[19775] in Perl-Users-Digest
Perl-Users Digest, Issue: 1970 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Sat Oct 20 18:15:32 2001
Date: Sat, 20 Oct 2001 15:15:16 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <1003616115-v10-i1970@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Sat, 20 Oct 2001 Volume: 10 Number: 1970
Today's topics:
String substitution problem <matt@matthewlaw.comNOSPAM>
Re: String substitution problem <davidhilseenews@yahoo.com>
Re: String substitution problem <ilya@martynov.org>
Typhoon-Web-DataBase-Administrator-1.3.0 with PostgreSQ <radejong@planet.nl>
Re: what happened to <pne-news-20011020@newton.digitalspace.net>
Writing to existing file <Neal.Coombes@telus.net>
Re: Writing to existing file <tony_curtis32@yahoo.com>
Re: Writing to existing file <Neal.Coombes@telus.net>
Re: Writing to existing file (Tad McClellan)
Re: Writing to existing file <please@no.spam>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Sat, 20 Oct 2001 21:03:27 +0000
From: Matt L <matt@matthewlaw.comNOSPAM>
Subject: String substitution problem
Message-Id: <9qsl2r$j5o$1@uranium.btinternet.com>
Hi,
I'm having a problem getting this sub routine to work right. It might be
that I don't really know what I'm doing!
If anyone could help I'd be most grateful.
Many thanks,
Matt.
The error I receive is:
/*H/: ?+*{} folows nothing in regexp at line ....
The problem routine follows. It is meant to replace all occurences of
'*H', '*h', '/*H', and '/*h' with the approriate starting and ending html
style tags within the document:-
sub insert_html {
# take a string and replace the coded chars with the right html markup
my $strtemp = $_[0];
$strtemp =~ s/*H/<span class="Heading">/g;
$strtemp =~ s/*h/<span class="SM_Heading">/g;
$strtemp =~ s|*/H|</span>|g;
$strtemp =~ s|*/h|</span>|g;
return $strtemp;
}
------------------------------
Date: Sat, 20 Oct 2001 20:20:44 GMT
From: "David Hilsee" <davidhilseenews@yahoo.com>
Subject: Re: String substitution problem
Message-Id: <w0lA7.202173$Xz1.35884881@news1.rdc1.md.home.com>
"Matt L" <matt@matthewlaw.comNOSPAM> wrote in message
news:9qsl2r$j5o$1@uranium.btinternet.com...
> Hi,
>
> I'm having a problem getting this sub routine to work right. It might be
> that I don't really know what I'm doing!
> If anyone could help I'd be most grateful.
>
> Many thanks,
>
> Matt.
>
> The error I receive is:
>
> /*H/: ?+*{} folows nothing in regexp at line ....
>
> The problem routine follows. It is meant to replace all occurences of
> '*H', '*h', '/*H', and '/*h' with the approriate starting and ending html
> style tags within the document:-
>
> sub insert_html {
> # take a string and replace the coded chars with the right html
markup
> my $strtemp = $_[0];
> $strtemp =~ s/*H/<span class="Heading">/g;
> $strtemp =~ s/*h/<span class="SM_Heading">/g;
> $strtemp =~ s|*/H|</span>|g;
> $strtemp =~ s|*/h|</span>|g;
> return $strtemp;
> }
Perhaps you're a little confused by the error message. My interpreter uses
the term "quantifier", which I find more informative. Regexes use "*" as a
special symbol (meaning 0 or more of what precedes it), so you'll have to
escape it (\*).
--
David Hilsee
------------------------------
Date: 21 Oct 2001 00:24:51 +0400
From: Ilya Martynov <ilya@martynov.org>
Subject: Re: String substitution problem
Message-Id: <87pu7iqcto.fsf@abra.ru>
>>>>> On Sat, 20 Oct 2001 21:03:27 +0000, Matt L <matt@matthewlaw.comNOSPAM> said:
ML> Hi,
ML> I'm having a problem getting this sub routine to work right. It might be
ML> that I don't really know what I'm doing!
ML> If anyone could help I'd be most grateful.
ML> Many thanks,
ML> Matt.
ML> The error I receive is:
ML> /*H/: ?+*{} folows nothing in regexp at line ....
