[22181] in Perl-Users-Digest
Perl-Users Digest, Issue: 4402 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Tue Jan 14 14:11:55 2003
Date: Tue, 14 Jan 2003 11:10:12 -0800 (PST)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Tue, 14 Jan 2003 Volume: 10 Number: 4402
Today's topics:
Need Help <psinghp@emirates.net.ae>
parsing problem <fm_duendeBASURA@yahoo.com>
Re: Perl command line processing, Windows/dos style ? (Ben Morrow)
poe and fork <david.zimmermann@icn.siemens.de>
return value of backticks under DOS (Chas Friedman)
Re: return value of backticks under DOS <koos_pol@NO.nl.JUNK.compuware.MAIL.com>
Re: return value of backticks under DOS (Tad McClellan)
Re: security of open(TAR, "tar -cvf - $filelist|") <mzawadzk@man.poznan.pl>
Re: security of open(TAR, "tar -cvf - $filelist|") <mzawadzk@man.poznan.pl>
Re: security of open(TAR, "tar -cvf - $filelist|") (Anno Siegel)
Re: security of open(TAR, "tar -cvf - $filelist|") <chang0@adelphia.net>
Re: security of open(TAR, "tar -cvf - $filelist|") (Anno Siegel)
Re: security of open(TAR, "tar -cvf - $filelist|") (Peter J. Acklam)
Re: security of open(TAR, "tar -cvf - $filelist|") (Tad McClellan)
Re: security of open(TAR, "tar -cvf - $filelist|") <uri@stemsystems.com>
Re: Suggestions for counter <bilkay@xxxlocalnet.com>
Re: Suggestions for counter <uri@stemsystems.com>
Re: The "default thing" <nobull@mail.com>
Re: The Best and The Easiest Perl Module to Draw 2-D Li (Jay Chan)
Re: undef of large Hashes/Arrays took a very long time ctcgag@hotmail.com
Re: Using Mail::MAiler to send attachment <mbudash@sonic.net>
Variable naming convention (Pete)
Re: Variable naming convention (Anno Siegel)
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Tue, 14 Jan 2003 19:10:22 +0400
From: Dr P Singh <psinghp@emirates.net.ae>
Subject: Need Help
Message-Id: <3E24285E.8973C356@emirates.net.ae>
Hi every one. I took this code snippet from active perl(5.8) and ran it with
little modification. I have two problem with this code.
(1) I get this warning message "Constant Subroutine emptyenum redefined at
c:/site/lib/win32/ole/constant.pm line 65535. I get a lot of this message.
(2) Though the code runs fine after these message, I get a printer popup asking
for the pdf file name.
My question is how to suppress these warning messages and the popup window for
printer asking for pdffilename . Here is the code I am using.
Dr Prabhu
#!c:/perl/bin/perl.exe -w
use strict;
use Win32::OLE;
use Win32::OLE::Const 'Microsoft Word';
my $Word = Win32::OLE->new('Word.Application', 'Quit');
$Word->{'Visible'} = 1; # if you want to see what's going on
$Word->Documents->Open("C:\\HaHa.doc")
|| die("Unable to open document ", Win32::OLE->LastError());
$Word->{'ActivePrinter'} = 'Acrobat PDFWriter';
$Word->ActiveDocument->PrintOut({
Background => 0,
Append => 0,
Range => wdPrintAllDocument,
Item => wdPrintDocumentContent,
Copies => 1,
PageType => wdPrintAllPages,
});
------------------------------
Date: Tue, 14 Jan 2003 18:56:38 GMT
From: monkeys paw <fm_duendeBASURA@yahoo.com>
Subject: parsing problem
Message-Id: <G3ZU9.72840$3v.13096@sccrnsc01>
I want a regex to parse the following:
"first saturday of every month"
or
"first saturday in january"
Please help with the following which isn't
quite there:
if ( $frequency =~
m!
(
(?:
(?:
(?:
(?:\d+
(?:
ST |
ND |
RD |
TH
)
) |
FIRST |
SECOND |
THIRD |
FOURTH |
FIFTH |
LAST
)
\s*,?\s*
)+
)
\s+
(?:
(?: SUN |
MON |
TUES? |
WED(?:NES)? |
THU(?:RS)? |
FRI |
SAT(?:UR)?
