[19857] in Perl-Users-Digest

home help back first fref pref prev next nref lref last post

Perl-Users Digest, Issue: 2052 Volume: 10

daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Fri Nov 2 00:10:36 2001

Date: Thu, 1 Nov 2001 21:10:09 -0800 (PST)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <1004677809-v10-i2052@ruby.oce.orst.edu>
Content-Type: text

Perl-Users Digest           Thu, 1 Nov 2001     Volume: 10 Number: 2052

Today's topics:
        reading flat-file db and replacing a word <hoss@chungk.com>
    Re: reading flat-file db and replacing a word (Tad McClellan)
    Re: reading flat-file db and replacing a word <spam@thecouch.homeip.net>
    Re: reading flat-file db and replacing a word (sameer)
    Re: Regexp for email address <iltzu@sci.invalid>
    Re: Regexp for email address (Glenn White)
    Re: Security- Upload scripts <spamfree@go-away.net>
    Re: Security- Upload scripts (BUCK NAKED1)
    Re: Security- Upload scripts (Tad McClellan)
    Re: Sending commands (keyboard inputs) from a Perl-scri <goldbb2@earthlink.net>
        Taint problem with BEGIN block (BUCK NAKED1)
    Re: Taint problem with BEGIN block <wyzelli@yahoo.com>
    Re: Unsigned 8 bit math (addition and subtraction) <nospam-abuse@ilyaz.org>
        Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)

----------------------------------------------------------------------

Date: Thu, 01 Nov 2001 23:46:21 GMT
From: "Devon Perez" <hoss@chungk.com>
Subject: reading flat-file db and replacing a word
Message-Id: <h9lE7.372272$ME2.41332196@typhoon.kc.rr.com>

how do i make my program read a flat-file db, replace a certain word and
then save it as another file?




------------------------------

Date: Fri, 02 Nov 2001 00:06:46 GMT
From: tadmc@augustmail.com (Tad McClellan)
Subject: Re: reading flat-file db and replacing a word
Message-Id: <slrn9u3m4f.ajm.tadmc@tadmc26.august.net>

Devon Perez <hoss@chungk.com> wrote:

>how do i make my program read a flat-file db, replace a certain word and
>then save it as another file?

Perl FAQ, part 5:

   "How do I change one line in a file/
    delete a line in a file/
    insert a line in the middle of a file/
    append to the beginning of a file?"


-- 
    Tad McClellan                          SGML consulting
    tadmc@augustmail.com                   Perl programming
    Fort Worth, Texas


------------------------------

Date: Thu, 1 Nov 2001 22:10:43 -0500
From: "Mina Naguib" <spam@thecouch.homeip.net>
Subject: Re: reading flat-file db and replacing a word
Message-Id: <mQoE7.5766$UV4.559914@wagner.videotron.net>


"Devon Perez" <hoss@chungk.com> wrote in message
news:h9lE7.372272$ME2.41332196@typhoon.kc.rr.com...
> how do i make my program read a flat-file db, replace a certain word and
> then save it as another file?

You do it with perl.

>
>




------------------------------

Date: 1 Nov 2001 21:02:24 -0800
From: s@yenga.com (sameer)
Subject: Re: reading flat-file db and replacing a word
Message-Id: <7565b042.0111012102.5f4821f6@posting.google.com>

This should work:

open(FILE1, "filename1");
$file1 = <FILE1>;
close (FILE1);

$file1 =~ s/$word1/$word2/gi;

open(FILE2, ">filename2");
print FILE2 $file1;
close(FILE2);

You can mess around with the search and replace to make it do exactly
what you want and it might help to use arrays and a foreach loop
depending on what kind of search and replace you're doing.

- s. (sameer iyengar)
(http://www.yenga.com)


"Devon Perez" <hoss@chungk.com> wrote in message news:<h9lE7.372272$ME2.41332196@typhoon.kc.rr.com>...
> how do i make my program read a flat-file db, replace a certain word and
> then save it as another file?


