[18726] in Perl-Users-Digest
Perl-Users Digest, Issue: 894 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Mon May 14 09:11:22 2001
Date: Mon, 14 May 2001 06:05:10 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <989845510-v10-i894@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Mon, 14 May 2001 Volume: 10 Number: 894
Today's topics:
Re: [OT] Software Engineering at 14 (was: Re: Beginner' <reply-via@my-web-site.com>
Re: [OT] Software Engineering at 14 (was: Re: Beginner' <gtoomey@usa.net>
Re: [OT] Software Engineering at 14 (was: Re: Beginner' (Herman Rubin)
Re: Boole's tools (was Things I'm just not getting in P (David Combs)
Re: create html-gif on the fly <dodger@necrosoft.net>
environment <juju_y_jaja@deaqui.com>
Re: Existing Script To Add Time (TAJTHY Tamás)
getting creation time/date of a file (Andre Bonhote)
Re: Newbie:Exporter problems <bart.lateur@skynet.be>
Please help with signals <rebelvideo@hotmail.com>
Re: Please help with signals <ronald.fischer@deadspam.com>
Re: Please help with signals (Dave Bailey)
Re: Reading DBF files remotely (Honza Pazdziora)
Re: Segmentation fault (core dumped) (reader of news)
Re: Taint <dodger@necrosoft.net>
Re: Taint (Anno Siegel)
Re: Taint <dodger@necrosoft.net>
Re: Taint <uri@sysarch.com>
Re: Taint <dodger@necrosoft.net>
Re: Taint <dodger@necrosoft.net>
Re: Taint (Anno Siegel)
Re: Taint (Anno Siegel)
Re: What is wrong with my Regular Expression? <iltzu@sci.invalid>
Re: What is wrong with my Regular Expression? <dodger@necrosoft.net>
Re: What is wrong with my Regular Expression? (M.J.T. Guy)
Re: What is wrong with my Regular Expression? (Anno Siegel)
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Mon, 14 May 2001 12:15:49 +0200
From: "Biep @ http://www.biep.org/" <reply-via@my-web-site.com>
Subject: Re: [OT] Software Engineering at 14 (was: Re: Beginner's Language?)
Message-Id: <9dob4m$j5du5$1@ID-63952.news.dfncis.de>
"Peter Schuller" <peter.schuller@infidyne.com> wrote in message
news:9dmq0v$60r$1@hecate.umd.edu...
> I began programming when I was 8. I knew exactly what type of job I
wanted
> eventuellay, and I *wanted* to pursue my interestes.
> > Why not start admitting 8-year olds? They are surely capable.
> Heh; I hadn't read the entire message. Glad you suggested it :)
I think it is very easy to stunt the development of a child at that age,
and it resuires a specific effort from an educational system to make them
grow in areas they haven't learned to appreciate yet.
I happen to think that an educational system in a democracy has the moral
obligation to do just that: to help turn children into full human beings,
rather than allow them to hide in a corner for the rest of their lives.
After all, these children will be tomorrow's voters.
One is certainly allowed to dislike, say, history even after being exposed
to a decent quantity of facts and their significance, but someone who does
not want to do some historic research should at least be aware that they
are missing so much that they better refrain from voting. I doubt whether
a child of 14 who dislikes history will have learned that lesson already -
the a-ha erlebnis will not have occurred yet, I would guess. The same is
true m. m. for other subjects.
Follow-ups to misc.education
--
Biep
Reply via http://www.biep.org
------------------------------
Date: Mon, 14 May 2001 21:52:04 +1000
From: "Gregory Toomey" <gtoomey@usa.net>
Subject: Re: [OT] Software Engineering at 14 (was: Re: Beginner's Language?)
Message-Id: <wrPL6.26841$482.125255@newsfeeds.bigpond.com>
"Biep @ http://www.biep.org/" <reply-via@my-web-site.com> wrote in message
news:9do8ad$imtpa$1@ID-63952.news.dfncis.de...
> "FM" <danfm@dartmouth.edu> wrote in message
> news:9dk70r$4gv$1@merrimack.Dartmouth.EDU...
> > I don't think you'd have "general comprehensive education" by age
> > 14 either. I don't know about other people, but I had been hardly
> > taught anything in school by 14 beyond a few misrepresented facts.
>
> Well, someone with a good education will probably know more "school stuff"
> by the age of 14 than many others will learn at all.