)
(?:DAY)?
)
\s+
(?:OF EVERY MONTH |
(?: \s+IN\s+
(?:
JAN(?:UARY)? |
FEB(?:RUARY)? |
MAR(?:CH)? |
APR(?:IL)? |
MAY |
JUNE? |
JULY? |
AUG(?:UST)? |
SEP(?:TEMBER)? |
OCT(?:OBER)? |
NOV(?:EMBER)? |
DEC(?:EMBER)?
)
\s*,?\s*
)+
)
)
!x)
------------------------------
Date: Tue, 14 Jan 2003 15:56:34 +0000 (UTC)
From: mauzo@mimosa.csv.warwick.ac.uk (Ben Morrow)
Subject: Re: Perl command line processing, Windows/dos style ?
Message-Id: <b01bvi$sv1$1@wisteria.csv.warwick.ac.uk>
mauzo@mimosa.csv.warwick.ac.uk (Ben Morrow) wrote:
>bugs.bunny@carrot.inc (Bugs Bunny) wrote:
>>Hi,
>>
>>I'm trying to get a perl script to behave more like other windows
>>command line tools, and it is driving me NUTS that I cannot get perl
>>to simply give me the command line as-is.
>>
>>As is normal under unix, perl expands the command line automatically.
>>For instance, when invoking 'scipt.pl' with as option '*', you'll
>>get a list of all files in the current directory as arguments.
>>
>>So I already got used to enclose the arguments with double quotes to
>>prevent expansion. Not too bad, because if you want to pass paths with
>>embedded spaces, you have to enclose these with double quotes anyway
>>to keep the parts together.
>>But you forget you're dealing with a perl script, and forget the
>>double quotes, well, anything can happen, as your script gets
>>arguments that he does not expect.
>>
>>So you try to be carefull, and use double quotes. But then you try to
>>pass the argument C:\ as an argument enclosed by double quotes, so as
>>"C:\". Doesn't work. The sequence \" is replaced by single quote, and
>>the argument is concatenated with the next argument: the \" is a way
>>to include a double quote in a double quoted String. AAARRRGGGGHHHH
>>
>>I JUST WANT THE COMMANDLINE THE WAY THE USER ENTERS IT!!!!
>
>Might I ask why? :)
>I believe that the expansion of *->filenames (etc.) is not done by perl per se
>but by the startup code in the CRT it uses. This means there's not much you
>can do about it, unless a batch file of the form
>
>@echo off
>perl.exe script.pl "%*"
>
>will work. Your perl script should then get one argument only, with the entire
>command line on; which you can then deal with any way you please.
Hmm, I knew this was messy wehen I wrote it :)
It fails on embedded ", of course.
The right answer is to use Win32::API to get at GetCommandLine out of
kernel32.dll, which will return your command line, unadulteated.
Ben
------------------------------
Date: Tue, 14 Jan 2003 17:07:08 +0100
From: David Zimmermann <david.zimmermann@icn.siemens.de>
Subject: poe and fork
Message-Id: <3E2435AC.71362FFD@icn.siemens.de>
hello *,
I would like to execute a program on 100 computers
someone can give me an example how i can fork with the poe module
(POE::Filter::Reference ??)
thanks
------------------------------
Date: Tue, 14 Jan 2003 16:15:19 +0000 (UTC)
From: friedman@math.utexas.edu (Chas Friedman)
Subject: return value of backticks under DOS
Message-Id: <b01d2n$17k$1@geraldo.cc.utexas.edu>
I wonder if anyone can explain the following:
If I perl the following under DOS, the directory listing gets printed
to the DOS window, but $dir is undefined (i.e., I see the listing, but
then also $dir= )
$dir=`dir`;
print "\$dir=$dir\n";
I thought maybe the returned value from the backticks was going to STDERR,
so I put BEGIN{*STDERR=*STDOUT}; at the beginning of my file; this didn't
change the described behavior. By the way I have 2 machines with Windows 98
(first edition, I believe) installed and the same perl on each, and only
one behaves as I described; on the other, the backticks act as expected
and $dir gets the return value. I also have a linux machine, and the strange
behavior doesn't occur therre.
I've been mystified by this for about a year.
