[19865] in Perl-Users-Digest

home help back first fref pref prev next nref lref last post

Perl-Users Digest, Issue: 2060 Volume: 10

daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Sat Nov 3 18:10:32 2001

Date: Sat, 3 Nov 2001 15:10:09 -0800 (PST)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <1004829009-v10-i2060@ruby.oce.orst.edu>
Content-Type: text

Perl-Users Digest           Sat, 3 Nov 2001     Volume: 10 Number: 2060

Today's topics:
    Re: Split output into multiple pages? <Laocoon@eudoramail.com>
    Re: Split output into multiple pages? <tony_curtis32@yahoo.com>
    Re: Split output into multiple pages? <Laocoon@eudoramail.com>
    Re: Tainting with Tad <was Taint problem with BEGIN blo (Tad McClellan)
    Re: Tainting with Tad <was Taint problem with BEGIN blo (BUCK NAKED1)
    Re: Untainting globally with regular expression? (Tad McClellan)
    Re: Untainting globally with regular expression? <darkon@one.net>
    Re: W98 Perl parser that supports flock() ? (Clinton A. Pierce)
    Re: win32 stat in directory with 4682 files <jimbo@soundimages.co.uk>
        Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)

----------------------------------------------------------------------

Date: Sat, 3 Nov 2001 16:36:19 +0100
From: Laocoon <Laocoon@eudoramail.com>
Subject: Re: Split output into multiple pages?
Message-Id: <Xns914EA8F03CCCDLaocooneudoramailcom@62.153.159.134>

ccking@consultant.com (Charles King) wrote in
news:f0da46f7.0111030318.70c0850e@posting.google.com: 

> Have a problem with a script which prints designated fields from
> *all records* in a flat file database.  The problem is how to
> split what gets printed into multiple pages with links at the
> bottom to the other pages.  (btw, I'm not a CGI programmer [in case 
> that's not obvious from my question]).  

Nor am i.


#Untested : 
> $limit_of_records_per_page = 30;

my $i = 1;

> if ($form {'display-all-records'})
> {
>      &table_header;   
> 
>      $count=1;
>      open (DATABASE, "$database");
>      while (<DATABASE>)
>      {
>      $row = $_;
>      chop $row;
>      @stuff = split (/\|/, $row); 
>        &table_row;      # prints designated fields in the record

&newpage if $count == 30;  

>      $count++;
>      }
>      close (DATABASE);
>      $count--;
>        &table_footer;   
> }
> 
> print "$footertemplate";

sub newpage {
$count = 1;
my $page = "$root/name$i.html";
print FILEHANDLE '<A href = "$page"> Next Page </A>'; # Your link
finish_your_page() # whatever
$i++;
open(FILEHANDLE,">$page"); # Replace with what you use for table_row()
}

> ____________________________________________________________________
*snip*

Lao


------------------------------

Date: Sat, 03 Nov 2001 09:49:56 -0600
From: Tony Curtis <tony_curtis32@yahoo.com>
Subject: Re: Split output into multiple pages?
Message-Id: <87snbvhn17.fsf@limey.hpcc.uh.edu>

>> On Sat, 3 Nov 2001 16:36:19 +0100,
>> Laocoon <Laocoon@eudoramail.com> said:

> sub newpage {
> $count = 1;
> my $page = "$root/name$i.html";
> print FILEHANDLE '<A href = "$page"> Next Page </A>'; # Your link
> finish_your_page() # whatever
> $i++;
> open(FILEHANDLE,">$page"); # Replace with what you use for table_row()
> }

1. learn to indent
2. this doesn't come close to working, or even compiling,
   for that matter
3. there's so much wrong there it's too early to even
   comment about programming style

There was an "Untested" comment lurking way above but
really, if you're posting something that appears to be a
complete sub or program you really should make sure it
works.

Something that is explictly an outline or pseudo-code need
not be tested (in the RFC sense of "must").

t
-- 
Oh!  I've said too much.  Smithers, use the amnesia ray.