> What is lacking will be life experience, a sense of scientific humility,
> and a good sense of what life is really about.
>
> I don't think I have had a particularly good education, but at 14 I had a
> good basis of the three Rs, basic grammar, a working knowledge of a few
> foreign languages, roughly the same amount of historic and geographic
> knowledge that I have now (those were out of vogue at that time), and
> decent introductions in physics, math, and biology. (Chemistry came
> later.) Culture history had been good, arts and crafts, like physical
> education, simply didn't have my attention. (Still, I was a decent
> swimmer.)
>
> My real problem with strong specialisation that early would be the lack of
> insight in the goals of life.
>
> Follow-ups set to misc.education
>
> --
> Biep
> Reply via http://www.biep.org
Mrs Smith took her son Johnny to the music teacher.
"My son Johnny is 14 and has been studying muic for 5 years. Do you think he
is old enough to write a piano concerto", said Mrs Smith.
"Well, that's a very young age to write such a complex work", said the music
teacher.
"But Mozart wrote an opera at ago 10", said Mrs Smth.
"Ah!! But he didn't have to ask", said the music teacher.
gtoomey
------------------------------
Date: 14 May 2001 07:57:49 -0500
From: hrubin@odds.stat.purdue.edu (Herman Rubin)
Subject: Re: [OT] Software Engineering at 14 (was: Re: Beginner's Language?)
Message-Id: <9dokod$2d46@odds.stat.purdue.edu>
In article <wrPL6.26841$482.125255@newsfeeds.bigpond.com>,
Gregory Toomey <gtoomey@usa.net> wrote:
>"Biep @ http://www.biep.org/" <reply-via@my-web-site.com> wrote in message
>news:9do8ad$imtpa$1@ID-63952.news.dfncis.de...
>> "FM" <danfm@dartmouth.edu> wrote in message
>> news:9dk70r$4gv$1@merrimack.Dartmouth.EDU...
...............
>Mrs Smith took her son Johnny to the music teacher.
>"My son Johnny is 14 and has been studying muic for 5 years. Do you think he
>is old enough to write a piano concerto", said Mrs Smith.
>"Well, that's a very young age to write such a complex work", said the music
>teacher.
>"But Mozart wrote an opera at ago 10", said Mrs Smth.
>"Ah!! But he didn't have to ask", said the music teacher.
He didn't have to ask, BUT he had already been greatly
encouraged. If there were those who would argue that he
was too young, they had at least been kept from interfering.
An "educational system" which even HINTS that someone
can be "too young" for such accomplishments is an abomination.
--
This address is for information only. I do not claim that these views
are those of the Statistics Department or of Purdue University.
Herman Rubin, Dept. of Statistics, Purdue Univ., West Lafayette IN47907-1399
hrubin@stat.purdue.edu Phone: (765)494-6054 FAX: (765)494-0558
------------------------------
Date: 14 May 2001 12:09:26 GMT
From: dkcombs@panix.com (David Combs)
Subject: Re: Boole's tools (was Things I'm just not getting in Perl)
Message-Id: <9dohtm$i2p$1@news.panix.com>
In article <slrn9eqdfo.h4q.abigail@tsathoggua.rlyeh.net>,
Abigail <abigail@foad.org> wrote:
>...
>No. My newsreader is totally unaware of Perl. But, as any good newsreader
>does, you can configure what editor it should use. But the newsreader
>doesn't really care whether it's calling an editor, or some other program.
>So, mine calls a Perl program that massages the template it gets from
>the newsreader, calls the editor and then massages the results before
>handing it back to the newsreader.
>
>It's Perl playing the role of glue.
(a) Maybe you could show us an example?
(b) And, what is this "template" it would get from
the newsreader? (I myself use trn)
Thanks,
David
------------------------------
Date: Mon, 14 May 2001 12:29:35 GMT
From: "Dodger" <dodger@necrosoft.net>
Subject: Re: create html-gif on the fly
Message-Id: <PcQL6.2261$F46.552128@news1.rdc2.pa.home.com>
"Marc Lambrichs" <marcl@xs4all.nl> wrote in message
news:9do031$rjr$1@news1.xs4all.nl...
> I want to create a gif from an html-file on-the-fly. Is it possible?
Yes.