Thanks for any comments on this!
chas
------------------------------
Date: Tue, 14 Jan 2003 17:37:15 +0100
From: Koos Pol <koos_pol@NO.nl.JUNK.compuware.MAIL.com>
Subject: Re: return value of backticks under DOS
Message-Id: <newscache$36qp8h$fx9$1@news.emea.compuware.com>
Chas Friedman wrote (Tuesday 14 January 2003 17:15):
> I wonder if anyone can explain the following:
> If I perl the following under DOS, the directory listing gets printed
> to the DOS window, but $dir is undefined (i.e., I see the listing, but
> then also $dir= )
> $dir=`dir`;
> print "\$dir=$dir\n";
backticks should not be used to catch returned values. Use the qx operator
instead. See the Regexp Quote-Like Operators entry in the perlop manpage.
HTH
--
KP
------------------------------
Date: Tue, 14 Jan 2003 11:02:49 -0600
From: tadmc@augustmail.com (Tad McClellan)
Subject: Re: return value of backticks under DOS
Message-Id: <slrnb28glp.7p2.tadmc@magna.augustmail.com>
Koos Pol <koos_pol@NO.nl.JUNK.compuware.MAIL.com> wrote:
> Chas Friedman wrote (Tuesday 14 January 2003 17:15):
>
>> $dir=`dir`;
> backticks should not be used to catch returned values.
Yes they should.
That is exactly their purpose.
> Use the qx operator
> instead.
That is just an alternative way of writing backticks.
ie. qx _is_ backticks (in disguise).
>See the Regexp Quote-Like Operators entry in the perlop manpage.
Which shows one description applicable to either of them,
they are just different ways of writing the same thing.
--
Tad McClellan SGML consulting
tadmc@augustmail.com Perl programming
Fort Worth, Texas
------------------------------
Date: Tue, 14 Jan 2003 16:22:41 +0100
From: Marek Zawadzki <mzawadzk@man.poznan.pl>
Subject: Re: security of open(TAR, "tar -cvf - $filelist|")
Message-Id: <Pine.GSO.4.44.0301141618400.21297-100000@rose.man.poznan.pl>
On 14 Jan 2003, Anno Siegel wrote:
> Marek Zawadzki <mzawadzk@man.poznan.pl> wrote in comp.lang.perl.misc:
> > I'm writing backup script for a local system and I'm using:
> > open(TAR, "tar -cvf - $filelist|");
> > where $filelist is a list of files obtained with `ls` mechanism.
/ ...
> > What would be the best approach to prevent a malicious user from executing
> > commands within my script just by crafting some files with special names?
>
> With a sufficiently new Perl, you can specify the command in list form.
Unfortunately I have ancient versions of Perl here (like 5.004_01) and I
don't really feel like compiling anything newer on Crays :-(
Could anybody propose a regexp or something to "sanitize" a filename so it
doesn't make 'open(TAR, "tar -cvf - $filelist|");' dangerous?
-marek
------------------------------
Date: Tue, 14 Jan 2003 17:00:11 +0100
From: Marek Zawadzki <mzawadzk@man.poznan.pl>
Subject: Re: security of open(TAR, "tar -cvf - $filelist|")
Message-Id: <Pine.GSO.4.44.0301141656420.21297-100000@rose.man.poznan.pl>
On 14 Jan 2003, Anno Siegel wrote:
> Marek Zawadzki <mzawadzk@man.poznan.pl> wrote in comp.lang.perl.misc:
/ ...
> > Could anybody propose a regexp or something to "sanitize" a filename so it
> > doesn't make 'open(TAR, "tar -cvf - $filelist|");' dangerous?
>
> Sorry, no.
/ ...
> The only general rule for this kind of thing is that it's better to
> allow the set of characters that are considered safe, as opposed to
> forbidding characters that are considered dangerous.
Understood.
Is something like that going to be safe enough:
if ($fname =~ /[^a-zA-Z0-9\/\.\-\_]/) {
# unsecure
} else {
# secure
}
Or a malicious user could still somehow pass the characters I allow?
