[23485] in Perl-Users-Digest
Perl-Users Digest, Issue: 5698 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Wed Oct 22 18:10:44 2003
Date: Wed, 22 Oct 2003 15:10:13 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Wed, 22 Oct 2003 Volume: 10 Number: 5698
Today's topics:
Oddity with the x and . operators <dwilga-MUNGE@mtholyoke.edu>
Re: Oddity with the x and . operators <ak+usenet@freeshell.org>
Re: Oddity with the x and . operators <asu1@c-o-r-n-e-l-l.edu>
Re: Oddity with the x and . operators <usenet@expires12.2003.tinita.de>
Re: Oddity with the x and . operators <ddunham@redwood.taos.com>
Re: Oddity with the x and . operators <dwilga-MUNGE@mtholyoke.edu>
Re: Oddity with the x and . operators <xx087@freenet.carleton.ca>
Pattern match over mutiple files is slow - Help Needed (RV)
Re: Pattern match over mutiple files is slow - Help Nee <ddunham@redwood.taos.com>
Re: Perl and IIS - script runs but 'The page cannot be (Jay Tilton)
Re: Perl and IIS - script runs but 'The page cannot be (stew dean)
Re: Perl and IIS - script runs but 'The page cannot be (stew dean)
Re: Regex to extract row data from text (Copy of data i <timbenz@timbenz.com>
Simulating case sensitivity for win32 files (M&M)
Re: Taint - having some real trouble here, taint/perl e <ddunham@redwood.taos.com>
Re: Taint - having some real trouble here, taint/perl e (Ben)
Re: Taint - having some real trouble here, taint/perl e <grazz@pobox.com>
Re: Taint - having some real trouble here, taint/perl e <flavell@ph.gla.ac.uk>
while each hash, why not array <robertw@nospam.acm.org>
Re: while each hash, why not array (Malcolm Dew-Jones)
Re: while each hash, why not array <asu1@c-o-r-n-e-l-l.edu>
Re: while each hash, why not array <ddunham@redwood.taos.com>
Re: while each hash, why not array <michael.p.broida@boeing_oops.com>
Re: while each hash, why not array <kkeller-usenet@wombat.san-francisco.ca.us>
Re: while each hash, why not array <michael.p.broida@boeing_oops.com>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Wed, 22 Oct 2003 15:48:38 -0400
From: Dan Wilga <dwilga-MUNGE@mtholyoke.edu>
Subject: Oddity with the x and . operators
Message-Id: <dwilga-MUNGE-5AE67E.15483822102003@nap.mtholyoke.edu>
I've run into something that has me totally puzzled. If I do this:
print "foo".("." x 5);
as expected, I get:
foo.....
However, if I do:
print ("." x 5)."foo";
I get only:
.....
Why does the "foo" get discarded?
I can get around this by changing the code to:
print scalar("." x 5)."foo"
But, according to perlop, I wouldn't think this should be necessary:
"In scalar context or if the left operand is not enclosed in
parentheses, it returns a string consisting of the left operand repeated
the number of times specified by the right operand."
Shouldn't the use of the '.' operator outside be sufficient to cause the
parenthetical part to be considered a scalar? Even if it's not, and the
bit inside the parens evaluates to a single-element list, I would still
expect to see:
1foo
--
Dan Wilga dwilga-MUNGE@mtholyoke.edu
** Remove the -MUNGE in my address to reply **
------------------------------
Date: Wed, 22 Oct 2003 19:53:38 +0000 (UTC)
From: Andreas Kahari <ak+usenet@freeshell.org>
Subject: Re: Oddity with the x and . operators
Message-Id: <slrnbpdo21.5ee.ak+usenet@norge.freeshell.org>
In article <dwilga-MUNGE-5AE67E.15483822102003@nap.mtholyoke.edu>, Dan Wilga wrote:
[cut]
> However, if I do:
>
> print ("." x 5)."foo";
The argument to print is '"." x 5'. The return value from print
is concatenated with the string "foo" and the result is then
thrown away.
--
Andreas Kähäri
------------------------------
Date: 22 Oct 2003 19:57:38 GMT
From: "A. Sinan Unur" <asu1@c-o-r-n-e-l-l.edu>
Subject: Re: Oddity with the x and . operators
Message-Id: <Xns941CA25C6BF73asu1cornelledu@132.236.56.8>
Dan Wilga <dwilga-MUNGE@mtholyoke.edu> wrote in news:dwilga-MUNGE-
5AE67E.15483822102003@nap.mtholyoke.edu:
> I've run into something that has me totally puzzled. If I do this:
>
> print "foo".("." x 5);
>
> as expected, I get:
>
> foo.....
>
> However, if I do:
>
> print ("." x 5)."foo";
>
> I get only:
>
> .....