------------------------------

Date: Sat, 3 Nov 2001 17:54:24 +0100
From: Laocoon <Laocoon@eudoramail.com>
Subject: Re: Split output into multiple pages?
Message-Id: <Xns914EB62DB8EEELaocooneudoramailcom@62.153.159.134>

Tony Curtis <tony_curtis32@yahoo.com> wrote in 
news:87snbvhn17.fsf@limey.hpcc.uh.edu:

>>> On Sat, 3 Nov 2001 16:36:19 +0100,
>>> Laocoon <Laocoon@eudoramail.com> said:
> 
>> sub newpage {
>> $count = 1;
>> my $page = "$root/name$i.html";
>> print FILEHANDLE '<A href = "$page"> Next Page </A>'; # Your link
>> finish_your_page() # whatever $i++;
>> open(FILEHANDLE,">$page"); # Replace with what you use for table_row()
>> }
> 
> 1. learn to indent

I
  will
    	 try
          	to 

> 2. this doesn't come close to working, or even compiling,
>    for that matter
> 3. there's so much wrong there it's too early to even
>    comment about programming style
>
> There was an "Untested" comment lurking way above but
> really, if you're posting something that appears to be a
> complete sub or program you really should make sure it
> works.

Calm down.. It wasn't supposed to look any good. Maybe i should have tested 
it first but its not that hard to fix and i have to simulate his data, subs 
etc first before i can test it anyway. Though there are some really simple 
mistakes in i should have noticed.  I'm pretty sure he can fix my code 
faster than that. Anyway : 

1. Add  ;  after 'finish_your_page()'
2. Add  &table_header;  right before the closing brace.
3. Replace the  '...'  enclosing the HTMl-Tag with  "..."  and blackslash 
the other  "  .

- Tested and working as expected 
(with my functions i.e.: sub table_header { print FILEHANDLE "\nHeader\n" }) 

> t

Lao


------------------------------

Date: Sat, 03 Nov 2001 15:17:22 GMT
From: tadmc@augustmail.com (Tad McClellan)
Subject: Re: Tainting with Tad <was Taint problem with BEGIN block>
Message-Id: <slrn9u8003.g7m.tadmc@tadmc26.august.net>

BUCK NAKED1 <dennis100@webtv.net> wrote:

>I followed Tad's advise 


   s/followed/followed some of/;   :-(


>and fixed my BEGIN block. 
     ^^^^^

Damn man!

Don't label broken stuff as "fixed". Somebody may believe you
and copy the code. Then they'll be back here asking why it
doesn't work.

I asked you:

Tad> Please please please test your code before posting it!

But you didn't do it yet again!

Following up to you is like talking to my hand...


>I think the below is
>correct now. 
>
>BEGIN { 
>  $ENV{PATH} = "/usr/bin:/bin:/usr/local/bin"; 


I don't see why you are not ending the BEGIN block right here,
nothing else you are doing requires being in there, as far as
I can see.

Why are you not ending the BEGIN block right here?


>  my $dir = "wkdir"; 
>  opendir(DIR, $dir) || die "can't opendir $dir: $!"; 
>  my @dirs = grep { /^(\d{4})$/ 
>     && -d "$dir/$_" } readdir(DIR); closedir DIR; 
>  foreach my $f (@dirs) { 
>     $f =~ /^(\d{4})$/ or die "$f is tainted: $!<BR>\n";
>     $f = $1;
>     my $age = time() - 3600;  


Looking really good up until here.


>     my $stats = stat("$dir/$f") or die "Can't stat: $!";  
>       if ( $stats->mtime < $age ) { 


Tad>   perldoc -f stat
Tad> 
Tad> "In scalar context, C<stat> returns a boolean value indicating success
Tad>  or failure"
Tad> 
Tad> So $stats contains either a true or false (very likely false,
Tad> given that you forgot the directory part again).
Tad> 
Tad> >  if ($stats->mtime < $age) {
Tad> 
Tad> This generates a runtime error.


It is still there. It still generates a runtime error.

Following up to you is like talking to my hand...


>         system("rm", "-r", "$dir/$f"); 
>    };
>  };
> 1;  
>}
>
>
>Thanks, Tad.


You're welcome. I'd help you more often if I didn't feel like
you were just going to ignore important points and repost the
same mistakes yet again.