-marek
------------------------------
Date: 14 Jan 2003 15:59:49 GMT
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Re: security of open(TAR, "tar -cvf - $filelist|")
Message-Id: <b01c5l$jnm$2@mamenchi.zrz.TU-Berlin.DE>
Marek Zawadzki <mzawadzk@man.poznan.pl> wrote in comp.lang.perl.misc:
> On 14 Jan 2003, Anno Siegel wrote:
>
> > Marek Zawadzki <mzawadzk@man.poznan.pl> wrote in comp.lang.perl.misc:
> > > I'm writing backup script for a local system and I'm using:
> > > open(TAR, "tar -cvf - $filelist|");
> > > where $filelist is a list of files obtained with `ls` mechanism.
> / ...
> > > What would be the best approach to prevent a malicious user from executing
> > > commands within my script just by crafting some files with special names?
> >
> > With a sufficiently new Perl, you can specify the command in list form.
>
> Unfortunately I have ancient versions of Perl here (like 5.004_01) and I
> don't really feel like compiling anything newer on Crays :-(
> Could anybody propose a regexp or something to "sanitize" a filename so it
> doesn't make 'open(TAR, "tar -cvf - $filelist|");' dangerous?
Sorry, no. Too much depends on the particularities of the shell that
might be invoked for a pat answer to be given. Also, the solution is
usually a compromise that excludes some perfectly legal filenames (if
appropriately quoted) for the sake of security. We can't settle that
compromise for you.
Another reason why this question is often asked but seldom answered
is that it involves too much responsibility. Even if I were sure
I had completely understood your situation and all its implications
I would hesitate to answer, just because I know I'm fallible. I wouldn't
want to see a followup saying "I did it your way, but someone managed
to erase my disk doing ...".
The only general rule for this kind of thing is that it's better to
allow the set of characters that are considered safe, as opposed to
forbidding characters that are considered dangerous. In the first
approach you can check the allowed set one by one and be sure you
didn't allow something potentially dangerous. In the second case,
you can never be sure there isn't another dangerous character you
didn't think of.
Of course, this being Perl, there is an alternative. You could
explicitly fork a child process, establish a connection from the
child's STDOUT to the mother process, and exec() the command from
the child, using the list form of exec(). That way, you'd be
basically doing explicitly what the open() variant is doing internally.
"perldoc perlipc" should provide the details on how to do it.
Anno
Anno
------------------------------
Date: Tue, 14 Jan 2003 16:00:37 GMT
From: ebchang <chang0@adelphia.net>
Subject: Re: security of open(TAR, "tar -cvf - $filelist|")
Message-Id: <Xns93037058B2376chang0adelphia.net@24.48.107.53>
Marek Zawadzki <mzawadzk@man.poznan.pl> wrote in
news:Pine.GSO.4.44.0301141618400.21297-100000@rose.man.poznan.pl:
[snip]
> Unfortunately I have ancient versions of Perl here (like 5.004_01) and
> I don't really feel like compiling anything newer on Crays :-(
> Could anybody propose a regexp or something to "sanitize" a filename
> so it doesn't make 'open(TAR, "tar -cvf - $filelist|");' dangerous?
>
> -marek
>
See http://www.cert.org/tech_tips/cgi_metacharacters.html The method isn't
limited to CGI scripts in spite of the title.
--
EBC
------------------------------
Date: 14 Jan 2003 16:05:32 GMT
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Re: security of open(TAR, "tar -cvf - $filelist|")
Message-Id: <b01cgc$jnm$3@mamenchi.zrz.TU-Berlin.DE>
Marek Zawadzki <mzawadzk@man.poznan.pl> wrote in comp.lang.perl.misc:
> On 14 Jan 2003, Anno Siegel wrote:
>
> > Marek Zawadzki <mzawadzk@man.poznan.pl> wrote in comp.lang.perl.misc:
> / ...
> > > Could anybody propose a regexp or something to "sanitize" a filename so it
> > > doesn't make 'open(TAR, "tar -cvf - $filelist|");' dangerous?
> >
> > Sorry, no.
> / ...
> > The only general rule for this kind of thing is that it's better to
> > allow the set of characters that are considered safe, as opposed to
> > forbidding characters that are considered dangerous.
>
> Understood.
> Is something like that going to be safe enough:
>
> if ($fname =~ /[^a-zA-Z0-9\/\.\-\_]/) {
> # unsecure
> } else {
> # secure
> }
>
> Or a malicious user could still somehow pass the characters I allow?
