[22898] in Perl-Users-Digest
Perl-Users Digest, Issue: 5118 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Fri Jun 13 18:06:34 2003
Date: Fri, 13 Jun 2003 15:05:09 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Fri, 13 Jun 2003 Volume: 10 Number: 5118
Today's topics:
Re: `du -bs $dir` question (Math55)
encrypt/decrypt module that uses only printable chars? (mark)
Re: encrypt/decrypt module that uses only printable cha <mbudash@sonic.net>
Re: encrypt/decrypt module that uses only printable cha ctcgag@hotmail.com
https authentication ([nix])
Re: Permute List of Lists? ctcgag@hotmail.com
Re: Permute List of Lists? (Quantum Mechanic)
Re: Permute List of Lists? ctcgag@hotmail.com
Re: Question about regular expression optimization <Wolfgang_.fischer@freenet.de>
Re: Question about regular expression optimization (Jay Tilton)
quoting problem???? <urzaserra@home.com>
Re: quoting problem???? <mbudash@sonic.net>
Re: quoting problem???? <usenet@expires082003.tinita.de>
Re: quoting problem???? <urzaserra@home.com>
request in print<<test; <ghostnr1@telia.com>
require specific version as opposed to > than version <abc@nowhere.com>
Re: require specific version as opposed to > than versi (Sam Holden)
Sanitizing incoming string <notvalid@hotmail.com>
Re: Sanitizing incoming string (Sam Holden)
Re: Sanitizing incoming string <notvalid@hotmail.com>
Re: Using a while loop to search/remove lines.. (Quantum Mechanic)
Re: Variable value being interpreted as HTML <usenet@expires082003.tinita.de>
Re: Variable value being interpreted as HTML <glex_nospam@qwest.net>
variables printed are the same yet fail equality test (David Sperling)
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: 13 Jun 2003 14:23:32 -0700
From: magelord@t-online.de (Math55)
Subject: Re: `du -bs $dir` question
Message-Id: <a2b8188a.0306131323.5f0db73c@posting.google.com>
"Bernard El-Hagin" <bernard.el-hagin@DODGE_THISlido-tech.net> wrote in message news:<Xns93997C4337561elhber1lidotechnet@62.89.127.66>...
> Math55 wrote:
>
> > "Bernard El-Hagin" wrote:
> >
> >> Math55 wrote:
> >>
> >> > hello, i wrote the following subroutine.
> >> >
> >> > sub getFolderSize{
> >> >
> >> > my $FolderPath = shift;
> >> >
> >> > my $du_parse = `du -bs $_`;
> >> ^^
> >>
> >>
> >> > $du_parse =~ /^(\d+)/;
> >> > $dirSizeTest = $1;
> >> > return $dirSizeTest;
> >> >
> >> > }
> >> >
> >> > i try to use it to geth the size of a directory with all its
> >> > subdirs. the method is called with a path like /home/test. it
> >> > always gives me 12980 bytes, for EVERY directory!! whats wrong?
> >>
> >>
> >> Your folder path is in $FolderPath but you're du()ing what's in $_.
> >
> > yes right, when i use the $FolderPAth, nothing happens, the program
> > starts and it freezes. or is du that slow?
>
>
> How are you calling getFolderSize() ?
>
>
> --
> Cheers,
> Bernard
hi, like that...$path is every path that is a directory, like /home,
/home/test and so on...
getFolderSize($path)
THANKS
------------------------------
Date: 13 Jun 2003 12:29:21 -0700
From: olhipie@qwest.net (mark)
Subject: encrypt/decrypt module that uses only printable chars?
Message-Id: <ff7ef7bd.0306131129.5a530ee@posting.google.com>
I'm trying to encrypt and decrypt ascii strings, and the Crypt::xx
modules that I have tried all work great, but produce non printable
chars in the encryption phase. Is there a switch or particular module
that that I could use?
Thanks, Mark
------------------------------
Date: Fri, 13 Jun 2003 19:36:14 GMT
From: Michael Budash <mbudash@sonic.net>
Subject: Re: encrypt/decrypt module that uses only printable chars?
Message-Id: <mbudash-A9EC4F.12361413062003@typhoon.sonic.net>
In article <ff7ef7bd.0306131129.5a530ee@posting.google.com>,
olhipie@qwest.net (mark) wrote:
> I'm trying to encrypt and decrypt ascii strings, and the Crypt::xx
> modules that I have tried all work great, but produce non printable
> chars in the encryption phase. Is there a switch or particular module
> that that I could use?