>
> Why does the "foo" get discarded?
print (("." x 5)."foo");
--
A. Sinan Unur
asu1@c-o-r-n-e-l-l.edu
Remove dashes for address
Spam bait: mailto:uce@ftc.gov
------------------------------
Date: 22 Oct 2003 20:05:06 GMT
From: Tina Mueller <usenet@expires12.2003.tinita.de>
Subject: Re: Oddity with the x and . operators
Message-Id: <bn6nti$tttv9$1@ID-24002.news.uni-berlin.de>
Dan Wilga wrote:
> However, if I do:
> print ("." x 5)."foo";
> I get only:
> .....
print +("." x 5)."foo";
hth, tina
--
http://www.tinita.de/ \ enter__| |__the___ _ _ ___
http://Movies.tinita.de/ \ / _` / _ \/ _ \ '_(_-< of
http://www.perlquotes.de/ \ \ _,_\ __/\ __/_| /__/ perception
-my address is currently unreachable due to the Swen.A virus-
------------------------------
Date: Wed, 22 Oct 2003 20:15:36 GMT
From: Darren Dunham <ddunham@redwood.taos.com>
Subject: Re: Oddity with the x and . operators
Message-Id: <IzBlb.5669$Oh4.5305@newssvr29.news.prodigy.com>
Dan Wilga <dwilga-MUNGE@mtholyoke.edu> wrote:
> I've run into something that has me totally puzzled. If I do this:
> print "foo".("." x 5);
> as expected, I get:
> foo.....
> However, if I do:
> print ("." x 5)."foo";
> I get only:
> .....
If you get only that, then you're not using warnings.
> Why does the "foo" get discarded?
One of the warnings is...
print (...) interpreted as function at -e line 1.
Perldiag mentions..
%s (...) interpreted as function
(W) You've run afoul of the rule that says that any list
operator followed by parentheses turns into a function,
with all the list operators arguments found inside the
parentheses. See the section on Terms and List
Operators (Leftward) in the perlop manpage.
Which would take you to perlop which explains this in that section.
> I can get around this by changing the code to:
> print scalar("." x 5)."foo"
Right. You got rid of the leading "(" immediately after the print, so
it's not interpreted as the entire argument to the function. There are
several other rewrites you could do.
> Shouldn't the use of the '.' operator outside be sufficient to cause the
> parenthetical part to be considered a scalar? Even if it's not, and the
> bit inside the parens evaluates to a single-element list, I would still
> expect to see:
That's not what the problem is.
--
Darren Dunham ddunham@taos.com
Unix System Administrator Taos - The SysAdmin Company
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >
------------------------------
Date: Wed, 22 Oct 2003 16:16:51 -0400
From: Dan Wilga <dwilga-MUNGE@mtholyoke.edu>
Subject: Re: Oddity with the x and . operators
Message-Id: <dwilga-MUNGE-458A0D.16165122102003@nap.mtholyoke.edu>
Nevermind. I found the answer to my question just a few paragraphs down
in perlop:
"If any list operator (print(), etc.) or any unary operator (chdir(),
etc.) is followed by a left parenthesis as the next token, the operator
and arguments within parentheses are taken to be of highest precedence,
just like a normal function call. Examples:"
There's also a warning in perlfunc:
"Also be careful not to follow the print keyword with a left parenthesis
unless you want the corresponding right parenthesis to terminate the
arguments to the print--interpose a `+' or put parentheses around all
the arguments."
So the code:
print ("." x 5)."foo";
is being evaluated as:
print("." x 5)
and then the return value of the "print" is being concatenated with
"foo" and discarded.
So much of the way Perl works has become intuitive to me after using it
for so long, but this one, I just don't know if I can ever accept it.
(I'm not looking for an argument here, just stating that it seems
unintuitive if you never use the return value from print.)
--
Dan Wilga dwilga-MUNGE@mtholyoke.edu
** Remove the -MUNGE in my address to reply **
------------------------------
Date: 22 Oct 2003 20:13:09 GMT
From: Glenn Jackman <xx087@freenet.carleton.ca>
Subject: Re: Oddity with the x and . operators
Message-Id: <slrnbpdp7o.9ko.xx087@smeagol.ncf.ca>
Dan Wilga <dwilga-MUNGE@mtholyoke.edu> wrote:
> I've run into something that has me totally puzzled. If I do this:
> print "foo".("." x 5);
> as expected, I get:
> foo.....
>
> However, if I do:
> print ("." x 5)."foo";
> I get only:
> .....
The left paranthesis is being consumed by the print operator, and the
concatenation operator has lower precedence. The perlop man page says:
If any list operator (print(), etc.) or any unary operator
(chdir(), etc.) is followed by a left parenthesis as the
next token, the operator and arguments within parentheses
are taken to be of highest precedence, just like a normal
function call.
See what perl tells you:
$ perl -we 'print ("." x 5)."foo";'
print (...) interpreted as function at -e line 1.
Useless use of concatenation (.) or string in void context at -e line 1.
.....