'*' have special meaning in regexp. It is a quantifier. See 'perldoc
perlre' section 'Regular Expressions'. If you want to match character
'*' you should escape it with '\'.
BTW 'perldoc perldiag' provides some help if you do not understand
'cryptic' error message. Please check it in future before asking in
news group.
ML> The problem routine follows. It is meant to replace all occurences of
ML> '*H', '*h', '/*H', and '/*h' with the approriate starting and ending html
ML> style tags within the document:-
ML> sub insert_html {
ML> # take a string and replace the coded chars with the right html markup
ML> my $strtemp = $_[0];
ML> $strtemp =~ s/*H/<span class="Heading">/g;
ML> $strtemp =~ s/*h/<span class="SM_Heading">/g;
$strtemp =~ s/\*H/<span class="Heading">/g;
$strtemp =~ s/\*h/<span class="SM_Heading">/g;
ML> $strtemp =~ s|*/H|</span>|g;
ML> $strtemp =~ s|*/h|</span>|g;
$strtemp =~ s|\*/h|</span>|gi;
ML> return $strtemp;
ML> }
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
| Ilya Martynov (http://martynov.org/) TIV.net (http://tiv.net/) |
| GnuPG 1024D/323BDEE6 D7F7 561E 4C1D 8A15 8E80 E4AE BE1A 53EB 323B DEE6 |
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
------------------------------
Date: Sat, 20 Oct 2001 20:27:34 +0200
From: "Ron de Jong" <radejong@planet.nl>
Subject: Typhoon-Web-DataBase-Administrator-1.3.0 with PostgreSQL support released!!!
Message-Id: <9qsfnk$a3e$1@reader07.wxs.nl>
I'm proud to announce you that the latest release of TWDBA now includes
PGSQL as well.
Download it from:
http://home.planet.nl/~radejong/
Further I would like to thank all those users for testing TWDBA and positive
feedback.
Listening to users is the only way to come to a good product...
Regards,
Ron de Jong
the Netherlands
(Windmill & Cloggyland)
(in reality drugs & redlight district ;-)
------------------------------
Date: Sat, 20 Oct 2001 20:42:56 +0200
From: Philip Newton <pne-news-20011020@newton.digitalspace.net>
Subject: Re: what happened to
Message-Id: <rsb2ttgrc3p6qff9eatjcorrhaek67qnpf@4ax.com>
On Fri, 19 Oct 2001 19:10:38 GMT, Uri Guttman <uri@sysarch.com> wrote:
> >>>>> "p" == peter <peter_icaza@REMOVE2REPLYuhc.com> writes:
>
> p> Abigail,(sp), tom and randal et al? i was away for a while and now i
> p> dont see them respond to posts any more.
>
> tom hasn't been here for years.
From what I heard, he hasn't been involved with computers in general for
quite a while -- apparently he got one of those "life" things I hear so
much about.
Cheers,
Philip
--
Philip Newton <nospam.newton@gmx.li>
That really is my address; no need to remove anything to reply.
If you're not part of the solution, you're part of the precipitate.
------------------------------
Date: Sat, 20 Oct 2001 16:45:56 GMT
From: "Neal E. Coombes" <Neal.Coombes@telus.net>
Subject: Writing to existing file
Message-Id: <3BD1AB39.D9E991F0@telus.net>
I'm a Brand Newbie so feel free to laugh appropriately at my feeble
attempts. I just finished reading the first chapter of "Programming
Perl", got impatient and started writing code. I also read a few
entried on the functions in chapter 3 while I wrote this code. I know
the answers to my question could possibly be in the other 8 chapters of
the book, but I'm looking for instant gratification.
I'm attempting to write a CGI to take input from an HTML <FORM>, part of
which is the address to the refering html file, and then have it modify
that html file appropriately.
Most of it seems to work, the problem I'm having specifically seems to
be either with my open() or my print CALLER. I can't seem to modify the
file the way I want to, some very weird things happen. What weird
things happen you ask? Well for one it copied my script file to the
file I was modifying... Anyway, any help would be appreciated.