>
> Thanks, Mark
hex-ify it after encrypting:
$hex_encrypted = unpack ("H*", $encrypted);
and de-hex-ify it before decrypting:
$encrypted = pack ("H*", $hex_encrypted);
hth-
--
Michael Budash
------------------------------
Date: 13 Jun 2003 20:08:42 GMT
From: ctcgag@hotmail.com
Subject: Re: encrypt/decrypt module that uses only printable chars?
Message-Id: <20030613160842.113$0i@newsreader.com>
Michael Budash <mbudash@sonic.net> wrote:
> In article <ff7ef7bd.0306131129.5a530ee@posting.google.com>,
> olhipie@qwest.net (mark) wrote:
>
> > I'm trying to encrypt and decrypt ascii strings, and the Crypt::xx
> > modules that I have tried all work great, but produce non printable
> > chars in the encryption phase. Is there a switch or particular module
> > that that I could use?
> >
> > Thanks, Mark
>
> hex-ify it after encrypting:
>
> $hex_encrypted = unpack ("H*", $encrypted);
>
> and de-hex-ify it before decrypting:
>
> $encrypted = pack ("H*", $hex_encrypted);
I was going to recommend uuencoding it:
$uu=pack "u", $encrypted;
$encrypted=unpack "u",$uu;
I hadn't thought of doing it your way, using unpack to do the packing
and pack to the unpacking. :)
Xho
--
-------------------- http://NewsReader.Com/ --------------------
Usenet Newsgroup Service New Rate! $9.95/Month 50GB
------------------------------
Date: 13 Jun 2003 14:49:54 -0700
From: maumul@hotmail.com ([nix])
Subject: https authentication
Message-Id: <f9b2fa1a.0306131349.49d6a55f@posting.google.com>
Hi,
I have a script which log on to a secure website, but it's always
failed. I mean, It can't log in. For HTTPS request, I'm using
Crypt::SSLeay 0.49. I really appreciate it if someone could give me
advice on this, like the complete requirements for authentication
against a secure website from perl.
Below is my code:
#!/usr/bin/perl -w
#$|++;
use LWP;
use LWP::Debug '+'; # debug mode active
use URI::URL;
use HTTP::Cookies::Mozilla;
use HTTP::Request;
use HTTP::Request::Common;
use HTTP::Headers;
use strict;
$ENV{HTTPS_VERSION} = 23;
$ENV{HTTPS_DEBUG} = 8;
$ENV{HTTPS_CERT_FILE} = 'Crypt-SSLeay-0.49/certs/notacacert.pem';
$ENV{HTTPS_KEY_FILE} = 'Crypt-SSLeay-0.49/certs/notacakeynopass.pem';
$ENV{HTTPS_CA_FILE} = '/usr/share/ssl/certs/ca-bundle.crt';
$ENV{HTTPS_CA_DIR} = '/usr/share/ssl/certs';
my($statement_URL,$hdr,$server_response,$redirect_location);
$statement_URL="https://some.secure.site/loc/thefile.dll";
$hdr="param1=val1¶m2=val2";
$server_response=&browse($statement_URL,$hdr,'POST','login'); ##
Fire the URL
$server_response=~ /Location:\s+(.*)\n/;
$redirect_location=$1;
#print $server_response;
sub browse(){
my($statement_URL,$hdr,$method,$action)=@_;
my($content_type,$response);
$content_type = "application/x-www-form-urlencoded";
my($ua) = new LWP::UserAgent;
$ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1)");
push @{ $ua->requests_redirectable }, 'POST';
my($cookie) = new HTTP::Cookies::Mozilla(File =>
'/my/cookies/loc/cookies.txt', autosave => 1, ignore_discard => 1);
my($headers) = new HTTP::Headers('Content-Type' => $content_type,
'Date' => HTTP::Date::time2str(time), 'Accept' => 'text/html');
my($url)= new URI::URL($statement_URL);
my($request)= new HTTP::Request($method, $url, $headers, $hdr);
print "\n\nprocessing URL: ".$url."\n\n";
$request->authorization_basic('mchandra', 'N4W4ilum');
$ua->cookie_jar($cookie);
$cookie->add_cookie_header($request);
$response= $ua->request($request);
$cookie->extract_cookies($response);
my($reply);
if ($response->is_success){
$reply=$response->content;
} else {
$reply=$response->error_as_HTML();
}
return $reply;
}
------------------------------
Date: 13 Jun 2003 19:04:12 GMT
From: ctcgag@hotmail.com
Subject: Re: Permute List of Lists?