To obtain happiness, add more parentheses or use the unary plus operator:
$ perl -we 'print(("." x 5)."foo");'
.....foo
$ perl -we 'print +("." x 5)."foo";'
.....foo
--
Glenn Jackman
NCF Sysadmin
glennj@ncf.ca
------------------------------
Date: 22 Oct 2003 13:54:52 -0700
From: rvstore1@yahoo.com (RV)
Subject: Pattern match over mutiple files is slow - Help Needed !
Message-Id: <35c0f847.0310221254.744636e5@posting.google.com>
< Note: Posted this message earlier today to comp.lang.perl - then
realized that it was defunct. Hence posting it to this group >
Hi:
Am having a huge performance problem in one of my scripts.
I have an array containing some reference keys. ( about 1000 entries
or so ).
I also have a list of files ( about 100 or so ) and I need to locate
occurence of these keys in all of the files and replace with some
value ( lets say the key-value hash is also given ).
My code looks something like this:
#Note: %keyval --> holds the key-value mapping
# @keylist - is the array with the 1000 keys ( like keys %keyval )
# @files - holds the list of files ( about 100 or so ).
foreach $f ( @files )
{
#open file - validate etc - assume it is opened as <FH>
while(<FH>) #each line
{
$line=$_ ;
foreach $k (@keylist)
{
$line =~ s/$k/$keyval{$k}/ig ; #replace key with value
} #key loop
}
close(FH);
} #foreach
This code works - but its too slow ! -- Obviously I run the inner loop
1000 times for each line in the file.
Constraints being that multiple keys may occur on the same line ( and
even the same key will occur multiple times on the same line ).
I tried globbing the file into a scalar ( unsetting $/ ) - no big
difference in timing.
Can someone help me here ? - If you can give some ideas that I can
look into, I'll greatly appreciate it.
Pseudocode is fine as well.
If you can include a courtesy CC: that would be great !
Thanks - hope I've conveyed my problem accurately ( this among my
first posts - am a frequent "reader" though ! ).
-RV.
------------------------------
Date: Wed, 22 Oct 2003 21:10:14 GMT
From: Darren Dunham <ddunham@redwood.taos.com>
Subject: Re: Pattern match over mutiple files is slow - Help Needed !
Message-Id: <WmClb.3253$ku5.2713@newssvr25.news.prodigy.com>
RV <rvstore1@yahoo.com> wrote:
> #Note: %keyval --> holds the key-value mapping
> # @keylist - is the array with the 1000 keys ( like keys %keyval )
> # @files - holds the list of files ( about 100 or so ).
How big are the files?
> foreach $f ( @files )
> {
> #open file - validate etc - assume it is opened as <FH>
> while(<FH>) #each line
> {
> $line=$_ ;
> foreach $k (@keylist)
> {
> $line =~ s/$k/$keyval{$k}/ig ; #replace key with value
> } #key loop
> }
> close(FH);
> } #foreach
> This code works - but its too slow ! -- Obviously I run the inner loop
> 1000 times for each line in the file.
If the files are small enough to hold in memory, then run the
substitution on the entire file rather than line by line.
undef $/;
my $info =<FILE>;
foreach $k (@keylist)
{
$info =~ s/$k/$keyval{$k}/img ; #replace key with value
} #key loop
That might be a big improvement already.
Another question. How often do the patterns actually occur in the file?
If they're pretty rare (many lines that don't require any
substitutions), then you could do the original "match by line", but do a
check on *all* the patterns for each line (fast) before attempting the
substitutions (slower).
# compile regex with all keys in it.
my $re_str = join "|", @keylist;
# file loop
while (<FILE>)
{
if (/$re_str/)
{ # substitute loop }
}
--
Darren Dunham ddunham@taos.com
Unix System Administrator Taos - The SysAdmin Company
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >
------------------------------
Date: Wed, 22 Oct 2003 21:50:23 GMT
From: tiltonj@erols.com (Jay Tilton)
Subject: Re: Perl and IIS - script runs but 'The page cannot be displayed'
Message-Id: <3f96fb83.18919527@news.erols.com>
stewart@webslave.dircon.co.uk (stew dean) wrote:
: The code it's self, although clunky no doubt compared to the abilities
: of many, works fine.
Then the Perl problem has been solved. Yay team!
: I'm thinking it's a set up issue with IIS.
You are probably right.
Since Perl is not IIS, an IIS-oriented newsgroup would be a more
appropriate place to seek help than a Perl newsgroup. The readers there
will at least be able to guide you to the location of the server's error
log.
Right now, the only thing known about the error is that it exists. That
is not enough information to begin diagnosis.
------------------------------
Date: 22 Oct 2003 14:57:36 -0700
From: stewart@webslave.dircon.co.uk (stew dean)
Subject: Re: Perl and IIS - script runs but 'The page cannot be displayed'
Message-Id: <2b68957a.0310221357.3108fa17@posting.google.com>
"A. Sinan Unur" <asu1@c-o-r-n-e-l-l.edu> wrote in message news:<Xns941C6F2D4438Easu1cornelledu@132.236.56.8>...