Get Image::Magick from CPAN and read up on the docs. It will require a lot
of libraries to be working and some <sarcasm>*fun*</sarcasm> compilations
(you have to have GhostScript, some font engine, and so on). But if
everything is set up correctly, it is possible to interpret HTML pages and
output images of them.
It's slow, too, BTW.
But, yes.
--
Dodger
www.dodger.org
www.necrosoft.net
www.gothic-classifieds.com
------------------------------
Date: Mon, 14 May 2001 14:41:20 +0200
From: "Condor" <juju_y_jaja@deaqui.com>
Subject: environment
Message-Id: <9doj1f$dq8$1@talia.mad.ttd.net>
hi
(sorry, i don't speak english very well :))
I am mounting a virtual shop in perl and me a doubt arises.
We imagine that I have a cgi that is "view_cart" (it shows the cart of a
client) and other one is "porceed_to_order" (it manages the processing of
the order(request))
And it happens to pass to me the IdClient of form coded to another cgi but,
is there someone another form? Some variable of environment with which it
could flirt(mapping) go to this variable and not have to pass(spend) it of a
cgi to other one.
Thank you.
A greeting.
Y se me ocurre pasar el IdCliente de forma cifrada a la otra cgi pero hay
alguna otra forma ? Alguna variable de entorno con la que pudiese ligar el
id a esta variable y no tener que pasarla de una cgi a otra.
------------------------------
Date: Fri, 11 May 2001 11:34:12 GMT
From: tajthy@mail.euroweb.hu (TAJTHY Tamás)
Subject: Re: Existing Script To Add Time
Message-Id: <3afbcd15.11513725@news.euroweb.hu>
Dear Grasshopper,
On Fri, 11 May 2001 04:21:27 GMT, "grasshopper"
<grasshopper99[no-spam]@hotmail.com> wrote:
>Wondering if anyone has a script (bourne or perl) available which can
>calculate the elapsed time between two given times such as: 08:00 16:30
>which would be an elapsed time of 08:30.
I think You don't need a script. It seems very easy. In the POSIX
module there is mktime function. With it You can get the seconds
ellapsed since 1970-01-01 00:00. Do it on both times You have to
substract them and the result is the ellapsed time in seconds.
I hope this help a bit.
Good byte!
------------------------------
Date: Mon, 14 May 2001 12:06:19 GMT
From: andre.bonhote@linux.ch (Andre Bonhote)
Subject: getting creation time/date of a file
Message-Id: <slrn9fvihd.edq.andre.bonhote@grischun02.noc.ch.colt.net>
hi ye perl gods!
i'd like to get the creation time and date of a file or directory. right
now, i am using the 9th field of stat (mtime), but this - following it's
nature - causes problems if i change the file in between. the only hint
i found searching perl.com was again the stat-command [1], but only for
NOT using field 10 of the stat-list, for ctime is inode-change-time and
not creation time.
can anybody help me out here?
thank you in advance!
andré
[1] http://www.perl.com/pub/doc/manual/html/pod/perlfunc/stat.html
--
Your reckoning awaits!
------------------------------
Date: Mon, 14 May 2001 11:01:00 GMT
From: Bart Lateur <bart.lateur@skynet.be>
Subject: Re: Newbie:Exporter problems
Message-Id: <nnevftspta8skp061kl1d3muqvgn9hjomt@4ax.com>
harry macdonald wrote:
>my $title = WC;
>require Exporter;
>@ISA=('Exporter');
>@EXPORT_OK=qw($title);
How on earth would you ever expect to export a file lexical variable?
You want a global, there. Loose the "my". Spice to taste.
--
Bart.
------------------------------
Date: Mon, 14 May 2001 19:41:53 +0930
From: Chris <rebelvideo@hotmail.com>
Subject: Please help with signals
Message-Id: <3AFFAF69.EB1DCB4B@hotmail.com>
Hi all
I am having a little trouble working out how to send a signal from one
perl process to another.
What I am trying to do is simply send a signal to a long running script
to terminate
e.g
$SIG{QUIT} = sub {$terminate = 1};
while (!$terminate )
{
&Process;
sleep(60); # wake every 1 minute to run again
}
So how do I actually send the QUIT signal ?