You replied quickly. I superseded my first reply with a more extensive
one which also explains why I wouldn't say "you're safe", even if I
was sure you are. I also sketch an alternative there. So please read
my reply again when the update arrives on your server.
Anno
------------------------------
Date: Tue, 14 Jan 2003 18:11:55 +0100
From: pjacklam@online.no (Peter J. Acklam)
Subject: Re: security of open(TAR, "tar -cvf - $filelist|")
Message-Id: <znq364h0.fsf@online.no>
Marek Zawadzki <mzawadzk@man.poznan.pl> wrote:
> I'm writing backup script for a local system and I'm using:
> open(TAR, "tar -cvf - $filelist|");
> where $filelist is a list of files obtained with `ls` mechanism.
To me, the first step, as always when calling a command with an
unknown argument, is to include a `--' to prevent files being
interpreted as options
open(TAR, "tar -cvf - -- $filelist|");
Secondly, I would scan through the file list and make sure that
the files really exist.
Peter
--
#!/local/bin/perl5 -wp -*- mode: cperl; coding: iso-8859-1; -*-
# matlab comment stripper (strips comments from Matlab m-files)
s/^((?:(?:[])}\w.]'+|[^'%])+|'[^'\n]*(?:''[^'\n]*)*')*).*/$1/x;
------------------------------
Date: Tue, 14 Jan 2003 11:19:10 -0600
From: tadmc@augustmail.com (Tad McClellan)
Subject: Re: security of open(TAR, "tar -cvf - $filelist|")
Message-Id: <slrnb28hke.7p2.tadmc@magna.augustmail.com>
[ removed alt.perl ]
Marek Zawadzki <mzawadzk@man.poznan.pl> wrote:
> On 14 Jan 2003, Anno Siegel wrote:
>
>> Marek Zawadzki <mzawadzk@man.poznan.pl> wrote in comp.lang.perl.misc:
> / ...
>> > Could anybody propose a regexp or something to "sanitize" a filename so it
>> > doesn't make 'open(TAR, "tar -cvf - $filelist|");' dangerous?
>>
>> Sorry, no.
> / ...
>> The only general rule for this kind of thing is that it's better to
>> allow the set of characters that are considered safe, as opposed to
>> forbidding characters that are considered dangerous.
>
> Understood.
> Is something like that going to be safe enough:
"enough" is subjective, so nobody but you can evaluate that.
> if ($fname =~ /[^a-zA-Z0-9\/\.\-\_]/) {
dot and underscore are not meta in a char class, they do not
need to be escaped.
hyphen does not need to be escaped in a char class if it
is first or last in the class (because that does not form
a "range".
choosing an alternate delimiter allows slash to be unescaped also.
if ($fname =~ m#[^a-zA-Z0-9/._-]#) { # easier to see the allowed chars
or
if ($fname =~ m#[^\w/.-]#) {
> # unsecure
> } else {
> # secure
> }
>
> Or a malicious user could still somehow pass the characters I allow?
^^^^^
^^^^^
You must have meant disallow?
With the above code, no, they could not include characters that
you have not listed.
However, _I_ would consider what you list above as "dangerous".
What if Mr. Malicious gave these filenames:
../../etc/passwd
/etc/passwd
Your code above would have you sending him files you likely
don't want to be sending :-)
--
Tad McClellan SGML consulting
tadmc@augustmail.com Perl programming
Fort Worth, Texas
------------------------------
Date: Tue, 14 Jan 2003 17:46:27 GMT
From: Uri Guttman <uri@stemsystems.com>
Subject: Re: security of open(TAR, "tar -cvf - $filelist|")
Message-Id: <x78yxnmxp0.fsf@mail.sysarch.com>
>>>>> "BM" == Brian McCauley <nobull@mail.com> writes:
BM> Marek Zawadzki <mzawadzk@man.poznan.pl> writes:
>> I'm writing backup script for a local system and I'm using:
>> open(TAR, "tar -cvf - $filelist|");
>> where $filelist is a list of files obtained with `ls` mechanism.
he can also use the perl Archive::Tar module and bypass the shell and
the tar command. that eliminates any security holes.