------------------------------

Date: 1 Nov 2001 23:21:38 GMT
From: Ilmari Karonen <iltzu@sci.invalid>
Subject: Re: Regexp for email address
Message-Id: <1004656173.18445@itz.pp.sci.fi>

In article <Xns914A3D3CCF435ccruizermydejacom@24.0.0.25>, Glenn White wrote:
>
>I tried reading and working through each of the following. Unfortunately, 
>try as I might, I could not get them to work. I could not get the first two 
>to add "@tester.com" to the identifiers. What makes it worse, they make 
>sense to me... but I just could not pick out why they fail.
 [snip]
>
>$line = join ';', grep { !/\@/ && s/$/\@tester.com/ } split /;/, $line; 

This works just fine, except that you need to make the grep block always
evaluate to a true value.  A simple change accomplishes this:

 $line = join ';', grep { /\@/ || s/$/\@tester.com/ } split /;/, $line; 

But I'd still prefer the explicit version using map():

 $line = join ';', map { /\@/ ? $_ : "$_\@tester.com" } split /;/, $line; 

-- 
Ilmari Karonen -- http://www.sci.fi/~iltzu/
"Get real!  This is a discussion group, not a helpdesk.  You post something,
we discuss its implications.  If the discussion happens to answer a question
you've asked, that's incidental."           -- nobull in comp.lang.perl.misc



------------------------------

Date: Fri, 02 Nov 2001 04:27:53 GMT
From: spam.killer@home.com_nospam (Glenn White)
Subject: Re: Regexp for email address
Message-Id: <Xns914CD02135AF0ccruizermydejacom@24.0.0.25>

Ilmari Karonen <iltzu@sci.invalid> wrote in
<1004656173.18445@itz.pp.sci.fi>: 

>>$line = join ';', grep { !/\@/ && s/$/\@tester.com/ } split /;/, $line;
>
>This works just fine, except that you need to make the grep block always
>evaluate to a true value.  A simple change accomplishes this:
>
> $line = join ';', grep { /\@/ || s/$/\@tester.com/ } split /;/, $line; 
>
>But I'd still prefer the explicit version using map():
>
> $line = join ';', map { /\@/ ? $_ : "$_\@tester.com" } split /;/,
> $line; 
>

Now that you pointed out the "and" and "or" difference, it makes perfect 
sense.

As a copout, I ended up doing the following:

@fields = split(/\;/, $line);     # Seperate email addresses
while ($fields[$i]) {
  if (not($fields[$i] =~ /\@/)) {
    $fields[$i] =~ s/$fields[$i]/$fields[$i]$default_address/;
  }
$i = $i +1;
}
$line = join(';',@fields);        # Join email addr into one line

It is somewhat non-perlish... but it was very easy for my level of skill. 


------------------------------

Date: Fri, 02 Nov 2001 02:03:06 GMT
From: "spamfree" <spamfree@go-away.net>
Subject: Re: Security- Upload scripts
Message-Id: <u9nE7.19367$4x3.1877491@news1.cableinet.net>

> >> > Any recommended resources/tuts on the many security
>
>
>    perldoc perlsec
>
>
> >> >issues using upload
> >> > scripts in perl to Unix?
> >>
> >> Make sure it starts with:
> >>
> >> #!/usr/bin/perl -wT
> >> use strict;
> >>
> >>
> >Software error:
> >Insecure dependency in open while running with -T switch
>
>
> If you put:
>
>    use diagnostics;
>
> near the top of your program and run it again...
>
>
> >What exactly does this mean and what can I do about it?
>
>
> ... then perl will tell you what it means and what you can
> do about it.
>
> Or, you can look up the message yourself:
>
>    perldoc perldiag
>
>
Much useful info
Thanks




------------------------------

Date: Thu, 1 Nov 2001 20:17:58 -0600 (CST)
From: dennis100@webtv.net (BUCK NAKED1)
Subject: Re: Security- Upload scripts
Message-Id: <13793-3BE20256-65@storefull-245.iap.bryant.webtv.net>

 Tad said:
> If you put: 
>=A0=A0=A0=A0=A0=A0use diagnostics; 
> near the top of your program and run it > again... 
> ... then perl will tell you what it means 
> and what you can do about it.

It will? In my post with the BEGIN block question, I had 'use strict'
and 'use diagnostics" in that script that failed with -T; and it didn't
tell me anything extra, so I took them out. 