I have tried using "kill 3 $pid"
using the original processes pid but it doesn't work
is there another more appropriate way of sending a signal
Perldocs talk a lot about catching signals but not much about sending
them
Thanks in advance
--
Regards
Chris
rebelvideo@hotmail.com
------------------------------
Date: 14 May 2001 14:23:57 +0200
From: Ronald Fischer <ronald.fischer@deadspam.com>
Subject: Re: Please help with signals
Message-Id: <7qfn18gi0f6.fsf@demchh2msx.icn.siemens.de>
Chris <rebelvideo@hotmail.com> writes:
> So how do I actually send the QUIT signal ?
From Perl:
kill 'QUIT',$pid;
From the commandline (assuming you are running Unix):
kill -QUIT $pid
Ronald
--
Do NOT reply to the address given in the From: header. If you want to
reply by mail, use the following address (after deleting the XXX):
Ronald Otto Valentin Fischer <rovfXXX@thekeyboard.com>
(Tired of getting spam after posting a message? http://www.deadspam.com)
------------------------------
Date: 14 May 2001 12:26:46 GMT
From: dave@sydney.daveb.net (Dave Bailey)
Subject: Re: Please help with signals
Message-Id: <slrn9fv9gc.n5n.dave@sydney.daveb.net>
On Mon, 14 May 2001 19:41:53 +0930, Chris <rebelvideo@hotmail.com> wrote:
>Hi all
>
>I am having a little trouble working out how to send a signal from one
>perl process to another.
>
>What I am trying to do is simply send a signal to a long running script
>to terminate
>
>e.g
>
> $SIG{QUIT} = sub {$terminate = 1};
>
> while (!$terminate )
> {
> &Process;
> sleep(60); # wake every 1 minute to run again
> }
>
>
>So how do I actually send the QUIT signal ?
>
>I have tried using "kill 3 $pid"
>
>using the original processes pid but it doesn't work
Is $pid correct? Is the signalling process permitted to send a QUIT
signal to the signalled process? If so, then kill ought to work just
fine, viz:
#!/usr/bin/perl -w
use strict;
use vars qw($sig);
$SIG{QUIT} = sub {$sig=1};
my $pid = fork; # parent gets child's $pid.
my $who = ($pid)?'parent':'child'; # who am i?
my $end = ($pid)?'exited':'killed'; # parent exits, child is killed.
my %nap = (parent=>2,child=>1); # parent sleeps longer than child.
print "$who [$$] started.\n"; # process announces its arrival.
do {
sleep($nap{$who}); # sleep between iterations.
kill 'QUIT',$pid if $pid; # if parent, kill child.
print "$who [$$] running.\n"; # process still alive.
} until ($sig or $pid); # child goes until killed, parent goes once.
sleep($nap{$who}) if $pid; # parent sleeps again here.
print "$who [$$] $end.\n"; # process ended somehow.
__END__
--
Dave Bailey
davidb54@yahoo.com
------------------------------
Date: Mon, 14 May 2001 10:51:43 GMT
From: adelton@fi.muni.cz (Honza Pazdziora)
Subject: Re: Reading DBF files remotely
Message-Id: <slrn9fve6u.377f.adelton@nemesis.fi.muni.cz>
On Sat, 12 May 2001 20:39:18 GMT, Perlzagame <www@nospam.com> wrote:
> I have a need to read the contents of a .DBF file across
> the internet for real-time data..... is this possible with perl?
Yes. Either NFS export (or otherwise make available) the remote disk
for the local machine and read the dbf from that disk.
Or, on the remote system, run dbiproxy and on the local machine use
DBD::Proxy.
> Both systems are webservers
There is no such thing.
--
------------------------------------------------------------------------
Honza Pazdziora | adelton@fi.muni.cz | http://www.fi.muni.cz/~adelton/
.project: Perl, mod_perl, DBI, Oracle, auth. WWW servers, XML/XSL, ...
Petition for a Software Patent Free Europe http://petition.eurolinux.org
------------------------------------------------------------------------
------------------------------
Date: Mon, 14 May 2001 12:17:38 GMT
From: newsreader@mediaone.net (reader of news)
Subject: Re: Segmentation fault (core dumped)
Message-Id: <slrn9fvj87.171.newsreader@dragon.universe>
I was doing something like
$sql=$dbh->prepare('select a from b');
$sql->execute
or die $dbh->errstr;
But there is no such column named a.
Any way it could be a problem with DBD::Pg 0.98
not working properly. I've read
numerous posts on postgres mailing
list about the error handling part of
this most recent version which was released
after 7.1 was released.