BM> Avoid /bin/sh involvement by using the LIST form of pipe open() (new
BM> in 5.8):
BM> open(my $tar, '-|', 'tar', '-cvf', '-', '--', @filelist) or die $!;
or do an open( my $tar, '-|' ) which basically does a fork/pipe. then
you can do an exec call with a list which bypasses the shell and that
is supported in all versions of perl5 (i think :).
uri
--
Uri Guttman ------ uri@stemsystems.com -------- http://www.stemsystems.com
----- Stem and Perl Development, Systems Architecture, Design and Coding ----
Search or Offer Perl Jobs ---------------------------- http://jobs.perl.org
Damian Conway Perl Classes - January 2003 -- http://www.stemsystems.com/class
------------------------------
Date: Tue, 14 Jan 2003 10:49:54 -0500
From: "Bill K." <bilkay@xxxlocalnet.com>
Subject: Re: Suggestions for counter
Message-Id: <20030114.104949.1359512183.24890@xxxlocalnet.com>
In article <slrnb25l84.2s9.tadmc@magna.augustmail.com>, "Tad McClellan"
<tadmc@augustmail.com> wrote:
> Bill K. <bilkay@xxxlocalnet.com> wrote:
>> In article <kVoU9.8477$WT3.6813@news.bellsouth.net>, "Brett"
>><bbsouth@bellsouth.net> wrote:
>>
>>> I've tried a few different counters but can't find one that is easy to
>>> setup.
>
>
> I'd recommend seeing what you can find at:
>
> http://nms-cgi.sourceforge.net/
>
>
>> If you're foolish enough to use this program, I'm not responsible for
>> the results.
>
>
> Brett should pay particular attention to that part...
>
>
>> #!/usr/bin/perl
>
>
> The first clue as to the quality of the code is right here.
>
> If you find code that does not have warnings and strict enabled, discard
> it and keep looking.
>
>
>> open(INFO, "$dfile") || &error(1) ;
> ^ ^
> ^ ^
>
> A useless use of double quotes.
>
> open(INFO, $dfile) || &error(1) ; # does the same thing
>
> From Perl FAQ 4:
>
> What's wrong with always quoting "$vars"?
>
>
>> @hcount = <INFO> ;
>> close(INFO) || &error(2) ;
>
>
> While the other things are merely "indicators" that you shouldn't use
> this code, here is a complete deal-killer.
>
> It does not implement file locking, which is required in a multi-tasking
> environment such as CGI.
>
> The count will become corrupted.
>
> If you're not going to do file locking, you might as well call rand()
> and save that number as the count.
>
>
>> sub error
>> {
>> local($a) = (0 - $_[0]);
>
>
> There is another indicator of poor quality code, namely using local()
> when my() will do.
>
> You should always prefer my() variables over local() variables,
> except when you can't.
Thanks so much for your constructive criticism. I'm not a professional
programmer, and don't pretend to be, but I've found that while
"professional" programmers can produce wonderful code, it seldom does
what I want it to do. I've tried "professional" hitcount programs and
have gotten gibberish from them. My crappy program accomplishes what I want
to accomplish:
1. Maintain data on multiple pages in a single, readable file,
2. Allow counting hits without output to the web page,
3. Keep an interval count as well as a total count for each page.
The task at hand is rather trivial compared to the task of trying to find
a "professional" program that does the same thing. I'm certainly not
averse to suggestions on how to make it better.
------------------------------
Date: Tue, 14 Jan 2003 17:56:15 GMT
From: Uri Guttman <uri@stemsystems.com>
Subject: Re: Suggestions for counter
Message-Id: <x73cnvmx8h.fsf@mail.sysarch.com>
>>>>> "BK" == Bill K <bilkay@xxxlocalnet.com> writes:
BK> Thanks so much for your constructive criticism. I'm not a
BK> professional programmer, and don't pretend to be, but I've found
BK> that while "professional" programmers can produce wonderful code,
BK> it seldom does what I want it to do. I've tried "professional"
BK> hitcount programs and have gotten gibberish from them. My crappy
BK> program accomplishes what I want to accomplish:
BK> 1. Maintain data on multiple pages in a single, readable file,
BK> 2. Allow counting hits without output to the web page,
BK> 3. Keep an interval count as well as a total count for each page.