> stewart@webslave.dircon.co.uk (stew dean) wrote in
> news:2b68957a.0310220327.4dc68db3@posting.google.com:
>
> > James Willmore <jwillmore@remove.adelphia.net> wrote in message
> > news:<20031021114710.504263f7.jwillmore@remove.adelphia.net>...
> >> On 21 Oct 2003 03:53:24 -0700
> >> stewart@webslave.dircon.co.uk (stew dean) wrote:
> >>
> >> > This is not a pure Perl problem but is to do with the running of
> >> > Perl on IIS.
> >> >
> >> > I now have two scripts that run without errors (I'm using strict)
> >> > but, for some reason, will not display the simple 'Done!' page
> >> > built into the script. Instead the server gives me 'The page cannot
> >> > be displayed'.
> >> >
> >> > I have run it on a local IIS set up with no problems but on the
> >> > main server I continue to get this error. As I have no error
> >> > messages other than page not displayed I'm not sure what I can
> >> > tweak to get it to work. Maybe there's an error log I could look
> >> > at?
> >>
> >> This questions begs one to ask - "Did you read the documentation for
> >> IIS?". Errors from your script _should_ be there for you to examine.
> >
> > The errors for the script are not going to be in the documentation. I
> > have a rather hefty manual I could spend a few weeks reading but I
> > very much doubt it will resolve my issue.
>
> The manual would tell you where to find the error logs so you can find
> out what is wrong, and maybe give us a clue. That is not too much to ask.
That's my problem - the script is producing no errors as in the script
if fine, it runs without producing an error, that's why I think it's a
server related problem.
>
> > I've been online for about nine years now - the interweb superexpress
> > freeway always delivers answers that dead tree media often cannot. I
> > wouldnt ask if it the solution was in the pile of vegetable cells on
> > my desk.
>
> So, you cannot be bothered to check the error logs, and tell us what is
> in there, but somehow we are supposed to divine what is going on ...
> Interesting attitude.
I don't even know if there is an error log.
> In the time you took to type up all these replies as to why you won't
> check the error logs, you could have checked the error logs, and posted
> some information that could have been helpful in figuring out the
> problem.
So you know where the error log is then? Look I know you want to help
but you're not helping me.
I'm now going to try and find an error log that may or may not exist
(I have already spent an hour trying to find if one exists).
Stew Dean
------------------------------
Date: 22 Oct 2003 15:00:11 -0700
From: stewart@webslave.dircon.co.uk (stew dean)
Subject: Re: Perl and IIS - script runs but 'The page cannot be displayed'
Message-Id: <2b68957a.0310221400.20d20b7@posting.google.com>
rjohnson@shell.com (Roy Johnson) wrote in message news:<3ee08638.0310210824.7cbb6646@posting.google.com>...
> stewart@webslave.dircon.co.uk (stew dean) wrote in message news:<2b68957a.0310210253.38464359@posting.google.com>...
> > I now have two scripts that run without errors (I'm using strict) but,
> > for some reason, will not display the simple 'Done!' page built into
> > the script. Instead the server gives me 'The page cannot be
> > displayed'.
>
> Perhaps the server is not configured to run scripts? Or, if you know
> that the scripts are running, the page won't display, you must have a
> problem with formatting (maybe you're not sending the "text/html"
> prologue?).
>
> In that case, try shift-clicking the link that launches the scripts,
> so you can save the output to a file, then peruse the file. Name it
> with a .html extension and try to load it directly.
Tried this and it never gets as far as giving me a file. The output
text has the full HTML headers and definition and I know it works when
processing a small XML file so this is all in order.
The server already runs many scripts with no problems so the perl is
set up and working happily - except in this case.
Thanks for what is probably the only helpful responce so far.
Stew Dean
------------------------------
Date: Wed, 22 Oct 2003 19:38:46 GMT
From: TimBenz <timbenz@timbenz.com>
Subject: Re: Regex to extract row data from text (Copy of data included)
Message-Id: <Xns941C80A35DDDCtimbenztimbenzcom@66.75.162.198>
Glenn Jackman <xx087@freenet.carleton.ca> wrote in
news:slrnbpdff0.9ko.xx087@smeagol.ncf.ca:
>
> Looks like fixed width fields, as opposed to delimited.
> Does the "COMMON" always start at the 31st character?
> If so, use substr() to extract the data.
Sadly, the field widths aren't fixed. It really depends on who filed the
trading report how wide the fields are -- they vary all over the map. So
the substr() method doesn't work. Following advice here, I have written a
regex that keys on the 10 or so variants of the second column and hinges
around that. Irritating, but that seems to be the only thing that works for
me.
------------------------------
Date: 22 Oct 2003 14:36:34 -0700
From: mm-24@pobox.com (M&M)
Subject: Simulating case sensitivity for win32 files
Message-Id: <19372e8e.0310221336.5ee263a4@posting.google.com>
I understand that windows filesystems are case insensitive though case
preserving. My dilema is that files on my windows server are synced
to a linux web server where case sensitivity does matter.