On Mon, 14 May 2001 11:15:45 +0100, Malte Ubl <ubl@schaffhausen.de> wrote:
>reader of news schrieb:
>>
>> I've figured it out.
>>
>> wrong sql statment is the culprit.
>> die $dbh->errstr did not work.
>
>I'd be interested in a more thorough description of your problem.
>I once had such a problem with DBI and I never found a solution -
>had no choice but going back to a backup without the core dump.
>
>Thanx,
>->malte
------------------------------
Date: Mon, 14 May 2001 12:01:55 GMT
From: "Dodger" <dodger@necrosoft.net>
Subject: Re: Taint
Message-Id: <TOPL6.2249$F46.541337@news1.rdc2.pa.home.com>
"Uri Guttman" <uri@sysarch.com> wrote in message
news:x7pudd9i61.fsf@home.sysarch.com...
> <the sound of dodger hitting killfiles all over the world>
Perfect. And for everyone who responded likewise, I'll do the same for you
all.
It's best we don't communicate, or even know one another exist,
--
Dodger
www.dodger.org
www.necrosoft.net
www.gothic-classifieds.com
------------------------------
Date: 14 May 2001 12:13:57 GMT
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Re: Taint
Message-Id: <9doi65$qhg$2@mamenchi.zrz.TU-Berlin.DE>
According to Dodger <dodger@necrosoft.net>:
> "Uri Guttman" <uri@sysarch.com> wrote in message
> news:x7pudd9i61.fsf@home.sysarch.com...
>
> > <the sound of dodger hitting killfiles all over the world>
>
> Perfect. And for everyone who responded likewise, I'll do the same for you
> all.
>
> It's best we don't communicate, or even know one another exist,
Too late.
Anno
------------------------------
Date: Mon, 14 May 2001 12:16:04 GMT
From: "Dodger" <dodger@necrosoft.net>
Subject: Re: Taint
Message-Id: <80QL6.2257$F46.546455@news1.rdc2.pa.home.com>
"brian d foy" <comdog@panix.com> wrote in message
news:comdog-43D99A.15333313052001@news.panix.com...
> In article <QzAL6.135$F46.31439@news1.rdc2.pa.home.com>, "Dodger"
> <dodger@necrosoft.net> wrote:
> > Yes, it does. It's not necessarily secure, but it won't raise taint
errors.
>
> oh really?
>
> brian[1]$ cat taint
> #!/usr/bin/perl -Tw
>
> $ENV{PATH} =~ s/^(.*)$/$1/;
>
> system 'echo $PATH';
>
> __END__
>
> brian[2]$ ./taint
> Insecure $ENV{PATH} while running with -T switch at ./taint line 5.
Just because the path contains an inherently insecure item, doesn't make the
code any less viable. The string found in $ENV{PATH} is not tainted. What
that equates to, however (for instance, containing something interpolated by
the shell, like '.' or '~') may still keep PATH from being secure.
However, if you copy $ENV{PATH} to a variable $oldpath after cleaning it,
then delete $ENV{PATH} to avoid specific PATH problems, then call system
"/bin/echo '$oldpath'" it will print what is (no longer) the script's PATH
environment variable.
Now, as far as 'being at odds with' documented behaviour goes, here goes:
perldoc perlsec ...
"...But testing for taintedness gets you only so far. Sometimes you have
just to clear your data's taintedness. The only way to bypass the tainting
mechanism is by referencing subpatterns from a regular expression match.
Perl presumes that if you reference a substring using $1, $2, etc., that you
knew what you were doing when you wrote the pattern..."
It goes on to point out that blindly untainting data is a good idea, and I
did not conflict with that -- my example was specifically to untaint data
when you didn't need Taint mode anymore.
Now, which part of that paragraph doesn't anyone understand?
> > Do not ever flame me again.
>
> considered yourself flamed again. if you post untested code and
> insist on being at odds with documented behaviour, you will get
> flamed.
Oh, but here's what's really good -- do you see me saying anywhere IN THIS
THREAD that the code I posted was untested? Guess why there's no such
disclaimer...
Because it's not untested.
BZZT. Thank you for playing.