-- 
    Tad McClellan                          SGML consulting
    tadmc@augustmail.com                   Perl programming
    Fort Worth, Texas


------------------------------

Date: Sat, 3 Nov 2001 14:22:49 -0600 (CST)
From: dennis100@webtv.net (BUCK NAKED1)
Subject: Re: Tainting with Tad <was Taint problem with BEGIN block>
Message-Id: <2700-3BE45219-331@storefull-242.iap.bryant.webtv.net>

tadmc@augustmail.com (Tad=A0McClellan) 
> Please please please test your code 
> before posting it! 
> But you didn't do it yet again! 

But I *did* test it the first time, *and* this time, and did NOT receive
an error at all either time... believe it or not. I *always* test my
code before posting it.

> > BEGIN { 
=A0=A0=A0=A0$ENV{PATH} =3D "/usr/bin:/bin:/usr/local/bin"; 
> Why are you not ending the BEGIN block right here? 
Huh? I don't understand this statement. If I ended it here, it wouldn't
check the file time and remove the directory; and it's doing that.
=A0=A0

> =A0=A0my $stats =3D stat("$dir/$f") or die "Can't stat: $!";
>   if ( $stats->mtime < $age ) { 
> perldoc -f stat
> "In scalar context, C<stat> returns a boolean value indicating success
Tad> or failure" 
I checked it by printing out $stats->mtime and it gave me a number.
> This generates a runtime error. 
> It is still there. It still generates a runtime error. 
No, it doesn't. Maybe the perl "stat" does; but I'm using File::stat, in
case you didn't notice.
> Following up to you is like talking to my hand... 
I don't know where that comes from. Perhaps you assume too much without
asking.

> You're welcome. I'd help you more often > if I didn't feel like you
were just going to > ignore important points and repost the 
> same mistakes yet again. 
Again, you assume incorrectly. I don't ignore your important points.

Regards,
--Dennis



------------------------------

Date: Sat, 03 Nov 2001 15:17:20 GMT
From: tadmc@augustmail.com (Tad McClellan)
Subject: Re: Untainting globally with regular expression?
Message-Id: <slrn9u7upt.g7m.tadmc@tadmc26.august.net>

spamfree <spamfree@go-away.net> wrote:
>I want to throw in some code which untaints input from all params in one
>foul swoop...
>
>$all_variables = "$firstname, $familyname, $email";    #etc.


I dunno if it will matter in your application, but in some cultures
the "first" name is the surname (family name).


>#untaint
>unless ($all_variables =~ /^([^<]*$/)    {    #disallow < char
                                                ^^^^^^^^^^^^^^^

Too weak of a test. Your code is only a "little bit" more
secure than with no taint checking at all. There is lots
of mischief possible that does not use that character.

It is nearly always better to say what you will allow rather
than what you will disallow. If you go the disallow route,
you might forget Something Important (as you have done above).


>    die "Couldn't untaint all variables: $all_variables\n";
>    }
>$all_variables = $1;
>
>Is this possible globally? 


Possibly. It depends on what characters are allowed in each
variable and what you are going to do with each variable.

Of course if you don't happen to be doing anything "dangerous"
with a variable, you don't need to untaint it at all.


>or do I have to laboriously untaint each variable
>individually?


You should laboriously untaint each variable, since they should
probably have different patterns.

I expect you want to allow at-signs in email addresses, but
not in the proper names for instance. Note that '<' is *legal*
in email addresses, yet your pattern above disallows them.



You _could_ use evil symbolic references:

   {  no strict;  # entering "expert only" mode!

      foreach my $varname ( qw/firstname familyname email/ ) { # untested
         if ( $$varname =~ /(a much better pattern than the one above)/ )
            { $$varname = $1 }
         else
            { warn "could not untaint \$$varname\n" }
      }
   }


But *don't do that!* You will be asking for trouble:

   http://www.plover.com/~mjd/perl/varvarname.html
   http://www.plover.com/~mjd/perl/varvarname2.html
   http://www.plover.com/~mjd/perl/varvarname3.html