Message-Id: <20030613150412.297$hz@newsreader.com>
david.evans@vir.gla.ac.uk (David) wrote:
> I have a list of lists, something like ([a,b],[i,j,k],[y,z]) and need
> to permute every possible combination i.e. aiy aiz ajy ajz aky akz ..
> bkz etc.
I don't think that this is classically called permutation. It's
more a combinatorics problem. That may help direct your search for
already existing solutions.
Do you want to got one list with all possible combinations at once
(like keys %hash does), that's easy to do with recursion if you have
enough memory, or something that will step through all the combinations one
at a time (like each %hash does), invisibly saving state for you?
Xho
--
-------------------- http://NewsReader.Com/ --------------------
Usenet Newsgroup Service New Rate! $9.95/Month 50GB
------------------------------
Date: 13 Jun 2003 13:03:42 -0700
From: quantum_mechanic_1964@yahoo.com (Quantum Mechanic)
Subject: Re: Permute List of Lists?
Message-Id: <f233f2f0.0306131203.57b499a0@posting.google.com>
david.evans@vir.gla.ac.uk (David) wrote in message news:<4097909c.0306130638.5523adb3@posting.google.com>...
> I have a list of lists, something like ([a,b],[i,j,k],[y,z]) and need
> to permute every possible combination i.e. aiy aiz ajy ajz aky akz ..
> bkz etc.
Seems like this is a job for glob:
@permutations = glob( "{a,b}{i,j,k}{y,z}" );
print "@permutations\n";
# prints: aiy aiz ajy ajz aky akz biy biz bjy bjz bky bkz
---
However, if you have 6 choices at 10 places, that's 60M combinations,
which will take some time just to generate. I tried it on a moderate
machine -- not too fast, not too slow -- and 6^10 would take about 20
minutes, if it didn't run out of memory.
To avoid memory overflow, you can use glob as an iterator:
while ( my $p = glob( "{a,b}{i,j,k}{y,z}" ) )
{
print "$p\n";
}
-QM
------------------------------
Date: 13 Jun 2003 20:46:34 GMT
From: ctcgag@hotmail.com
Subject: Re: Permute List of Lists?
Message-Id: <20030613164634.241$R0@newsreader.com>
quantum_mechanic_1964@yahoo.com (Quantum Mechanic) wrote:
> david.evans@vir.gla.ac.uk (David) wrote in message
> news:<4097909c.0306130638.5523adb3@posting.google.com>...
> > I have a list of lists, something like ([a,b],[i,j,k],[y,z]) and need
> > to permute every possible combination i.e. aiy aiz ajy ajz aky akz ..
> > bkz etc.
>
> Seems like this is a job for glob:
>
> @permutations = glob( "{a,b}{i,j,k}{y,z}" );
>
> print "@permutations\n";
>
> # prints: aiy aiz ajy ajz aky akz biy biz bjy bjz bky bkz
How unexpected. I would have thought glob to return only those
strings for which files of that name actually exist in the cwd.
But I see that this (and the shell, also) do perform the
curly bracket combinatorics regardless of file existence.
...
>
> To avoid memory overflow, you can use glob as an iterator:
>
> while ( my $p = glob( "{a,b}{i,j,k}{y,z}" ) )
> {
> print "$p\n";
> }
Alas, that doesn't seem to work as intended. It appears that the
glob builds the entire list first, then iterates over it.
It still uses massive amounts of memory. (perl 5.6.1).
If the OP is still looking, I threw this together.
It returns a list of the chosen elements, instead of concatted
strings:
__test.pl__
#!/usr/bin/perl -w
use Comb;
my $c=Comb::new([qw/a b/],[qw/i j k/],[qw/y z/] );
while (my @x=$c->next()) {
print "@x\n";
};