Is there a way to simulate "-f test.txt" in a case sensitive manner or
perhaps retrieve a file's actual name? I was surprised to learn that
neither glob("test.txt") nor <test.txt> do the job without using
wildcards. I've searched the cpan, faqs, google groups and the
cookbook to no avail.
I've come up with the following but it's very inefficient for
real_filename() to read the directory each time (especially if it is
very large). Sure, I could cache the dir contents in a list or hash,
but then I have the complexity of maintaining it as changes occur. It
works, but how could it be improved? (It doesn't even address
directories...) Certainly others have dealt with this before. Any
suggestions?
Thanks,
Marco Moreno
#!/usr/bin/perl -w
chdir "c:/temp";
my $file = "test.txt";
if (-f $file and not really_exists($file)) {
my $realname = real_filename($file);
warn "Renaming $realname to $file.\n";
rename $realname, $file or die "Can't rename $realname: \n";
}
sub really_exists {
my $filename = shift;
return $filename eq real_filename($filename) ? 1 : 0;
}
sub real_filename {
my $filename = shift;
opendir DIR, "." or die "Can't readdir: $!";
(my $realname) = grep { $filename =~ /^${_}$/i } readdir DIR;
closedir DIR;
return $realname;
}
------------------------------
Date: Wed, 22 Oct 2003 18:14:44 GMT
From: Darren Dunham <ddunham@redwood.taos.com>
Subject: Re: Taint - having some real trouble here, taint/perl experts, please help
Message-Id: <oOzlb.3221$wX4.352@newssvr25.news.prodigy.com>
Ben <2stormts@nemontel.net> wrote:
> No error messages. system() returns 0 and !$ is empty. The command is
$? also?
--
Darren Dunham ddunham@taos.com
Unix System Administrator Taos - The SysAdmin Company
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >
------------------------------
Date: 22 Oct 2003 11:25:22 -0700
From: 2stormts@nemontel.net (Ben)
Subject: Re: Taint - having some real trouble here, taint/perl experts, please help
Message-Id: <5c8f38ff.0310221025.65231c57@posting.google.com>
"Alan J. Flavell" <flavell@ph.gla.ac.uk> wrote in message news:<Pine.LNX.4.53.0310212124160.9628@ppepc56.ph.gla.ac.uk>...
> On Tue, 21 Oct 2003, Ben wrote:
> Yeah, but your real trouble seems to be that you're woffling on about
> generalities when it appears you might have a real problem, but with
> some real problem symptoms that you haven't told us about.
I apologize for any "woffling." I was attempting to provide all of the
information I had. So as to maximize the chance of someone seeing what
I was screwing up.
> Is it perhaps that you haven't found out how to get errors back from
> your server-side process yet? That's something worth learning
> (check CGI::Carp, fatals to browser, etc.)
No errors are reported at the call level; system() returns 0 (though
it does not invoke my command) and $! is empty. I have not explored
carp or fatals to browser. I will; thank you for the pointers.
> > The command takes quite a while to run
> > (could be hours), so it is important that it detach so the user can
> > come back later.
>
> OK: nothing that hasn't been discussed before - but this seems to
> be a bit tangential to what's going wrong...
Yes, however, it explains why I need to detach, which I figured might
come up if I didn't explain it.
> > I understand why I might
> > want taint under other circumstances, even most other circumstances...
> > It just doesn't apply here at all.
>
> I think you're misguided. Taint can protect against *unintended*
> nasty accidents as well as against deliberate misuse. I'd need much
> more backing than what you've given here before I'd want to dispense
> with it, and that's -assuming- a limited user base with generally good
> intentions.
Ok. My user base is two people in their sixties who have no interest
in anything whatsoever but making their business succeed. The machine
is on a hard-wired intranet, and has NO link to the Internet. They,
and I, are the entire "user base." The form that feeds the data to my
lower-level command uses drop down menus for all but one of the
parameters, and the last takes in a search term which is laundered
thusly:
$part = partlaundry($in{'partnumber'});
...
exit;
sub legalpchar
{
my $char = shift;
my $val = ord($char);
if ($char eq "*") { return(1); }
if ($val >= ord("A") && $val <= ord("Z")) { return(1); }
if ($val >= ord("a") && $val <= ord("z")) { return(1); }
if ($val >= ord("0") && $val <= ord("9")) { return(1); }
return(0); # forget it.