Thanks,
Neal
#!/usr/bin/perl
print "Content-type:text/html\n\n";
print '<HTML><HEAD><TITLE>Signature Processed</TITLE></HEAD><BODY>';
$ch = <STDIN>;
while ($ch =~ /%(\w{2})/) { # find hex value
$replace = chr(hex($1)); # turn into a character
$ch =~ s/%\w{2}/$replace/; # replace hex value with character
}
while ($ch =~ s/\+/ /) {} # replace + with space
$ch =~ /FROM=([^&]+)/; # find the URL for refering page
$from = $1; # store it in $from
$ch =~ /NAME=([^&]+)/; # find signature
$name = $1; # store it in $name
open(CALLER, "+<$from"); # open refering page for read/write
$i = 0;
while ($in = <CALLER>) { # while not end of file
print $in;
if ($in =~ /<!-- Signatures Above -->/) { # find signature comment
print CALLER "$name<BR>\n"; # write signature to refering page
print "$name<BR>\n";
last;
}
}
close(CALLER);
print '</BODY></HTML>';
------------------------------
Date: Sat, 20 Oct 2001 12:00:59 -0500
From: Tony Curtis <tony_curtis32@yahoo.com>
Subject: Re: Writing to existing file
Message-Id: <871yjyjlf8.fsf@limey.hpcc.uh.edu>
>> On Sat, 20 Oct 2001 16:45:56 GMT,
>> "Neal E. Coombes" <Neal.Coombes@telus.net> said:
> I'm a Brand Newbie so feel free to laugh appropriately
> at my feeble attempts.
> $ch = <STDIN>;
> while ($ch =~ /%(\w{2})/) {
> ... etc
Oh dear, oh dear. Go to the following URL and see the
easy (and safer) way of doing all of this:
http://stein.cshl.org/WWW/software/CGI/
As you might imagine, this is such a common activity that
there's a module for it.
> open(CALLER, "+<$from"); # open refering page for read/write
Did the open succeed?
hth
t
--
Oh! I've said too much. Smithers, use the amnesia ray.
------------------------------
Date: Sat, 20 Oct 2001 17:32:43 GMT
From: "Neal E. Coombes" <Neal.Coombes@telus.net>
Subject: Re: Writing to existing file
Message-Id: <3BD1B58A.E288417A@telus.net>
Tony Curtis wrote:
>
> >> On Sat, 20 Oct 2001 16:45:56 GMT,
> >> "Neal E. Coombes" <Neal.Coombes@telus.net> said:
>
> > I'm a Brand Newbie so feel free to laugh appropriately
> > at my feeble attempts.
>
> > $ch = <STDIN>;
>
> > while ($ch =~ /%(\w{2})/) {
> > ... etc
>
> Oh dear, oh dear. Go to the following URL and see the
> easy (and safer) way of doing all of this:
>
> http://stein.cshl.org/WWW/software/CGI/
I'll check that out thank you.
>
> As you might imagine, this is such a common activity that
> there's a module for it.
>
> > open(CALLER, "+<$from"); # open refering page for read/write
>
> Did the open succeed?
The open did succeed, I did have an or die, which I probably should have
kept in there.
>
> hth
> t
> --
> Oh! I've said too much. Smithers, use the amnesia ray.
------------------------------
Date: Sat, 20 Oct 2001 19:49:14 GMT
From: tadmc@augustmail.com (Tad McClellan)
Subject: Re: Writing to existing file
Message-Id: <slrn9t3ibl.28n.tadmc@tadmc26.august.net>
Neal E. Coombes <Neal.Coombes@telus.net> wrote:
>I'm a Brand Newbie so feel free to laugh appropriately at my feeble
>attempts.
Your First Level Resource should be the docs that came with perl,
not a book. The 'perldoc' program can be used to look stuff up
in the standard docs. The "-q" switch will look things up in
the Perl FAQs:
perldoc -q CGI
"Where can I learn about CGI or Web programming in Perl?"
>I just finished reading the first chapter of "Programming
>Perl", got impatient and started writing code.
"Learning Perl" (the Llama book) is a tutorial.
"Programming Perl" (the Camel book) is a reference.
A tutorial is a good thing to start with (hint :-)
>I know
>the answers to my question could possibly be in the other 8 chapters of
>the book, but I'm looking for instant gratification.
Be very careful there. You are tip-toeing near the edges of
becoming invisible for evermore...