__Comb.pm__
#!/usr/bin/perl -w
## I hand fixed some wrap problems from the cut and paste
## hopefully I didn't make any bugs in doing so.
package Comb;
use strict;
use Carp;
sub new {
my $self={};
ref $_ eq ref [] or croak "illegal argument, non-arrayref" foreach @_;
@$_ > 0 or croak "illgal argument, ref to empty array" foreach @_;
$self->{list}=[map [@$_], @_];
$self->{ix}=[map 0, @_];
bless $self;
};
sub next {
my $self=shift;
return () if exists $self->{done};
my $last=$#{$self->{list}};
my @return=map $self->{list}[$_][$self->{ix}[$_]], 0..$last;
$self->{ix}[$last]++; #Add one
##propagate the carry upon overflow
while ($self->{ix}[$last] == @{$self->{list}[$last]} ) {
if ($last==0) {$self->{done}=1; last;};
$self->{ix}[$last]=0;
$self->{ix}[--$last]++;
};
return @return;
};
sub reset {
delete $_[0]->{done};
$_=0 foreach @{$_[0]->{ix}};
};
1;
--
-------------------- http://NewsReader.Com/ --------------------
Usenet Newsgroup Service New Rate! $9.95/Month 50GB
------------------------------
Date: Fri, 13 Jun 2003 23:14:06 +0200
From: Wolfgang Fischer <Wolfgang_.fischer@freenet.de>
Subject: Re: Question about regular expression optimization
Message-Id: <pan.2003.06.13.21.14.06.776198@freenet.de>
On Fri, 13 Jun 2003 15:21:08 +0200, nono54 wrote:
> Hi all
>
> Does anyone know where I can find information about the optimizations the
> perl interpreter performs on regular expressions while compiling them ?
>
>
> For example, considering the following expression : "ab|ac", does the perl
> compiler transform it into "a(?:b|c)", which is more effective ?
Try it out by using the Benchmark module (see perldoc Benchmark for more
information). As Benchmark will run the code thousands of times, it is a
good idea to compile the regexp before.
>
>
> Thanks
>
>
> Pascal
------------------------------
Date: Fri, 13 Jun 2003 21:11:32 GMT
From: tiltonj@erols.com (Jay Tilton)
Subject: Re: Question about regular expression optimization
Message-Id: <3eea3838.170505031@news.erols.com>
nono547@hotmail.com wrote:
: Does anyone know where I can find information about the optimizations the
: perl interpreter performs on regular expressions while compiling them ?
Watching the matching engine at work is illuminating.
use re 'debug';
: For example, considering the following expression : "ab|ac", does the perl
: compiler transform it into "a(?:b|c)", which is more effective ?
By what gauge do you measure effectiveness?
What makes "/a(?:b|c)/" more effective than "/ab|ac/" ?
Is either one of those more effective than "/ab/ || /ac/" ?
------------------------------
Date: Fri, 13 Jun 2003 12:27:00 -0700
From: "matt" <urzaserra@home.com>
Subject: quoting problem????
Message-Id: <BzpGa.22761$1e.4384@fed1read04>
I am trying to have a browser suplied database table name be used instead of
a hard coded one in the cgi script file, so i wont have to have dozens of
script files for each of my table.
I am getting the following error from the browser when i run this
Could not execute: You have an error in your SQL syntax near '' at line 1 at
browse3.cgi line 14.
I dont think it is an sql problem because when i put the table name in it
works fine.
What is wrong here??? I think it is some sort of quoting problem
#!/usr/local/bin/perl
use DBI;
use CGI::Carp 'fatalsToBrowser';
use CGI qw( :standard );
my $dbname = param( "$dbname123" );
my $db = DBI->connect("database",username, password)
|| die 'could not connect: ' . DBI->errstr;
my $sth = $db->prepare("SELECT * FROM $dbname123")
|| die "Could not prepare: " . $db->errstr;
$sth->execute() || die "Could not execute: " . $sth->errstr;
print "Content-type: text/html\n\n";
print '<table border="1">';
print "<tr>";
print "<td>Item</td>";
print "<td>Points Worth</td>";
print "<td>Quantity in Stock</td>";
print "</tr>";
while (my $record = $sth->fetchrow_hashref())
{
print "<tr>";
print "<td>" . $record->{'Item'} . "</td>";
print "<td>" . $record->{'Points Worth'} . "</td>";
print "<td>" . $record->{'Quantity in Stock'} . "</td>";
print "</tr>";
}
$sth->finish();
print "</table>";
------------------------------
Date: Fri, 13 Jun 2003 19:32:10 GMT
From: Michael Budash <mbudash@sonic.net>
Subject: Re: quoting problem????
Message-Id: <mbudash-1700BE.12320913062003@typhoon.sonic.net>
In article <BzpGa.22761$1e.4384@fed1read04>,
"matt" <urzaserra@home.com> wrote:
> I am trying to have a browser suplied database table name be used instead of
> a hard coded one in the cgi script file, so i wont have to have dozens of
> script files for each of my table.
>
> I am getting the following error from the browser when i run this
>
> Could not execute: You have an error in your SQL syntax near '' at line 1 at
> browse3.cgi line 14.
> I dont think it is an sql problem because when i put the table name in it
> works fine.