--
Dodger
www.dodger.org
www.necrosoft.net
www.gothic-classifieds.com
------------------------------
Date: Mon, 14 May 2001 12:15:30 GMT
From: Uri Guttman <uri@sysarch.com>
Subject: Re: Taint
Message-Id: <x7heyo9ldq.fsf@home.sysarch.com>
>>>>> "D" == Dodger <dodger@necrosoft.net> writes:
D> "Uri Guttman" <uri@sysarch.com> wrote in message
D> news:x7pudd9i61.fsf@home.sysarch.com...
>> <the sound of dodger hitting killfiles all over the world>
D> Perfect. And for everyone who responded likewise, I'll do the same for you
D> all.
D> It's best we don't communicate, or even know one another exist,
hmm, this will be interesting. one idiot taking on a a whole
group. prehaps you had better hook up with moronzilla. she loves people
like you.
uri
--
Uri Guttman --------- uri@sysarch.com ---------- http://www.sysarch.com
SYStems ARCHitecture and Stem Development ------ http://www.stemsystems.com
Learn Advanced Object Oriented Perl from Damian Conway - Boston, July 10-11
Class and Registration info: http://www.sysarch.com/perl/OOP_class.html
------------------------------
Date: Mon, 14 May 2001 12:23:23 GMT
From: "Dodger" <dodger@necrosoft.net>
Subject: Re: Taint
Message-Id: <%6QL6.2258$F46.549151@news1.rdc2.pa.home.com>
"Uri Guttman" <uri@sysarch.com> wrote in message
news:x7pudd9i61.fsf@home.sysarch.com...
> then what is the point of enabling taint to begin with? you logic is
> backwards. if you don't care about security, then don't taint. if you
> taint, you just don't do unsecure untaint hacks.
When you have no choice, such as whilst in a setuid script.
--
Dodger
www.dodger.org
www.necrosoft.net
www.gothic-classifieds.com
------------------------------
Date: Mon, 14 May 2001 12:24:11 GMT
From: "Dodger" <dodger@necrosoft.net>
Subject: Re: Taint
Message-Id: <L7QL6.2259$F46.549701@news1.rdc2.pa.home.com>
"Anno Siegel" <anno4000@lublin.zrz.tu-berlin.de> wrote in message
news:9dmqn5$iqo$2@mamenchi.zrz.TU-Berlin.DE...
> Why not?
Umm, because this is the last message I'll see from you?
--
Dodger
www.dodger.org
www.necrosoft.net
www.gothic-classifieds.com
------------------------------
Date: 14 May 2001 12:35:28 GMT
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Re: Taint
Message-Id: <9dojeg$qhg$3@mamenchi.zrz.TU-Berlin.DE>
According to Dodger <dodger@necrosoft.net>:
> "Anno Siegel" <anno4000@lublin.zrz.tu-berlin.de> wrote in message
> news:9dmqn5$iqo$2@mamenchi.zrz.TU-Berlin.DE...
>
> > Why not?
>
> Umm, because this is the last message I'll see from you?
I'll see yours, however, if you continue posting.
Anno
------------------------------
Date: 14 May 2001 12:58:51 GMT
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Re: Taint
Message-Id: <9dokqb$1tk$1@mamenchi.zrz.TU-Berlin.DE>
According to Dodger <dodger@necrosoft.net>:
> "brian d foy" <comdog@panix.com> wrote in message
> news:comdog-43D99A.15333313052001@news.panix.com...
> > In article <QzAL6.135$F46.31439@news1.rdc2.pa.home.com>, "Dodger"
> > <dodger@necrosoft.net> wrote:
> > > Yes, it does. It's not necessarily secure, but it won't raise taint
> errors.
> >
> > oh really?
> >
> > brian[1]$ cat taint
> > #!/usr/bin/perl -Tw
> >
> > $ENV{PATH} =~ s/^(.*)$/$1/;
> >
> > system 'echo $PATH';
> >
> > __END__
> >
> > brian[2]$ ./taint
> > Insecure $ENV{PATH} while running with -T switch at ./taint line 5.
>
> Just because the path contains an inherently insecure item, doesn't make the
> code any less viable. The string found in $ENV{PATH} is not tainted. What
> that equates to, however (for instance, containing something interpolated by
> the shell, like '.' or '~') may still keep PATH from being secure.
You are babbling. Your original claim
was:
$ENV{some_env_var} =~ s/^(.*)$/$1/; # now it's clean.
$ENV{PATH} is a red herring, lets get it out of the way. Now watch
this:
setenv X 1234;
perl -Te 'delete $ENV{PATH}; \
system "echo $ENV{X}"'
As expected, this prints
Insecure dependency in system while running with -T switch... .