}
sub partlaundry
{
my $text = shift;
my $len = length($text);
my $rez = "";
my $i;
my $char;
for ($i=0; $i<$len; $i++)
{
$char = substr($text,$i,1);
if (legalpchar($char) == 1)
{
$rez .= $char;
}
}
return($rez);
}
...these terms are then fed to my command. I grant you that one of
these folks, or a future hire (not likely, but assume it could happen)
*could* learn CGI, generate a spoof form with the (in)appropriate
input element names and HTTP_REFERER, and feed dangerous crud like rm
-rf into my command line (though they'd have limited userlevel and
privs at that point) but frankly, I think it's lot more likely that if
someone wanted to do that kind of harm, they'd pick up the machine and
slam it down on a hard surface a couple of times and crash the hard
drives in a much easier and more permanent fashion. In which case the
archived tars of everything that accrue to the backup machine would
probably save the day, anyway. I really don't think that I need taint
to back me up here.
> > This creates the command string I want:
> >
> > $cmd = "/usr/src/client/client $p1 $p1 $p3 $p4 &";
> >
> > Then:
> >
> > system($cmd);
>
> You appear to be asking for shell expansion,
Right. I wanted the detach (and also >output.txt), which was easily
accomplished under RH6 and Apache 1.3; it no longer works, which is
what caused all this ruckus.
> which could potentially
> be a problem. Maybe you want the multiple arguments form of system()
> (oh, right, you do that later... but actually I think you'd really
> want to fork() explicitly)
Yes, that's where I ended up yesterday. That works, though I need to
generate my messages to a regular file instead of STDOUT now.
> > Now, under RH9 and P5.8 (or the apache perl module, which I suspect is
> > actually handling this),
>
> You're using mod_perl ? (surely you wouldn't be using mod_perl
> without being aware of it?)
Why not? The webserver works, why would I want to worry about who's
running what unless it breaks? Now it's broken, I looked, and mod_perl
is being loaded. You don't have to know everything about everything to
get a job done, you know. When stuff works, you tend not to look too
hard at it. Life's too short.
> > perl is acting like taint is on (I didn't
> > turn it on, and I can't find where it's turned on, more on that in a
> > bit.)
>
> Not sure, but maybe you're looking for this
> http://perl.apache.org/docs/1.0/guide/config.html#Taint_Checking
No, I checked for this. It's not on, as I mentioned I perused the
perl.config in /etc/httpd/conf.d, and also httpd/conf/httpd/conf.
> > So, as instructed in the perl faq, I attempt to un-taint the
> > variable:
> >
> > $cmd =~ /(.*)/;
>
> (thereby discarding any benefit you could have got from this useful
> check),
Exactly. Good of you to note my intent. :)
> but don't forget that a number of aspects of the environment
> are also taken into account in determining whether system() involves a
> taint situation.
I hit the environment variables and the path. Anything else?
> > ...but neither one works - the command is not invoked. Still acts like
> > it is tainted.
>
> You owe us some information on the error!!
Man, if I HAD any, I'd give it to you. All I have is system() returns
0, $! is empty, the string is EXACTLY what it was for RH6/Apache 1,3,
and my command is not started as indicated by no output, no process,
no results.
> But I still would NOT counsel you to toss aside the benefits of taint
> checking so lightly!
Not all systems are exposed to hostile attacks. Extreme paranoia is
sometimes simply... extreme. Given the situation, I used menus to
limit the choices to the inputs I expect, and laundering to prevent
unintended trash from getting into the one relatively freeform field I
have. That's enough. I don't need or want taint. At this point, since
I worked around the problem with fork(), I simply want to understand
why system() doesn't work. All I want to know about taint right now is
how it might be interfering, or not, or what else it might be.
Thanks for your reply.
--Ben
------------------------------
Date: Wed, 22 Oct 2003 18:56:56 GMT
From: Steve Grazzini <grazz@pobox.com>
Subject: Re: Taint - having some real trouble here, taint/perl experts, please help
Message-Id: <YpAlb.14268$Vf7.7335@nwrdny02.gnilink.net>
Ben <2stormts@nemontel.net> wrote:
> "A. Sinan Unur" <asu1@c-o-r-n-e-l-l.edu> wrote:
>> What is the error message?
>
> There is no error message. [ snip ]
>
> system("cmd param1 param2 >output.txt &");
>
> ...which is what returns me the 0 and empty $!, yet does not invoke my
> command at all.
When you do this, the subshell forks and exits immediately, which is
why your system() succeeds. If the "background" process then fails
with a shell error (EPERM on output.txt or cmd) it will just dump the
diagnostic to stderr.
--
Steve
------------------------------
Date: Wed, 22 Oct 2003 21:56:20 +0100
From: "Alan J. Flavell" <flavell@ph.gla.ac.uk>
Subject: Re: Taint - having some real trouble here, taint/perl experts, please help
Message-Id: <Pine.LNX.4.53.0310222128550.11322@ppepc56.ph.gla.ac.uk>
On Wed, 22 Oct 2003, Ben wrote:
> > Is it perhaps that you haven't found out how to get errors back from
> > your server-side process yet? That's something worth learning
> > (check CGI::Carp, fatals to browser, etc.)
>
> No errors are reported at the call level; system() returns 0 (though
> it does not invoke my command) and $! is empty. I have not explored
> carp or fatals to browser. I will; thank you for the pointers.