>
>
> What is wrong here??? I think it is some sort of quoting problem
>
> #!/usr/local/bin/perl
>
> use DBI;
> use CGI::Carp 'fatalsToBrowser';
> use CGI qw( :standard );
>
> my $dbname = param( "$dbname123" );
based ont he rest of your code, this should probably be:
my $dbname123 = param( "dbname123" );
>
> my $db = DBI->connect("database",username, password)
> || die 'could not connect: ' . DBI->errstr;
>
> my $sth = $db->prepare("SELECT * FROM $dbname123")
> || die "Could not prepare: " . $db->errstr;
> $sth->execute() || die "Could not execute: " . $sth->errstr;
>
> print "Content-type: text/html\n\n";
> print '<table border="1">';
>
> print "<tr>";
> print "<td>Item</td>";
> print "<td>Points Worth</td>";
> print "<td>Quantity in Stock</td>";
> print "</tr>";
>
>
> while (my $record = $sth->fetchrow_hashref())
> {
>
> print "<tr>";
> print "<td>" . $record->{'Item'} . "</td>";
> print "<td>" . $record->{'Points Worth'} . "</td>";
> print "<td>" . $record->{'Quantity in Stock'} . "</td>";
> print "</tr>";
> }
> $sth->finish();
>
> print "</table>";
>
>
HTH-
--
Michael Budash
------------------------------
Date: 13 Jun 2003 19:36:41 GMT
From: Tina Mueller <usenet@expires082003.tinita.de>
Subject: Re: quoting problem????
Message-Id: <bcd949$hvdhj$1@ID-24002.news.dfncis.de>
matt wrote:
> #!/usr/local/bin/perl
> use DBI;
> use CGI::Carp 'fatalsToBrowser';
> use CGI qw( :standard );
> my $dbname = param( "$dbname123" );
^^^
where does $dbname123 come from?
> my $db = DBI->connect("database",username, password)
> || die 'could not connect: ' . DBI->errstr;
> my $sth = $db->prepare("SELECT * FROM $dbname123")
^^^
again: where does $dbname123 come from?
put this:
use strict;
use warnings;
at the top of your scripts. this helps you avoiding things like that
next time.
--
http://www.tinita.de/ \ enter__| |__the___ _ _ ___
http://Movies.tinita.de/ \ / _` / _ \/ _ \ '_(_-< of
http://www.perlquotes.de/ \ \ _,_\ __/\ __/_| /__/ perception
- my mail address expires end of august 2003 -
------------------------------
Date: Fri, 13 Jun 2003 12:52:26 -0700
From: "matt" <urzaserra@home.com>
Subject: Re: quoting problem????
Message-Id: <qXpGa.22763$1e.21960@fed1read04>
"Michael Budash" <mbudash@sonic.net> wrote in message
news:mbudash-1700BE.12320913062003@typhoon.sonic.net...
> In article <BzpGa.22761$1e.4384@fed1read04>,
> "matt" <urzaserra@home.com> wrote:
>
> > I am trying to have a browser suplied database table name be used
instead of
> > a hard coded one in the cgi script file, so i wont have to have dozens
of
> > script files for each of my table.
> >
> > I am getting the following error from the browser when i run this
> >
> > Could not execute: You have an error in your SQL syntax near '' at line
1 at
> > browse3.cgi line 14.
> > I dont think it is an sql problem because when i put the table name in
it
> > works fine.
> >
> >
> > What is wrong here??? I think it is some sort of quoting problem
> >
> > #!/usr/local/bin/perl
> >
> > use DBI;
> > use CGI::Carp 'fatalsToBrowser';
> > use CGI qw( :standard );
> >
> > my $dbname = param( "$dbname123" );
>
> based ont he rest of your code, this should probably be:
>
> my $dbname123 = param( "dbname123" );
>
> >
> > my $db = DBI->connect("database",username, password)
> > || die 'could not connect: ' . DBI->errstr;
> >
> > my $sth = $db->prepare("SELECT * FROM $dbname123")
> > || die "Could not prepare: " .
$db->errstr;
> > $sth->execute() || die "Could not execute: " . $sth->errstr;
> >
> > print "Content-type: text/html\n\n";
> > print '<table border="1">';
> >
> > print "<tr>";
> > print "<td>Item</td>";
> > print "<td>Points Worth</td>";
> > print "<td>Quantity in Stock</td>";
> > print "</tr>";
> >
> >
> > while (my $record = $sth->fetchrow_hashref())
> > {
> >
> > print "<tr>";
> > print "<td>" . $record->{'Item'} . "</td>";
> > print "<td>" . $record->{'Points Worth'} . "</td>";
> > print "<td>" . $record->{'Quantity in Stock'} . "</td>";
> > print "</tr>";
> > }
> > $sth->finish();
> >
> > print "</table>";
> >
> >
Thanks that did it.
