replace it with "\n.." before sending, and replace "\n.." within your
data with "\n." after recieving. Well, actually, you should probably be
using "\015" not "\n" since on some machines, "\n" is "\015", and on
others it's "\012\015", and if your client and server use different
values for it, you can run into trouble. See
http://www.perldoc.com/perl5.6/pod/perlipc.html under the heading
Internet Line Terminators for more details on this. A third possibility
for encoding EOF is to compress using zlib, which besides compressing,
also allows you to embed an EOF in your data stream.
> What I am doing now is using an alarm to specify a time-out value.
> Here is the code I am using (a work in progress, which will probably
> be in a loop):
>
> $SIG{ALRM} = "IGNORE";
>
> my $resp;
> alarm 5;
> $resp = <SOCKET>;
> alarm 0;
Eww, why aren't you using either select or a normal socket timeout?
my $rmask = '';
vec($rmask,fileno(SOCKET),1) = 1;
my ($resp,$resplen);
if( select($rmask,undef,undef,5.0) == 1 ) {
$resplen = sysread SOCKET, $resp, 0xFFFFFFFF;
}
or,
$socket->timeout(5.0);
my ($resp,$resplen);
$resplen = sysread $socket, $resp, 0xFFFFFFFF;
> However, it doesn't work. The attempted read from the socket is not
> interrupted, as many other system calls are when there is a signal.
> How can I interrupt the socket read? Does buffering have anything to
> do with it, and if so, how can I avoid it?
You don't *really* want to interrupt the read, you want it to either not
occur at all, or to return early, if nothing is ready within the time
specified. Interrupting it is not the way to go. But if you *were*
going to use an interrupt, here's one way to do it:
local $SIG{ALRM} = sub { die 'timeout' };
my $resp;
eval { alarm 5; $resp = <SOCKET>; alarm 0; };
die $@ unless( !$@ or $@ =~ /^timeout/ );
--
Shift to the left, shift to the right, mask in, mask out, BYTE, BYTE,
BYTE !!!
------------------------------
Date: Sun, 13 May 2001 04:33:18 -0400
From: Benjamin Goldberg <goldbb2@earthlink.net>
Subject: Re: sorting filenames alphanumerically
Message-Id: <3AFE46CE.405B8916@earthlink.net>
bmm wrote:
>
> Hi. How would I perform an alphanumeric sort on filenames that abide
> by the following naming convention:
>
> intelVrambus_0001.csv
> intelVrambus_0002.csv
> ...
> intelVrambus_0255.csv
>
> When I read the directory that contains the load files with the
> following code
>
> my @loadfiles;
> find sub { push @loadfiles, $File::Find::name if /\.csv\z/ && -f; },
> $loaddir;
>
> I find that the files are not subsequently processed in alphanumeric
> order.
>
> I suppose I need to sort the array, perhaps using the Schwartzian
> Transformation -- but perhaps someone can step me through this beast
> and give me a hint on how to adapt it?
>
> @sorted = map { $_->[0] }
> sort { $a->[1] cmp $b->[1] }
> map { [ $_, uc( (/\d+\s*(\S+)/)[0]) ] } @data;
You don't need to use the transform in this case.
@loadfiles = sort { $a cmp $b } @loadfiles;
Should work fine.
--
Shift to the left, shift to the right, mask in, mask out, BYTE, BYTE,
BYTE !!!
------------------------------
Date: Sun, 13 May 2001 11:34:56 +0200
From: eins@durchnull.de (Rudolf Polzer)
Subject: Re: testing offline
Message-Id: <slrn9fsla0.tb0.eins@www42.t-offline.de>
Dan Baker <dan@nospam_dtbakerprojects.com> wrote:
>
>
> Amelia Clarke wrote:
> >
> > I'm fairly new to perl and have been using it to make cgi scripts - the
> > only thing is, I'd like to be able to test them fully offline. Is there
> > a (free) program I can download to allow me to do this?
> ----------------
>
> I use a simple free webserver that runs great on win98 from
> www.xitami.com
Does it support PATH_INFO? Could you try to execute some CGI script with an
appended '/test.path'?
--
www42:~ # mv /mnt/c/windows/win.com /dev/null
mv: /dev/null: data refused
------------------------------
Date: Sun, 13 May 2001 11:34:19 +0200
From: eins@durchnull.de (Rudolf Polzer)
Subject: Re: Unicode character (was: Re: If statement question)
Message-Id: <slrn9fsl8r.tb0.eins@www42.t-offline.de>
Philip Newton <pne-news-20010513@newton.digitalspace.net> wrote:
> On Sat, 12 May 2001 14:01:28 +0200, eins@durchnull.de (Rudolf Polzer) wrote:
>
> > I did not know
> > Unicode emulates Wingdings.
>
> This statement makes no sense to me. What is it supposed to mean?
I thought Unicode contained no symbol characters like smileys but only
ASCII 32..126 and language-specific glyphs.
--
#!/usr/bin/perl -- ! ! ! ! ! ! # PerlPaint
print 'You owe me $' . ! ! ! ! ! ! ! # (c)2001RP
! ! ! ! ! ! ! ###########
! ! !!!! !!!! !!!! 'NULL!' . ".\n"
------------------------------
Date: Sun, 13 May 2001 11:29:50 +0200
From: "Alan J. Flavell" <flavell@mail.cern.ch>
Subject: Re: Unicode character (was: Re: If statement question)
Message-Id: <Pine.LNX.4.30.0105131127010.31310-100000@lxplus003.cern.ch>
On Sun, 13 May 2001, Rudolf Polzer wrote:
> I thought Unicode contained no symbol characters like smileys
Perhaps a visit to www.unicode.org would be more effective than
telling c.l.p.misc about it.
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 887
**************************************