Regards,
--Dennis



------------------------------

Date: Fri, 02 Nov 2001 04:41:04 GMT
From: tadmc@augustmail.com (Tad McClellan)
Subject: Re: Security- Upload scripts
Message-Id: <slrn9u4648.b1s.tadmc@tadmc26.august.net>

BUCK NAKED1 <dennis100@webtv.net> wrote:
> Tad said:
>> If you put: 
>>      use diagnostics; 
>> near the top of your program and run it > again... 
>> ... then perl will tell you what it means 
>> and what you can do about it.
>
>It will? 


It did.

It answered the question that I was following up to.

Did you read that part of perldiag.pod?


>In my post 


I don't see your posts anymore. All of your coupons have been used up.


>with the BEGIN block question, I had 'use strict'
>and 'use diagnostics" in that script that failed with -T; and it didn't
>tell me anything extra, 


Does that mean it didn't show you, or that you didn't get help from
or understand what it did show you?

If you have a warning or error, and adding "use diagnostics"
doesn't add more information, then something is broken.

"use diagnostics" just looks up the message in the perldiag.pod
standard doc for you. Most messages have really helpful blurbs,
some don't. It is best to at least look at them, they very
often point out how to fix the problem immediately.

So you you don't even need to add the pragma to your code,
you can just go look it up yourself if you like.


>so I took them out. 

Best put the "use strict" back in. It will save you from making
many common programmer's mistakes (like typos in variable names).


-- 
    Tad McClellan                          SGML consulting
    tadmc@augustmail.com                   Perl programming
    Fort Worth, Texas


------------------------------

Date: Thu, 01 Nov 2001 18:30:58 -0500
From: Benjamin Goldberg <goldbb2@earthlink.net>
Subject: Re: Sending commands (keyboard inputs) from a Perl-script to another process in linux?
Message-Id: <3BE1DB32.861573D@earthlink.net>

[message parts placed in chronological order]
Emil wrote:
> Benjamin Goldberg wrote 
> > Emil wrote:
> > > Hi!
> > > I was wondering if it's possible for a perl-script to send
> > > commands to another process in linux? Like starting the process,
> > > then remote controll it with keyboard inputs and then get the
> > > result?
> >
> > If it really and truly wants a keyboard, then you need a pty of some
> > sort... one of IPC::Run, Expect, or IO::Pty might do what you want.
> >
> > If all you need to do is send to it's standard input and read from
> > it's standard output, then IPC::Open2 is probably your thing.
> 
> Ok, but I don't want to use any external module, except the ones
> included in the system. I want the script to run on every system that
> has perl, and everyone don't have root access.

IPC::Open2 is part of the standard distributions, and most will already
have Expect and IO::Pty.

> Is there any other way? I'm scripting a web frontend for a program, so
> the script will only be run for a short amount of time. The first time
> it's executed it'll start the program (saving the pid), and the rest
> of the time it'll parse commands from the user to the program process
> (which thinks they are keyboard inputs).

You can't control a keyboard [a tty or pty] without using IO::Pty.

And the first time you execute it, you want to save the pty name, not
the pid.  [Use the "spawn" class method of IO::Pty to create your child
process].

An alternative to doing this would be to write a wrapper for the other
program, which would open a unix filesystem listening socket, and
continuously accept, read a command, execute the command, and close the
accepted socket.

unless( open( my ($realprog), "|the_program -some_argumenst" ) ) {
    die "Couldn't fork for the_program: $!";
}

select((select($realprog),$|=1)[0]);

use IO::Socket;
$SIG{INT} = sub { exit }; # calls the END block below.
my $listen = IO::Socket::UNIX->new( # UNIX, not INET
    Listen => 1,
    Local => "/tmp/rendezvous.$$",
);
while( my $cgi = $listen->accept ) {
    print $realprog <$cgi>;
    close $cgi;
}
END: { unlink "/tmp/rendezvous.$$" }

Don't use an INET socket, because that could lead to security holes --
anyone could connect to your wrapper, and send messages to the program.

With a unix domain socket, only the CGI program on the same machine as
it is will be able to connect.

-- 
Klein bottle for rent - inquire within.


------------------------------

Date: Thu, 1 Nov 2001 20:11:17 -0600 (CST)
From: dennis100@webtv.net (BUCK NAKED1)
Subject: Taint problem with BEGIN block
Message-Id: <13794-3BE200C5-22@storefull-245.iap.bryant.webtv.net>

After searching Google, and studying perlsec, I still can't figure this
out. I want to remove a sub-directory of sub-directory "wkdir" that's
older than 2 hours whether it's empty or not. After untaining almost
everything in this BEGIN block, it still fails with a -T dependency
error on the "rmdir" line. Why?