Let's untaint $ENV{X} following documented procedure:
perl -Te 'delete $ENV{PATH}; $ENV{X} =~ /^(.*)$/; \
system "echo $1"'
Prints:
1234
again as expected.
Now let's try you untainting procedure:
perl -Te 'delete $ENV{PATH}; $ENV{some_env_var} =~ s/^(.*)$/$1/; \
system "echo $ENV{X}"'
We get:
Insecure dependency in system while running with -T switch... .
to probably no-ones surprise but yours. Your reluctance to test your
code is self-damaging.
Substituting an untainted string in a tainted one doesn't remove
the taint, even if the substitution happens to replace the whole
string. Get it?
[more babbling snipped]
Anno
------------------------------
Date: 14 May 2001 12:40:03 GMT
From: Ilmari Karonen <iltzu@sci.invalid>
Subject: Re: What is wrong with my Regular Expression?
Message-Id: <989843708.6475@itz.pp.sci.fi>
In article <jsIL6.4$181.562@vic.nntp.telstra.net>, Wyzelli wrote:
>"Logan Shaw" <logan@cs.utexas.edu> wrote in message
>news:9dnjlo$jvu$1@ahab.cs.utexas.edu...
>>
>> /^[1-2][0-9]|3[01]$/
>>
>> Note the anchors for beginning and end of string; if you don't have
>> these, the regular expression will match things like "10031" as well.
>
>You need to bracket the | there or you still match things like 131.
..as well as "foo31" and "29bar".
>/^([12][0-9]|3[01])$/
Right, that's better. (It will still match "17\n" -- that may or may
not be acceptable.)
--
Ilmari Karonen - http://www.sci.fi/~iltzu/
Please ignore Godzilla / Kira -- do not feed the troll.
------------------------------
Date: Mon, 14 May 2001 12:50:02 GMT
From: "Dodger" <dodger@necrosoft.net>
Subject: Re: What is wrong with my Regular Expression?
Message-Id: <_vQL6.2267$F46.559746@news1.rdc2.pa.home.com>
"Mike Grimes" <megrimes@flash.net> wrote in message
news:XeIL6.703$Hh5.209090649@newssvr16.news.prodigy.com...
> Why won't this work?
>
>
> P.S. I just realized that what I have above does not fit my own
> requirements. Maybe I should have something like:
>
> if ($day =~ /[1-2][0-9]|3[0-1]/) { do something }
This would match '231' which is almost certainly not what you want. It would
also fail to match '02' or just '2'.
While you should really check to see if the value is within a numerical
range, if you really want to use regexes on it for some reason, try
something more like this:
/^([0-2]*[0-9]+)|(3[01])$/ # string IS the number ONLY
or this
/\b([0-2]*[0-9]+)|(3[01])((st)|(nd)|(rd)|(th))*\b/i # if this is in English
--
Dodger
www.dodger.org
www.necrosoft.net
www.gothic-classifieds.com
------------------------------
Date: 14 May 2001 12:58:56 GMT
From: mjtg@cus.cam.ac.uk (M.J.T. Guy)
Subject: Re: What is wrong with my Regular Expression?
Message-Id: <9dokqg$c5a$1@pegasus.csx.cam.ac.uk>
Anno Siegel <anno4000@lublin.zrz.tu-berlin.de> wrote:
>
>...or without parentheses: /^[12]\d|3[01]$/.
Nope. As already pointed in this thread, you need to have *both* anchors
applying to *both* alternatives. Otherwise you'll match things like
"12junk" and "junk31".
Mike Guy
------------------------------
Date: 14 May 2001 13:01:41 GMT
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Re: What is wrong with my Regular Expression?
Message-Id: <9dokvl$1tk$3@mamenchi.zrz.TU-Berlin.DE>
According to M.J.T. Guy <mjtg@cus.cam.ac.uk>:
> Anno Siegel <anno4000@lublin.zrz.tu-berlin.de> wrote:
> >
> >...or without parentheses: /^[12]\d|3[01]$/.
>
> Nope. As already pointed in this thread, you need to have *both* anchors
> applying to *both* alternatives. Otherwise you'll match things like
> "12junk" and "junk31".
Uh, oh. Just canceled the post, but too late...
Anno
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 894
**************************************
