[30062] in Perl-Users-Digest
Perl-Users Digest, Issue: 1305 Volume: 11
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Mon Feb 25 14:09:58 2008
Date: Mon, 25 Feb 2008 11:09:22 -0800 (PST)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Mon, 25 Feb 2008 Volume: 11 Number: 1305
Today's topics:
Re: Form submit with mechanize 0.72 <glex_no-spam@qwest-spam-no.invalid>
Re: glob a directory then sort by timestamp jhellma1@gmail.com
Re: grep specific info from a file <gniagnia@gmail.com>
Re: grep specific info from a file <jurgenex@hotmail.com>
Re: hash <newsgroups@free.fr.invalid>
Re: How to get an account at cpan.org? <alodiaf@yahoo.de>
Re: Is DBI prepare() statement enough for SQL injection xhoster@gmail.com
Re: Is DBI prepare() statement enough for SQL injection <joost@zeekat.nl>
Re: Problem using find on win32 <klaus03@gmail.com>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Mon, 25 Feb 2008 10:39:05 -0600
From: "J. Gleixner" <glex_no-spam@qwest-spam-no.invalid>
Subject: Re: Form submit with mechanize 0.72
Message-Id: <47c2ef2a$0$3568$815e3792@news.qwest.net>
Cashbackre wrote:
> I am currently using mechanize 0.72 on active perl 5.8.6 for some
> strange reason I cannot upgrade to the current version
> of 1.34 so this is not an option, the problem is I am trying to submit
> my login details on a page with two forms
> with the same name but different values, I am trying to submit to the
> second form with relevant form html:
> <input type=submit name=submit value=" S E N D ">,
> I understand mechanize 1.34 has a click_button function, whereby I can
> click by value, however 0.72 does not have the click_button function,
> I can fill in my username and password, and check that they have been
> filled in correctly but every submission of the form either via
> $mech->click("submit");
> or $mech->submit();
> or $mech->submit("submit");
> ends up submitting the very first form
The place to start is with the documentation.
Is there a 'form_number' attribute for the submit or
submit_form method?
------------------------------
Date: Mon, 25 Feb 2008 10:51:15 -0800 (PST)
From: jhellma1@gmail.com
Subject: Re: glob a directory then sort by timestamp
Message-Id: <8a638331-16a8-4181-8246-1584337f1d10@z70g2000hsb.googlegroups.com>
Thanks to all of you, John your code was especially helpful.
------------------------------
Date: Mon, 25 Feb 2008 08:21:49 -0800 (PST)
From: Mr_Noob <gniagnia@gmail.com>
Subject: Re: grep specific info from a file
Message-Id: <6d98a212-5d9f-4159-8ffb-966bb0469ad5@62g2000hsn.googlegroups.com>
Exactly !
Thanks a lot !
------------------------------
Date: Mon, 25 Feb 2008 17:08:00 GMT
From: Jürgen Exner <jurgenex@hotmail.com>
Subject: Re: grep specific info from a file
Message-Id: <qus5s35q8vjrtihmuo297olegecoap5l5n@4ax.com>
Mr_Noob <gniagnia@gmail.com> wrote:
>What is the best way to grep into a file, only lines beginning with
>"[" and ending with "]" ?
>And then, how can I feed an array with the information contained
>between the 2 brackets, without the 2 brackets?
Just loop through the file. For each line if it m//atches the condition (no
need for grep()) then push() the substr()ing portion into the array.
Other ways:
- to check for first/last character just extract them via substr() and
compare to "[" resp. "]"
- if you inlcude then center portion in your RE for m//, then you can group
it and just push $1 into the array.
- slurp the whole file into the array, then grep() for the right lines, then
discard leding/trailing square brackets
I am sure there are many more variation.
jue
------------------------------
Date: Mon, 25 Feb 2008 19:34:23 +0100
From: Newsgroups <newsgroups@free.fr.invalid>
Subject: Re: hash
Message-Id: <1203964462.7222.2.camel@localhost>
> Pass Dumper() a reference rather than a list of keys and values:
> print Dumper \%languages;
Yes, it's works in my example, then it doesn't works when I try to send
the datas to a distant server using soap::lite
------------------------------
Date: Mon, 25 Feb 2008 18:25:01 +0100
From: "Alos Diaf" <alodiaf@yahoo.de>
Subject: Re: How to get an account at cpan.org?
Message-Id: <op.t63by6ibxx9xny@hope>
Ben Morrow <ben@morrow.me.uk>:
> Quoth "Alos Diaf" <alodiaf@yahoo.de>:
>> Ben Morrow <ben@morrow.me.uk>:
>> > Quoth "Alos Diaf" <alodiaf@yahoo.de>:
>> >>
>> >> wanna publish a module,
>> >> have to register at pause,
>> >> want to use a myname@cpan.org, who can i get such?
>> >
>> > See http://pause.perl.org/pause/query?ACTION=3Drequest_id .
>> > You need a (non-cpan) email address, but this can be completely =
>> private
>> > (not published anywhere).
>>
>> thanx Ben,
>> i want a cpan.org address, how to get it?