[ ie. If you ask a question whose answer is easily found in Perl's
standard docs, you may get killfiled.
]
>I'm attempting to write a CGI
You are too late. The Common Gateway Interface has already been written.
You must have meant "a CGI program" instead.
You don't write the interface, you write a program that conforms
to the interface.
>to take input from an HTML <FORM>, part of
>which is the address to the refering html file,
"files" do not have "addresses".
Do you mean it contains a URL?
>and then have it modify
>that html file appropriately.
>
>Most of it seems to work, the problem I'm having specifically seems to
>be either with my open() or my print CALLER. I can't seem to modify the
>file the way I want to, some very weird things happen. What weird
>things happen you ask? Well for one it copied my script file to the
>file I was modifying... Anyway, any help would be appreciated.
>
>#!/usr/bin/perl
Yikes!
perldoc -q CGI
"How do I make sure users can't enter values into a form that
cause my CGI script to do bad things?"
Four (or five) rookie mistakes after only the first line of code!
#!/usr/bin/perl -T
use warnings; # ask for all the help you can get
use strict; # avoid hanging yourself
$| = 1; # enable autoflush
use CGI::Carp qw(fatalsToBrowser); # remove for production!!
That -T on the shebang line enables "taint checking". *All*
Perl programs that process form data should have taint
checking turned on. For more info:
perldoc perlsec
See also:
perldoc -q CGI
"How can I get better error messages from a CGI program?"
>print "Content-type:text/html\n\n";
^^
^^ no space there?
>print '<HTML><HEAD><TITLE>Signature Processed</TITLE></HEAD><BODY>';
>
>$ch = <STDIN>;
Your script will only work for POST. Don't you want to handle
GETs too?
[snip attempted URL decoding]
perldoc -q CGI
"How do I decode a CGI form?"
>open(CALLER, "+<$from"); # open refering page for read/write
Danger Will Robinson!
$from could have contents that make Bad Things happen.
Crackers will love you. You do not want their "love" :-)
You should always, yes *always*, check the return values from
open calls:
open(CALLER, "+<$from") or die "could not open '$file' $!";
I'll bet that checking the return value, along with fatalsToBrowser,
will reveal your problem.
{
use PSI::ESP;
I'll bet you are treating a URL as if it was a file spec.
URLs are not files. open() only works on files.
}
As for modifying the file once you figure out how to find the file:
perldoc -q change
"How do I change one line in a file/delete a line in a
file/insert a line in the middle of a file/append to the
beginning of a file?"
--
Tad McClellan SGML consulting
tadmc@augustmail.com Perl programming
Fort Worth, Texas
------------------------------
Date: Sat, 20 Oct 2001 20:56:59 GMT
From: Andrew Cady <please@no.spam>
Subject: Re: Writing to existing file
Message-Id: <87bsj2c9rm.fsf@homer.cghm>
"Neal E. Coombes" <Neal.Coombes@telus.net> writes:
> I'm a Brand Newbie so feel free to laugh appropriately at my feeble
> attempts. I just finished reading the first chapter of "Programming
> Perl", got impatient and started writing code. I also read a few
> entried on the functions in chapter 3 while I wrote this code. I
> know the answers to my question could possibly be in the other 8
> chapters of the book, but I'm looking for instant gratification.
>
> I'm attempting to write a CGI to take input from an HTML <FORM>,
> part of which is the address to the refering html file, and then
> have it modify that html file appropriately.
You should really use CGI.pm for this. Besides being easier, using
modules tends to produce more robust programs. However, I'll comment
on some of the general perl issues in your code anyway.
> Most of it seems to work, the problem I'm having specifically seems
> to be either with my open() or my print CALLER. I can't seem to
> modify the file the way I want to, some very weird things happen.
> What weird things happen you ask? Well for one it copied my script
> file to the file I was modifying... Anyway, any help would be
> appreciated.
> #!/usr/bin/perl
please:
use warnings;
use strict;
These will find a lot of bugs for you. For CGI you should also use
#!/usr/bin/perl -T
to enable taint mode, which will help find security-related bugs.
> print "Content-type:text/html\n\n";
Standard practice for CGI scripts is to enable autoflush, so that the
header gets sent at once.