#!/usr/local/bin/perl -wT
print "Content-type: text/html\n\n";
use CGI::Carp qw(fatalsToBrowser);
use File::Find;
use File::stat; 

BEGIN {
  $ENV{PATH} = "/usr/bin:/bin:/usr/local/bin";

  $dir = "wkdir";
  $dir =~ /^([-\@\w.]+)$/; 
  $dir = $1;

  opendir(DIR, $dir) || die "can't opendir $dir: $!";

## ignore . and .. directories  
  my @files = grep { !/^\.\.|\./ & -d "$dir/$_" } readdir(DIR);
  closedir DIR;

  my $age = time() - 2*3600;  
  foreach my $f (@files) { 
      if ( -d $f ) {
      my $stats = stat($f);  
      if ($stats->mtime > $age) { 
     } 
  } 
      rmdir $f or die "$!" ;
  } 1;
}

Regards,
Dennis



------------------------------

Date: Fri, 2 Nov 2001 12:34:19 +0930
From: "Wyzelli" <wyzelli@yahoo.com>
Subject: Re: Taint problem with BEGIN block
Message-Id: <92oE7.20$xe5.25@wa.nnrp.telstra.net>

"BUCK NAKED1" <dennis100@webtv.net> wrote in message
news:13794-3BE200C5-22@storefull-245.iap.bryant.webtv.net...
> After searching Google, and studying perlsec, I still can't figure this
> out. I want to remove a sub-directory of sub-directory "wkdir" that's
> older than 2 hours whether it's empty or not. After untaining almost
> everything in this BEGIN block, it still fails with a -T dependency
> error on the "rmdir" line. Why?
>
> #!/usr/local/bin/perl -wT
> print "Content-type: text/html\n\n";
> use CGI::Carp qw(fatalsToBrowser);
> use File::Find;
> use File::stat;
>
> BEGIN {
>   $ENV{PATH} = "/usr/bin:/bin:/usr/local/bin";
>
>   $dir = "wkdir";
>   $dir =~ /^([-\@\w.]+)$/;
>   $dir = $1;
>
>   opendir(DIR, $dir) || die "can't opendir $dir: $!";
>
> ## ignore . and .. directories
>   my @files = grep { !/^\.\.|\./ & -d "$dir/$_" } readdir(DIR);
>   closedir DIR;
>
>   my $age = time() - 2*3600;
>   foreach my $f (@files) {
>       if ( -d $f ) {
>       my $stats = stat($f);
>       if ($stats->mtime > $age) {
>      }
>   }
>       rmdir $f or die "$!" ;
>   } 1;
> }

$f is sourced from outside your program so is potentially tainted.

Pass $f through a regex before you use it and ensure that you capture only
what you would expect to be valid.  That is how to 'untaint' the data.

$cleanf = $1 if $f =~ m/(a valid pattern here)/; # where 'a valid pattern
here' is replaced by what are allowable characters

rmdir $cleanf;

Wyzelli
--
push@x,$_ for(a..z);push@x,' ';
@z='092018192600131419070417261504171126070002100417'=~/(..)/g;
foreach $y(@z){$_.=$x[$y]}y/jp/JP/;print;




------------------------------

Date: Fri, 2 Nov 2001 01:06:39 +0000 (UTC)
From: Ilya Zakharevich <nospam-abuse@ilyaz.org>
Subject: Re: Unsigned 8 bit math (addition and subtraction)
Message-Id: <9rsriv$2ai5$1@agate.berkeley.edu>

[A complimentary Cc of this posting was sent to
Ilmari Karonen 
<usenet11627@itz.pp.sci.fi>], who wrote in article <1004651588.15082@itz.pp.sci.fi>:

> Actually, what perl does is rely on the integer modulus operator of
> the C compiler it was built with.

Hmm, are you still running v4.036?

Ilya


------------------------------

Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin) 
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>


Administrivia:

The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc.  For subscription or unsubscription requests, send
the single line:

	subscribe perl-users
or:
	unsubscribe perl-users

to almanac@ruby.oce.orst.edu.  

To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.

To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.

For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.


------------------------------
End of Perl-Users Digest V10 Issue 2052
***************************************


home help back first fref pref prev next nref lref last post