CGI::Carp is useful stuff, indeed - but in this instance I now realise
that there's a missing link - my apologies if I misled you. More on
that in a moment.
> > I think you're misguided. Taint can protect against *unintended*
> > nasty accidents as well as against deliberate misuse.
>
> Ok. My user base is two people in their sixties who have no interest
> in anything whatsoever but making their business succeed.
Well, I'm in my sixties, I don't think that's a criterion one way or
the other. I say again: protection against *unintended* accidents.
If you're already protecting them against that, then well and good.
> > You appear to be asking for shell expansion,
>
> Right. I wanted the detach (and also >output.txt), which was easily
> accomplished under RH6 and Apache 1.3; it no longer works, which is
> what caused all this ruckus.
I now realise that of course the exit code from spawning-off the new
process isn't the result of the process itself, but only indicates
that the spawning-off went OK. Mea culpa. *slap*
The whole point of spawning-off a disconnected process without
hanging-up the process that started it, means that i/o streams need to
be severed, so inevitably it means one needs to look elsewhere for the
errors from the spawned-off process.
> > which could potentially
> > be a problem. Maybe you want the multiple arguments form of system()
> > (oh, right, you do that later... but actually I think you'd really
> > want to fork() explicitly)
>
> Yes, that's where I ended up yesterday. That works, though I need to
> generate my messages to a regular file instead of STDOUT now.
Yup, I think so. Whichever of the various mechanisms are used to
do the spawning, this kind of recourse is going to be needed, i guess.
> I hit the environment variables and the path. Anything else?
Can't think of any. You already found your way to perlsec, evidently.
> > You owe us some information on the error!!
>
> Man, if I HAD any, I'd give it to you. All I have is system() returns
> 0, $! is empty,
Yup, it was my fault for not realising why that would be...
> the string is EXACTLY what it was for RH6/Apache 1,3,
> and my command is not started as indicated by no output, no process,
> no results.
Can you arrange to run this thing as a straightforward CGI script? You
seemed to think that it might be getting run via mod_perl (I think it
would repay looking into that, despite you implying you didn't want it
to be your concern...)
Right now I'm looking at
http://www.perldoc.com/perl5.8.0/pod/perlsec.html#Security-Bugs
and wondering whether your problems may not be fairly adjacent.
> > But I still would NOT counsel you to toss aside the benefits of taint
> > checking so lightly!
>
> Not all systems are exposed to hostile attacks.
Mistakes don't have to be hostile.
> Extreme paranoia is sometimes simply... extreme.
Well, I've said it twice, I won't try again. But I think you'll find
a few others around here who would support the general idea of
protecting even from unintended accidents.
Good luck
------------------------------
Date: Wed, 22 Oct 2003 15:10:31 -0400
From: Robert Wallace <robertw@nospam.acm.org>
Subject: while each hash, why not array
Message-Id: <3F96D627.BD7B0E36@nospam.acm.org>
I can extract two values at a time from a hash with while, why not with
an array?
that is with
%hashish = ( a => 1, b => 2, c => 3);
I can:
while (($k,$v) = each %hashish ){
print "$k => $v\n";
}
why not:
while (($k,$v) = each @arr){
print "$k => $v\n";
}
------------------------------
Date: 22 Oct 2003 12:36:36 -0800
From: yf110@vtn1.victoria.tc.ca (Malcolm Dew-Jones)
Subject: Re: while each hash, why not array
Message-Id: <3f96dc44@news.victoria.tc.ca>
Robert Wallace (robertw@nospam.acm.org) wrote:
: I can extract two values at a time from a hash with while, why not with
: an array?
: that is with
: %hashish = ( a => 1, b => 2, c => 3);
: I can:
: while (($k,$v) = each %hashish ){
: print "$k => $v\n";
: }
: why not:
: while (($k,$v) = each @arr){
: print "$k => $v\n";
: }
Because you aren't extracting two "values" at a time from the hash (and
you're not extracting them using "while" either, though that's just
pedantics).
`each' extracts one key and the associated value from a hash.
each is designed to work on hashes, not arrays.
If each worked on array's (which would look nice sometimes) then it would
presumably extract the next, single, value, which is basically what
foreach does already.
# hypothetical "each" of array
while ( $v = each @arr)
# what you can do today
foreach my $v (@arr)
------------------------------
Date: 22 Oct 2003 19:55:26 GMT
From: "A. Sinan Unur" <asu1@c-o-r-n-e-l-l.edu>
Subject: Re: while each hash, why not array
Message-Id: <Xns941CA1FCCFD4Dasu1cornelledu@132.236.56.8>
Robert Wallace <robertw@nospam.acm.org> wrote in news:3F96D627.BD7B0E36
@nospam.acm.org:
> I can extract two values at a time from a hash with while, why not with
> an array?
You are extracting one key and one value from the hash.