>
> *Using* *that* *page*. The only way to get an @cpan.org address is to
> register with PAUSE, which in turn requires you to already have an
> existing email address (which FOO@cpan.org will forward to). That's ju=
st
> how it works.
>
> Ben
i see, now i understood! (haven't found any doc on this)
Ben, thank you and bye
------------------------------
Date: 25 Feb 2008 17:18:11 GMT
From: xhoster@gmail.com
Subject: Re: Is DBI prepare() statement enough for SQL injection?
Message-Id: <20080225121813.310$u2@newsreader.com>
howa <howachen@gmail.com> wrote:
> I have just found a simple cases, which is not, e.g.
>
> #--------------------------------------------------
>
> use strict;
> use DBI;
> use Data::Dumper;
>
> my $dbh = DBI-
> >connect("DBI:mysql:database=information_schema;host=localhost","root",
> >"",
> { RaiseError => 1, AutoCommit => 1 });
>
> my $input = "%a"; # User hack by using wildcard
That is not SQL injection.
>
> my $sth = $dbh->prepare("SELECT * FROM `CHARACTER_SETS` WHERE
> `CHARACTER_SET_NAME` LIKE ? ") ;
> $sth->execute( $input . "%") ; # Originally you let the user search by
> prefix
What do you mean by "originally"? You have shown us only one version
of your code, there is no "originally".
> So we should not 100% believe in prepare() which make you100% SQL
> injection free.
There is no SQL injection. The submitted value did not escape from what
was intended to be a data value out into general SQL syntax. It stayed in
the data value. The fact that that data value can be something you don't
want does not make an SQL injection.
> Any other cases want to share?
There are thousands of ways to be incompetent. You want a listing of
all of them?
Xho
--
-------------------- http://NewsReader.Com/ --------------------
The costs of publication of this article were defrayed in part by the
payment of page charges. This article must therefore be hereby marked
advertisement in accordance with 18 U.S.C. Section 1734 solely to indicate
this fact.
------------------------------
Date: Mon, 25 Feb 2008 18:26:07 +0100
From: Joost Diepenmaat <joost@zeekat.nl>
Subject: Re: Is DBI prepare() statement enough for SQL injection?
Message-Id: <87wsott0b4.fsf@zeekat.nl>
howa <howachen@gmail.com> writes:
> my $sth = $dbh->prepare("SELECT * FROM `CHARACTER_SETS` WHERE
> `CHARACTER_SET_NAME` LIKE ? ") ;
> $sth->execute( $input . "%") ; # Originally you let the user search by
> prefix
That's no different from cases where you pass values to SQL predicates
or functions: placeholders only make sure your values are passed as is,
IOW they only take care of quoting. They don't prevent you from passing
values that you don't like.
--
Joost Diepenmaat | blog: http://joost.zeekat.nl/ | work: http://zeekat.nl/
------------------------------
Date: Mon, 25 Feb 2008 08:30:23 -0800 (PST)
From: Klaus <klaus03@gmail.com>
Subject: Re: Problem using find on win32
Message-Id: <dfdebd57-3f7f-4206-bf87-23ebf2c299e7@q70g2000hsb.googlegroups.com>
On Feb 25, 4:48 pm, Mikael Petterson <mikael.petter...@ericsson.com>
wrote:
> my $equinoxDir = "C:\\Tools\\SDS\\plugins\\
I would recommend to use forward slashes (/) instead of back slashes
(\) wherever possible.
my $equinoxDir = "C:/Tools/SDS/plugins/";
It's easier on the eyes (avoids "\\", "leaning toothpicks") and it
works even on Windows (unless you shell out to the command line prompt
with system(), in which case you are forced to use back slashes)
> find (\&equinox,$equinoxDir);
>
> I can see that the path for files & directories found using find becomes:
>
> /mydir/file1.txt
> /mydir/file2.txt
>
> and so on.
I observe: File::find has returned forward slashes.
> So the full path becomes:
>
> C:\\Tools\\SDS\\plugins\\/mydir
>
> which does not work.
You have a mix of forward and backward slashes, which might be the
reason for your problem.
If you use forward slashes to start with, your full path will be:
$fullpath = "C:/Tools/SDS/plugins//mydir";
Notice that there is only one type of slash (forward slash).
The double forward slash between "plugins" and "mydir" gets
automatically resolved into a single slash, no need to resolve that,
really. This should work perfectly, even on Windows.
However, should you wish to resolve it for other reasons, or just
because it looks better, then you could use:
$fullpath =~ s{/+}{/}g;
--
Klaus
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
#The Perl-Users Digest is a retransmission of the USENET newsgroup
#comp.lang.perl.misc. For subscription or unsubscription requests, send
#the single line:
#
# subscribe perl-users
#or:
# unsubscribe perl-users
#
#to almanac@ruby.oce.orst.edu.
NOTE: due to the current flood of worm email banging on ruby, the smtp
server on ruby has been shut off until further notice.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
#To request back copies (available for a week or so), send your request
#to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
#where x is the volume number and y is the issue number.
#For other requests pertaining to the digest, send mail to
#perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
#sending perl questions to the -request address, I don't have time to
#answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V11 Issue 1305
***************************************