>
>
> HTH-
> --
> Michael Budash
------------------------------
Date: Fri, 13 Jun 2003 21:58:07 GMT
From: "GhostNr1" <ghostnr1@telia.com>
Subject: request in print<<test;
Message-Id: <PNrGa.15367$dP1.29583@newsc.telia.net>
I use CGI.pm and do a request like $q->param('test') and I need to put it in
print<<example;
some text maby <br> and the $q->param('test')
example
The problem is that it only take $q->param and skip ('test') can I put that
in allso or must I buffer it to example $test = $q->param('test')? The code
is so mutch better if I can skip that.
thx
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.489 / Virus Database: 288 - Release Date: 6/10/2003
------------------------------
Date: Fri, 13 Jun 2003 20:59:36 GMT
From: ktom <abc@nowhere.com>
Subject: require specific version as opposed to > than version
Message-Id: <3EEA3B38.2060009@nowhere.com>
with respect to using versions in modules.
we would place the following command in our perl file to use the module
info.
use SomeModule 1.23;
which according to the docs indicates that the module $VERSION must be
1.23 or greater.
what if i want it to use ONLY 1.23, not greater, not lessor?
can that be done?
thanks..
------------------------------
Date: 13 Jun 2003 21:08:00 GMT
From: sholden@flexal.cs.usyd.edu.au (Sam Holden)
Subject: Re: require specific version as opposed to > than version
Message-Id: <slrnbekf9g.bdl.sholden@flexal.cs.usyd.edu.au>
On Fri, 13 Jun 2003 20:59:36 GMT, ktom <abc@nowhere.com> wrote:
> with respect to using versions in modules.
>
> we would place the following command in our perl file to use the module
> info.
>
> use SomeModule 1.23;
>
> which according to the docs indicates that the module $VERSION must be
> 1.23 or greater.
>
> what if i want it to use ONLY 1.23, not greater, not lessor?
die unless $SomeModule::VERSION == 1.23;
That's assumming the module hasn't overridden the VERSION method to
do something else of course...
--
Sam Holden
------------------------------
Date: Fri, 13 Jun 2003 21:53:59 +0200
From: "Jeff" <notvalid@hotmail.com>
Subject: Sanitizing incoming string
Message-Id: <3eea2bb8$1@news.broadpark.no>
Hi.
Would anybody be so kind to explain to me why this code snippet doesn't
behave as I expect it to? It's supposed to remove characters I have not
defined in $ok_chars from a submitted string in a web form.
And it does just that.
What baffles me is that my copy of the parameter -
* my $incoming = $q->param('incoming'); * is not sanitized. Why on earth
not?
Any input would be appreciated.
Code snippet follows:
#!/usr/bin/perl -wT
use strict;
use CGI qw/:standard/;
use CGI::Carp qw/ fatalsToBrowser warningsToBrowser /;
use HTML::Entities;
print "Content-type: text/html \n\n";
my $q = new CGI;
my $ok_chars = 'a-zA-Z0-9';
foreach my $param_name ( param() ) {
$_ = HTML::Entities::decode( param($param_name) );
$_ =~ s/[^$ok_chars]//go;
param($param_name,$_);
}
my $incoming = $q->param('incoming');
print "My fine incoming string looks like this: ",
param('incoming'),
" -and is properly sanitized.<br>";
print "And this, I hoped, should look just the same:
$incoming <br>
- exept this contains all characters submitted to the script";
exit;
------------------------------
Date: 13 Jun 2003 20:42:43 GMT
From: sholden@flexal.cs.usyd.edu.au (Sam Holden)
Subject: Re: Sanitizing incoming string
Message-Id: <slrnbekdq3.b3a.sholden@flexal.cs.usyd.edu.au>
On Fri, 13 Jun 2003 21:53:59 +0200, Jeff <notvalid@hotmail.com> wrote:
> Hi.
>
> Would anybody be so kind to explain to me why this code snippet doesn't
> behave as I expect it to? It's supposed to remove characters I have not
> defined in $ok_chars from a submitted string in a web form.
>
> And it does just that.
>
> What baffles me is that my copy of the parameter -
> * my $incoming = $q->param('incoming'); * is not sanitized. Why on earth
> not?
Because you set the sanitised versions with the function interface.
While you set $incoming by using a CGI object you created earlier that
isn't affected by the changes (since it is seperate).
Use one of the interfaces, don't randomly change between them.
>
[snipping lots]
> my $q = new CGI;
creating an object
> param($param_name,$_);
function interface...