$|++; # put this *before* the Content-type header
> print '<HTML><HEAD><TITLE>Signature Processed</TITLE></HEAD><BODY>';
>
> $ch = <STDIN>;
You're only reading the first line here, did you want more than one
line? Reading <FILEHANDLE> in scalar context only reads one line. my
@somearray = <STDIN> will read the entire stream in an array context,
returning an array of one line per element. my $ch = join('',
<STDIN>) will read the entire stream to an array and then join each
line to form a scalar, which is probably what you were going for. For
CGI, though, you can use read(STDIN, my $ch, $ENV{CONTENT_LENGTH}).
But you should have CGI.pm handle this automatically.
Btw what's the name "ch" supposed to indicate? Maybe I'm missing
something, but it doesn't seem like a very descriptive name, and it's
a global used all throughout the script. The greater an identifier's
scope the more descriptive it should be.
> while ($ch =~ /%(\w{2})/) { # find hex value
> $replace = chr(hex($1)); # turn into a character
> $ch =~ s/%\w{2}/$replace/; # replace hex value with character
> }
This is not a good way to do this. You find the pattern once, define
a replacement, then do *another search* to find the same pattern again
and replace it. It works, but it's asking for trouble. If the two
search strings get out of sync, say because 2 months from now you have
no idea what you were trying to do and change one of them, you'll have
some really weird behavior. The four above lines should instead be:
$ch =~ s/%(\w\w)/chr(hex($1))/eg; # man perlre to learn about /e modifier
> while ($ch =~ s/\+/ /) {} # replace + with space
To repeat a regex replace over an entire string, use the /g modifier,
like so:
$ch =~ s/\+/ /g;
However, for merely translating characters, it's better to use tr:
$ch =~ tr/+/ /; # man perlop to learn about the tr operator
> $ch =~ /FROM=([^&]+)/; # find the URL for refering page
> $from = $1; # store it in $from
>
> $ch =~ /NAME=([^&]+)/; # find signature
> $name = $1; # store it in $name
What happens if the user enters & in one of those fields (you've
already replaced %?? codes)? What if NAME= is entered into another
one of the fields? These are only two of many such considerations. I
could tell better ways to do this, but I don't know enough about the
standards involved to tell you how to do it *correctly* (see
http://w3.org for that) -- anyway you're almost certainly best off
having CGI.pm do it for you. You will still have to handle the case
(unhandled above) that one or both of the fields are blank.
> open(CALLER, "+<$from"); # open refering page for read/write
The most serious error in this script is that you're taking an
unverified filename out of a CGI form and blindly writing to it. This
is about as egregious a security breech as is possible. Anyone with
access to your CGI can overwrite any file your CGI executing user has
permissions to write. If you want the user to be able to choose
multiple files, have each file assigned a code, e.g.:
my %file = ( password => "/etc/passwd",
commands_to_run => "/home/neal/.bashrc",
financial_records => "/home/neal/IMPORTANT/finance/records.tgz",
phd_thesis => "/home/neal/IMPORTANT/EXTREMELY/thesis.tex" );
open(CALLER, "+< ${file{$from}}") or die "Couldn't open: $!";
This has the added advantage that, if you want the user to be able to
overwrite your thesis quickly, you can give it a short, easy to
remember code instead of a long pathname.
Also, open()'s return must be checked. BTW, what if two people run
this script (and open and write to the same file) at the same time?
> $i = 0;
What's $i for?
> while ($in = <CALLER>) { # while not end of file
> print $in;
> if ($in =~ /<!-- Signatures Above -->/) { # find signature comment
> print CALLER "$name<BR>\n"; # write signature to refering page
This is not effective. The problem is that printing to a file will
not INSERT into that file, it will OVERWRITE. That makes writes to
the middle of a text file generally useless.
Instead, keep a separate file of signatures and have the page that's
supposed to display them either include it with SSI or read it from a
script. Then you can append signatures to that file (using append
will mean that multiple processes can safely write to it at once, so
long as they use only one print per line). You still might run into a
problem with a half-finished signature if the page is updated as a
signature is being added. One remedy is using a script that won't
print the last line unless it's whole.
HTH.
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 1970
***************************************