> that is with
> %hashish = ( a => 1, b => 2, c => 3);
> I can:
> while (($k,$v) = each %hashish ){
> print "$k => $v\n";
> }
>
>
> why not:
> while (($k,$v) = each @arr){
> print "$k => $v\n";
> }
Because in an array, values are indexed by integers, not by arbitrary
keys.
for(my $i = 0; $i != @arr; ++$i) {
print "$i => $arr[$i]\n";
}
Sinan.
--
A. Sinan Unur
asu1@c-o-r-n-e-l-l.edu
Remove dashes for address
Spam bait: mailto:uce@ftc.gov
------------------------------
Date: Wed, 22 Oct 2003 20:07:02 GMT
From: Darren Dunham <ddunham@redwood.taos.com>
Subject: Re: while each hash, why not array
Message-Id: <GrBlb.5666$Oh4.4463@newssvr29.news.prodigy.com>
Robert Wallace <robertw@nospam.acm.org> wrote:
> I can extract two values at a time from a hash with while, why not with
> an array?
> that is with
> %hashish = ( a => 1, b => 2, c => 3);
> I can:
> while (($k,$v) = each %hashish ){
> print "$k => $v\n";
> }
> why not:
> while (($k,$v) = each @arr){
> print "$k => $v\n";
> }
Hashes keep the overhead of a counter to note where each should look.
Arrays do not. If you only need to read through the array once, you
could just splice them off the front.
while (($k, $v) = splice(@arr, 0, 2))
{ ... }
You could shove the data onto another array to keep track of it, but if
you're going to need the data twice, I'd rather do an index loop
instead.
for ($i = 0; $i < @arr ; $i += 2)
{ ($k, $v) = @arr[$i,$i+1];
...
}
--
Darren Dunham ddunham@taos.com
Unix System Administrator Taos - The SysAdmin Company
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >
------------------------------
Date: Wed, 22 Oct 2003 20:15:20 GMT
From: "Michael P. Broida" <michael.p.broida@boeing_oops.com>
Subject: Re: while each hash, why not array
Message-Id: <3F96E558.7A12EEFC@boeing_oops.com>
Robert Wallace wrote:
>
> I can extract two values at a time from a hash with while, why not with
> an array?
>
> that is with
> %hashish = ( a => 1, b => 2, c => 3);
> I can:
> while (($k,$v) = each %hashish ){
> print "$k => $v\n";
> }
This is giving you (I think) the key and the value
for ONE hash entry, NOT two keys or two values.
> why not:
> while (($k,$v) = each @arr){
> print "$k => $v\n";
> }
Arrays don't have "keys", so what would you expect
$k and $v to contain?? If you want an index and a
value (as the print statement seems to indicate,
use:
while ($v = each @arr){
print "$k => $v\n";
$k++;
}
Mike
------------------------------
Date: Wed, 22 Oct 2003 13:54:39 -0700
From: Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us>
Subject: Re: while each hash, why not array
Message-Id: <fqq6nb.md6.ln@goaway.wombat.san-francisco.ca.us>
-----BEGIN xxx SIGNED MESSAGE-----
Hash: SHA1
On 2003-10-22, Robert Wallace <robertw@nospam.acm.org> wrote:
>
> %hashish = ( a => 1, b => 2, c => 3);
> while (($k,$v) = each %hashish ){
> print "$k => $v\n";
> }
>
>
> # why not:
> while (($k,$v) = each @arr){
> print "$k => $v\n";
> }
What values do you want assigned to $k and $v in each iteration? I can
think of two different methods, both of which might make sense depending
on context.
1) $k=$arr[0],$v=$arr[1] on first iteration, then $k=$arr[2],$v=$arr[3],
and so on
2) $k=0,$v=$arr[0], then $k=1,$v=$arr[1], and so on
The second is easily accomplished with a rewrite of the loop (I think
others in the thread have already addressed it). If you mean the first,
I believe this might work:
%hash2=@arr; # if @arr has an even number of elements
If you mean something else you'll need to elaborate: what, exactly, would
each @arr do?
- --keith
- --
kkeller-usenet@wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom
-----BEGIN xxx SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj+W7o0ACgkQhVcNCxZ5ID+1IACfZCHuK60wIgUbejhMbE7g2gp2
ANUAnRifh1wwQLCnCf5/vslf+dfuuoxF
=rEMD
-----END PGP SIGNATURE-----
------------------------------
Date: Wed, 22 Oct 2003 21:08:45 GMT
From: "Michael P. Broida" <michael.p.broida@boeing_oops.com>
Subject: Re: while each hash, why not array
Message-Id: <3F96F1DD.20C78608@boeing_oops.com>
"Michael P. Broida" wrote:
>
> while ($v = each @arr){
> print "$k => $v\n";
> $k++;
> }
Well, my syntax was wrong ("each" with an array),
but the thought was good. <grin> Change that to:
$k = 0;
foreach $v (@arr){
print "$k => $v\n";
$k++;
}
Mike
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 5698
***************************************