>
> my $incoming = $q->param('incoming');
method of the object (whose data wasn't affected by the function call above)
>
> print "My fine incoming string looks like this: ",
> param('incoming'),
> " -and is properly sanitized.<br>";
> print "And this, I hoped, should look just the same:
> $incoming <br>
> - exept this contains all characters submitted to the script";
One of each.
--
Sam Holden
------------------------------
Date: Fri, 13 Jun 2003 23:10:25 +0200
From: "Jeff" <notvalid@hotmail.com>
Subject: Re: Sanitizing incoming string
Message-Id: <3eea3da5@news.broadpark.no>
"Sam Holden" <sholden@flexal.cs.usyd.edu.au> wrote in message:
news:slrnbekdq3.b3a.sholden@flexal.cs.usyd.edu.au...
> On Fri, 13 Jun 2003 21:53:59 +0200, Jeff <notvalid@hotmail.com> wrote:
> > * my $incoming = $q->param('incoming'); * is not sanitized. Why on
earth
> > not?
> Because you set the sanitised versions with the function interface.
> While you set $incoming by using a CGI object you created earlier that
> isn't affected by the changes (since it is seperate).
> Sam Holden
Your answer solved my problem. I did not realize that changes to
param('incoming') would not affect $q->param('incoming'). Thanks for taking
your time to enlighten me!
Jeff
------------------------------
Date: 13 Jun 2003 11:07:54 -0700
From: quantum_mechanic_1964@yahoo.com (Quantum Mechanic)
Subject: Re: Using a while loop to search/remove lines..
Message-Id: <f233f2f0.0306131007.3e73c87d@posting.google.com>
evia@excel.com (Eric) wrote in message news:<9bdebd3.0306130646.5bf72e64@posting.google.com>...
> open(OUTPUT, ">MODIFIED_$file") || die "Can't open the output
> file!\n";
> open(INFO, $file) || die "WHERE IS IT ERIC!!? Fool!\n";
> while(<INFO>){
> $originalcount++;
> $tpn = substr($_,196,5);
> if ($tpn != "10638"
> && $tpn != "10638"
> && $tpn != "40843"
> && $tpn != "30808"
> && $tpn != "33548") {
> print OUTPUT "$_";
> $keep++
> } else {
> $removecount++
> }
> }
# put your numbers in a file, one per line
my $num_file = shift; # or however else you set it
open(NUM, $num_file) || die "Can't open file of numbers";
my @nums = <NUM>;
# or if you need to put them in the script (but I'd put them in a
file):
my @nums = qw( 123 456 789 );
my $num_re = join '|', @nums;
open(OUTPUT, ">MODIFIED_$file") || die "Can't open the output
file!\n";
open(INFO, $file) || die "WHERE IS IT ERIC!!? Fool!\n";
while(<INFO>){
$originalcount++;
my $tpn = substr($_,196,5);
if ( $tpn !~ /$num_re/o ) { # /o for one-time interpolation
print OUTPUT "$_";
$keep++;
} else {
$removecount++;
}
}
####
Or you could do it with more sophistication, and perhaps faster, by
using a hash to store the lines by the numeric field, then deleting
hash entries that correspond to your number list. However, if line
order is important, you'll have to change this a bit:
open(INFO, $file) || die "WHERE IS IT ERIC!!? Fool!\n";
my %line_hash;
while(<INFO>){
$originalcount++;
push @{$line_hash{substr($_,196,5)}}, $_; # handle duplicate keys
with push
}
# put your numbers in a file, one per line
my $num_file = shift; # or however else you set it
open(NUM, $num_file) || die "Can't open file of numbers";
my @nums = <NUM>;
foreach my $num ( @nums ){
delete $line_hash{$num} if exists $line_hash{$num};
}
print OUTPUT @{$_} foreach ( values %line_hash );
HTH,
-QM
------------------------------
Date: 13 Jun 2003 18:56:37 GMT
From: Tina Mueller <usenet@expires082003.tinita.de>
Subject: Re: Variable value being interpreted as HTML
Message-Id: <bcd6p5$hiqlc$1@ID-24002.news.dfncis.de>
Ian wrote:
> When I have a variable with that
> name it gets mangled in the process going from "title" to "<title />"
> which of course screws things up.
[...]