BK> The task at hand is rather trivial compared to the task of trying to find
BK> a "professional" program that does the same thing. I'm certainly not
BK> averse to suggestions on how to make it better.
>> While the other things are merely "indicators" that you shouldn't use
>> this code, here is a complete deal-killer.
>>
>> It does not implement file locking, which is required in a multi-tasking
>> environment such as CGI.
>>
>> The count will become corrupted.
>>
>> If you're not going to do file locking, you might as well call rand()
>> and save that number as the count.
but you are ignoring that major piece of advice. your code is not safe
from file access collisions because it doesn't lock the file. this is a
common failure of the kiddie counter scripts and rarely one of a
'professional' script. if you want to have a working counter regardless
of the features, you need to do locking.
so brushing off criticism like that is not doing you any good. the
comments on the rest of the code are valid as well. it would behoove you
to study and learn from them even if you are not a professional. you are
trying to be a perl hacker so you might as well do it right.
uri
--
Uri Guttman ------ uri@stemsystems.com -------- http://www.stemsystems.com
----- Stem and Perl Development, Systems Architecture, Design and Coding ----
Search or Offer Perl Jobs ---------------------------- http://jobs.perl.org
Damian Conway Perl Classes - January 2003 -- http://www.stemsystems.com/class
------------------------------
Date: 14 Jan 2003 18:23:00 +0000
From: Brian McCauley <nobull@mail.com>
Subject: Re: The "default thing"
Message-Id: <u9r8bfegl7.fsf@wcl-l.bham.ac.uk>
mckenzie@bigmultimedia.com (Bruce McKenzie) writes:
> Benjamin Goldberg <goldbb2@earthlink.net> wrote in message news:<3E239DBB.961F838D@earthlink.net>...
> > Bruce McKenzie wrote:
> > >
> > > In the Chapter 14.1 of Programming Perl, there is an example of how to
> > > create a package for tying a scalar:
> > >
> > > sub STORE { ${ $_[0] } = $_[1] } # do the default thing
> > >
> > > I don't understand the shorthand in "the default thing." I guess it
> > > means that the value referenced by the tied object is now the new
> > > value. But I don't see where the $_[1] comes from. It's second element
> > > of an array ??
> >
> > It's the second element of the @_ array.
> >
> > Tieing is rather advanced stuff. Subroutine arguments (that is, the @_
> > array) is fairly basic stuff. You should learn about basic stuff before
> > going on to advanced stuff.
>
> I know this is risky, but let me try asking another way (I have been
> using tied hashes and whatnot, but I don't handle the @_ array with
> such concision).
>
> Is this sort of how it goes?
> And, written less tersely, STORE becomes
>
> sub STORE {
> # don't do confusing default thing ${ $_[0] } = $_[1] -- instead do
> my ($self, $value) = @_; # $self is a ref to a scalar (self thinks
> :-)
> $self = \$value; # $self now refs $value;
> }
There is nothing special about the $self variable!
There's no point altering the $self variable.
You want to alter the thing referenced by $self.
Tieing is rather advanced stuff. Objects and methods invocation are
intermediate stuff. You should learn about intermediate stuff before
going on to advanced stuff.
sub STORE {
my ($self, $value) = @_; # $self is a ref to a blessed scalar
$$self = $value;
}
mckenzie@bigmultimedia.com (Bruce McKenzie) writes:
> $bucks is tied, so when we say
> $bucks = 45.00,
>
> we're saying something like "(using the methods defined in Centsible class),
> STORE($bucks, 45.00)"
Almost. It's resoved via the tied-scalar and method lookup mechansims
to:
Centsible::STORE(tied($bucks),45.00)
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
------------------------------
Date: 14 Jan 2003 09:43:17 -0800
From: jaykchan@hotmail.com (Jay Chan)
Subject: Re: The Best and The Easiest Perl Module to Draw 2-D Line Chart?
Message-Id: <c7e5acb2.0301140943.75b62980@posting.google.com>
I have found that Chart::Line module can do exactly what I want.
The module is very easy to use.
However, looking for the right module and trying to install the
libraries took me a long long time. I guess this must have something
to do with the fact that I am using Win32 version of Perl. Finally, I
get everything from www.ActiveState.com that have the pre-compiled
version of the libraries.