Use scalar values in a hash instead of individual stand-alone
scalars:

      my %var;  # all "variables" are colleced here as hash keys
      #  load up %var from somewhere
      foreach my $key ( keys %var ) { # untested
         if ( $var{$key} =~ /(a much better pattern than the one above)/ )
            { $var{$key} = $1 }
         else
            { warn "could not untaint '$key'\n" }
      }

Or, better yet, use a HoH to associate each pattern with the
scalar that it is to be applied to (untested):

   my %var = (
               firstname => { value   => 'wherever the value comes from',
                              untaint => qr/[\w .,-]+/
                            },
               ...
             )
   foreach my $key ( keys %var ) {
      if ( $var{$key} =~ /^($var{$key}{untaint})$/ {
         { $var{$var}{value} = $1 }
      else
         { warn "could not untaint '$key'\n" }
   }


-- 
    Tad McClellan                          SGML consulting
    tadmc@augustmail.com                   Perl programming
    Fort Worth, Texas


------------------------------

Date: Sat, 03 Nov 2001 16:03:08 GMT
From: "David K. Wall" <darkon@one.net>
Subject: Re: Untainting globally with regular expression?
Message-Id: <Xns914E70B13706Ddarkononenet@24.2.68.108>

"spamfree" <spamfree@go-away.net> wrote:

> I want to throw in some code which untaints input from all params in
> one foul swoop...

If you're going to untaint variables without checking them there's not much 
point in turning on taint-checking in the first place.

CGI/Perl Taint Mode FAQ
http://gunther.web66.com/FAQS/taintmode.html
http://www.extropia.com/tutorials/taintmode.html

World Wide Web Security FAQ
http://www.w3.org/Security/faq/

-- 
David Wall - darkon@one.net
"When the end of the world comes, I want to be in Cincinnati. Everything
happens ten years later there." -- Mark Twain


------------------------------

Date: Sat, 03 Nov 2001 19:18:31 GMT
From: clintp@geeksalad.org (Clinton A. Pierce)
Subject: Re: W98 Perl parser that supports flock() ?
Message-Id: <bqXE7.228950$K6.109085323@news2>

[Posted and mailed]

In article <e0c7utgp40sgh115fl4co3qqpdnrkaq7l1@4ax.com>,
	Headless <headless@dna.ie> writes:
> Is there a W98 Perl parser that allows flock() ?

It's not that Perl doesn't support it, it's that the OS doesn't 
have anything to lend it credibility.  :)
 
> I installed ActivePerl build 629 for Windows, but on W95/98 flock() is
> not supported.
>
> I'd like to add Perl to my Apache setup for local offline testing.

So?

What's stopping ya?  A code wrapper can hide this nicely:

	eval { flock(FOO, ...) || die "Can't flock $!"; };
	die unless ($@ =~ /supported/);

Or you can override the flock() function yourself with a no-op on 
Win98.
 



-- 
    Clinton A. Pierce            Teach Yourself Perl in 24 Hours  *and*
  clintp@geeksalad.org                Perl Developer's Dictionary
"If you rush a Miracle Man,     for details, see http://geeksalad.org     
	you get rotten Miracles." --Miracle Max, The Princess Bride


------------------------------

Date: Sat, 3 Nov 2001 21:54:24 -0000
From: "jimbo" <jimbo@soundimages.co.uk>
Subject: Re: win32 stat in directory with 4682 files
Message-Id: <iIZE7.8359$rg7.66910@NewsReader>

> readdir() is very fast. stat() is a pig.

from perlfunc:

If stat is passed the special filehandle consisting of an underline, no
stat is done, but the current contents of the stat structure from the
last stat or filetest are returned.

Have you tried something like this

  foreach $file (@dirlist) {
    @s = stat(_) if -f $file;
  }

jimbo
;-)




------------------------------

Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin) 
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>


Administrivia:

The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc.  For subscription or unsubscription requests, send
the single line:

	subscribe perl-users
or:
	unsubscribe perl-users

to almanac@ruby.oce.orst.edu.  

To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.

To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.

For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.


------------------------------
End of Perl-Users Digest V10 Issue 2060
***************************************


home help back first fref pref prev next nref lref last post