> $cols[3]=title;
you don't have a variable with the name "title", but
you have a variable that now contains the output of the function
title from CGI.pm.
i guess you wanted to write
$cols[3] = "title";
strings have to be quoted in Perl (and in most other languages,
i guess). when Perl doesn't find a function with that name,
it uses it as a string.
you should always enable warnings, either with -w or
with "use warnings;"
hth, tina
--
http://www.tinita.de/ \ enter__| |__the___ _ _ ___
http://Movies.tinita.de/ \ / _` / _ \/ _ \ '_(_-< of
http://www.perlquotes.de/ \ \ _,_\ __/\ __/_| /__/ perception
- my mail address expires end of august 2003 -
------------------------------
Date: Fri, 13 Jun 2003 14:00:41 -0500
From: "J. Gleixner" <glex_nospam@qwest.net>
Subject: Re: Variable value being interpreted as HTML
Message-Id: <ibpGa.107$vb7.41219@news.uswest.net>
Ian wrote:
> I'm trying to use Win32::ODBC to pull some data from an existing
> table. The trouble is that one of the table columns is called "title"
> which appears to be confusing Perl. When I have a variable with that
> name it gets mangled in the process going from "title" to "<title />"
> which of course screws things up.
>
> Here's a section of the code I've used to find this:
> #Initialize beginning values
> $DSN=helpdesk_db;
> $table1=problems;
> $cols[0]=ulocation;
> $cols[1]=rep;
> $cols[2]=status;
> $cols[3]=title;
> $cols[4]=description;
> $cols[5]=start_date;
> $cols[6]=priority;
>
>
> ### Begin
> print header();
> print start_html();
> print "<P>$cols[0], $cols[1], $cols[2], $cols[3], $cols[4], $cols[5],
> $cols[6]\n";
>
> Here's the output:
> <?xml version="1.0" encoding="utf-8"?>
> <!DOCTYPE html
> PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
> "http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd">
> <html xmlns="http://www.w3.org/1999/xhtml"
> lang="en-US"><head><title>Untitled Document</title>
> </head><body>
> <P>ulocation, rep, status, <title />, description, start_date,
> priority
>
> Has anyone seen this before?
No, because most people quote their strings.
The issue is from CGI.pm, which you didn't include but it seems to be
where header, start_html, and the various XHTML tags are coming from.
If you do:
use CGI qw(:standard); # or something similiar
$cols[3]=title; # sets $cols[3] to the CGI::title method
$cols[3]='title'; # sets $cols[3] to a string with a value of
# title
If you'd have used warnings
use warnings;
It'd have pointed out your problem.
>
> TIA,
> Ian
------------------------------
Date: 13 Jun 2003 12:54:21 -0700
From: zzzouch@yahoo.com (David Sperling)
Subject: variables printed are the same yet fail equality test
Message-Id: <eedb7d58.0306131154.5193fad5@posting.google.com>
Hi-
Data read from my utf-8 text file fails the following test:
if($value eq "h1"))
while $value prints as "h1"
Here is a snippet from the utf-8 text file:
AJ0001,h1,
AJ0002,h1,
AJ0003,h1,
Here is the output:
value :h1: is not :h1:
value :h1: is not :h1:
value :h1: is not :h1:
if I use data from within the source file
the test evaluates true.
value :h1:equals :h1:
value :h1:equals :h1:
value :h1:equals :h1:
If I switch the data in the text file around to h1,AJ0001
and switch $keys and $value variables around it evaluates true;
I tried comparing the utf-8 hex code for the output but
both sides seemed to come up the same.
Any ideas on how to debug this would be greatly appreciated.
Cheers,
David Sperling ds@no_spam_englishhouse.com
my %group = <= read from text file with the subs below;
sub show_group()
{
my %food = ( # changed %group to %food and tested ok
AJ0001=>"h1",
AJ0002=>"h1",
AJ0003=>"h1"
);
while ( (my $key, my $value) = each(%group) )
{
if(defined $key && defined $value )
{
if($value eq "h1")
{
print "value :", $value, ":equals :h1:\n";
}
else
{
print "value :", $value, ": is not :h1:\n";
}
}
}
}
sub get_file($)
{
# grab the first parameter from @_
my $location = shift;
$/ = undef; # sets the file separator to nothing
open IN, $location or die "$! cant't find file at $location";
my $file = <IN>;
return $file;
}
sub to_hash(\%$)
{
my $hash_ref = shift; # load arguments
my $string = shift;
my ($left_column, $right_column);
#split into lines
my @lines = split(/\n/,$string);
my $i = 0;
#split into product # and right_column/ name values
foreach (@lines)
{
($left_column, $right_column) = (split/,/);
if(defined $left_column && $right_column)
{
${$hash_ref}{$left_column} = $right_column;
}
}
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 5118
***************************************