Jay Chan
------------------------------
Date: 14 Jan 2003 17:07:44 GMT
From: ctcgag@hotmail.com
Subject: Re: undef of large Hashes/Arrays took a very long time
Message-Id: <20030114120744.708$W9@newsreader.com>
Pierre Asselin <pa@panix.com> wrote:
> In <avu283$iugd2$1@ID-2265.news.dfncis.de> Jan Schubert
> <Jan.Schubert@GMX.li> writes:
>
> >Pierre Asselin wrote:
> >> Ok, so the OP should try assigning () and see if that helps.
>
> >So i did it, but no success at all. The same behaviour as before. The
> >array has approximately 35 Mio. entries and is using ca. 1.6 GB in
> >Memory.
>
> If your work is all done, you can code {kill 9, $$;} to exit in a hurry.
> It returns an error to the OS, but I assume that doesn't matter.
That's seems excessively violent. I think kill 15, $$ should get the
job done in a more polite fashion.
Xho
--
-------------------- http://NewsReader.Com/ --------------------
Usenet Newsgroup Service New Rate! $9.95/Month 50GB
------------------------------
Date: Tue, 14 Jan 2003 17:27:56 GMT
From: Michael Budash <mbudash@sonic.net>
Subject: Re: Using Mail::MAiler to send attachment
Message-Id: <mbudash-D2B003.09275714012003@typhoon.sonic.net>
In article <f5912a4f.0301140000.3bdda1e@posting.google.com>,
nodiseos@yahoo.com (nikko) wrote:
> I need to send an attachment using Mail::Mailer.
>
> Currently my code looks like this:
>
> my $mailserver = "smtp.domain.com";
> my $mailer = new Mail::Mailer('smtp', Server => $mailserver);
> my(%headers) = ('To' => "$param{'email'}",
> 'Bcc' => "nikko\@domain.com",
> 'From' => "ts-systems\@domain.com",
> 'Subject' => "My subject",
> 'Date' => $date,
> );
> $mailer->open(\%headers);
> open(MAIL, ">$TEMPFILE") || &baderror('Cannot write to email file');
>
> $message =<<EOT;-
> text of message
> EOT
> print $mailer $message;
> $TEMPFILE =~ s/\//\\/g;
> unlink $TEMPFILE;
> $mailer->close;
> =====================
> How would I add a text file to this with the words "test" as content?
>
> Thanks!
you wouldn't use Mail::Mailer. you'd use MIME::Lite. its perldoc
documentation tells you all you need to know...
hth-
------------------------------
Date: 14 Jan 2003 08:02:36 -0800
From: falconflyr@snet.net (Pete)
Subject: Variable naming convention
Message-Id: <4ca21189.0301140802.153b57a3@posting.google.com>
Is there a way to dynamically define a set of variable names such that
the name itself consists of alpha and numeric characters, but where
the alpha portion remains the same and the numeric portion changes for
based on numbers in a loop or range? If the loop or range of numbers
is say ($num=1, $num<=10, $num++), and the base variable name is
$name, then I want my actual variable names to be like this: $name1,
$name2, $name3, etc.
------------------------------
Date: 14 Jan 2003 16:16:39 GMT
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Re: Variable naming convention
Message-Id: <b01d57$jnm$4@mamenchi.zrz.TU-Berlin.DE>
Pete <falconflyr@snet.net> wrote in comp.lang.perl.misc:
> Is there a way to dynamically define a set of variable names such that
> the name itself consists of alpha and numeric characters, but where
> the alpha portion remains the same and the numeric portion changes for
> based on numbers in a loop or range?
Yes, it's called an array.
> If the loop or range of numbers
> is say ($num=1, $num<=10, $num++), and the base variable name is
> $name, then I want my actual variable names to be like this: $name1,
> $name2, $name3, etc.
What you are up to is creating variables through symbolic references,
and this means you're up to no good. For a short explanation why this
is bad, see "perldoc -q 'variable as a variable'".
Just declare an array "my @name", and use "$name[ 3]" where you would
use $name3. Instead of "3" there could be any kind of expression,
including a variable like "$num". This is what arrays were designed
for.
Anno
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 4402
***************************************
