[30435] in Perl-Users-Digest
Perl-Users Digest, Issue: 1678 Volume: 11
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Sat Jun 28 16:09:43 2008
Date: Sat, 28 Jun 2008 13:09:09 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Sat, 28 Jun 2008 Volume: 11 Number: 1678
Today's topics:
Re: 'nobody' using sudo -- scary! <hjp-usenet2@hjp.at>
ANNOUNCE: Text-CSV_XS 0.52 <h.merijn@xs4all.nl>
Re: change a single digit to corresponding English word <news@lawshouse.org>
Re: change a single digit to corresponding English word <noreply@gunnar.cc>
Re: how do prlglobs expand (was Re: 'nobody' using sudo <ben@morrow.me.uk>
Need help with a question. <trevor.dodds@gmail.com>
Re: Need help with a question. <noreply@gunnar.cc>
Re: Need help with a question. <invalid@invalid.invalid>
Re: Need help with a question. <trevor.dodds@gmail.com>
Re: Need help with a question. <invalid@invalid.invalid>
Re: Need help with a question. <damercer@comcast.net>
Re: Need help with a question. <trevor.dodds@gmail.com>
Re: Need help with a question. <ben@morrow.me.uk>
Re: Perl search engine <mayweed@gmail.com>
Re: Simplest way (or module) to tweak query in CGI serv <ben@morrow.me.uk>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Sat, 28 Jun 2008 20:08:39 +0200
From: "Peter J. Holzer" <hjp-usenet2@hjp.at>
Subject: Re: 'nobody' using sudo -- scary!
Message-Id: <slrng6cvh9.l5e.hjp-usenet2@hrunkner.hjp.at>
On 2008-06-26 17:40, Johnny <schafer.dave@gmail.com> wrote:
> Thanks for the comments. My post wasn't as clear as it should have
> been. I was trying avoid irrelevant details (but failed). The more
> complete story is that I've taken over for a consultant that built a
> perl based website. All users supply a username and password.
> There's a page that allows users to edit their vacation message and
> toggle their away/back status. That part is broken because of the
> permissions issue. Currently the code attempts to set the away
> message by:
>
> system "/usr/bin/vacation -i";
> system "cp -p /home/$remoteuser/vacation.forward /home/$remoteuser/
> \.forward";
To get something perl-specific into that thread: Don't construct command
lines from untrusted user input. Even if you are sure that $remoteuser
can only be an existing user name that cannot contain any funny
characters (like " ", "/" or "."), get into the habit of using the list
form of system:
system "/usr/bin/vacation", "-i";
system "cp", "-p", "/home/$remoteuser/vacation.forward", "/home/$remoteuser/.forward";
(what was the \ for, BTW?)
> or to turn off the vacation message:
> system "/usr/bin/vacation -i";
> system "rm /home/$remoteuser/\.forward";
>
> I haven't done web development before and made the assumption that I'd
> have many more cases where 'nobody' wouldn't be sufficient.
First, don't run your webserver as "nobody". Create a specific user and
run it as that user. You may think that it doesn't make any difference
whether the server runs as "nobody" or as "foo". But if your webserver
runs as "nobody" out of the box, chances are that there is some other
stuff on the box also running as nobody, and you don't want to open a
path to privileged commands to that other stuff.
If this web server is tightly controlled and only used for controlling
user accounts, you can now give the user "foo" permission to remove
.forward files, for example using sudo. But don't just give it
permission to run "rm". Instead create a script "vacation-off", and give
it permission to run that script. So even if your server is cracked,
the attacker cannot delete any file. He can only turn off (and on)
vacation messages. (And I don't know if that is possible with sudo, but
you should strongly consider restricting these commands to run as some
"real" user, but not as root).
If your web server is also used for other stuff which is less security
sensitive (and where the web authors are probably less careful), it's a
good idea to put in another layer. Create yet another user and run only
those scripts which need special privileges as that user. You can do
this for example with suexec (with apache) or fastcgi (just about any
webserver). FastCGI is especially nice because it communicates with the
webserver over a socket - the script can run even run on a different
host than the webserver.
hp
------------------------------
Date: Sat, 28 Jun 2008 13:54:51 GMT
From: "H.Merijn" <h.merijn@xs4all.nl>
Subject: ANNOUNCE: Text-CSV_XS 0.52
Message-Id: <K36KrC.Jq4@zorch.sf-bay.org>
The following report has been written by the PAUSE namespace indexer.
Please contact modules@perl.org if there are any open questions.
Id: mldistwatch.pm 1033 2008-06-16 21:28:24Z k
User: HMBRAND (H.Merijn Brand)
Distribution file: Text-CSV_XS-0.52.tgz
Number of files: 34
*.pm files: 1
README: Text-CSV_XS-0.52/README
META.yml: Text-CSV_XS-0.52/META.yml
META-driven index: yes
Timestamp of file: Sat Jun 28 13:44:44 2008 UTC
Time of this run: Sat Jun 28 13:46:19 2008 UTC
08-06-28 0.52 - H.Merijn Brand <h.m.brand@xs4all.nl>
* Using undef for hash keys is a bad plan
* Fix, tests, and documentation for column_names ()
2008-06-17 0.51 - H.Merijn Brand <h.m.brand@xs4all.nl>
* Allow UTF8 even without binary => 1
* Fixed a few pod typo's
* Lifted the max of 255 for bind_columns
2008-06-04 0.50 - H.Merijn Brand <h.m.brand@xs4all.nl>
* Skip a few tests in automated testing, as they confuse
reports. This is important for the automated sites that
mark modules as fail if it is not an obvious full PASS
* 0.46 caused the last still open RT bug to be closed!
* Tested on 5.11.0, 5.10.0, 5.8.8, 5.6.2, and 5.005_04,
Strawberry and Cygwin
------------------------------
Date: Sat, 28 Jun 2008 18:59:05 +0100
From: Henry Law <news@lawshouse.org>
Subject: Re: change a single digit to corresponding English word
Message-Id: <1214675948.13472.0@proxy00.news.clara.net>
Gunnar Hjalmarsson wrote:
> April wrote:
>> my @characters = split ("", $answer);
>>
>> foreach my $char (@characters)
>> {
>>
>> $char = $numbers[$char]
>> if ($char ge "0" && $char le "9");
>> }
>>
>> print "The output is: @characters\n";
>
> I suggest that you do some reading first.
>
> perldoc perlintro
>
> perldoc perldata
Unfair, Gunnar: the key text is in perlsyn:
... the foreach loop index variable is an implicit alias for each item
in the list that you're looping over.
But I didn't know that so the code has improved my education.
--
Henry Law Manchester, England
------------------------------
Date: Sat, 28 Jun 2008 20:34:25 +0200
From: Gunnar Hjalmarsson <noreply@gunnar.cc>
Subject: Re: change a single digit to corresponding English word
Message-Id: <6cnedrF3gvq9iU1@mid.individual.net>
Henry Law wrote:
> Gunnar Hjalmarsson wrote:
>> April wrote:
>>>
>>> my @characters = split ("", $answer);
>>>
>>> foreach my $char (@characters)
>>> {
>>>
>>> $char = $numbers[$char]
>>> if ($char ge "0" && $char le "9");
>>> }
>>>
>>> print "The output is: @characters\n";
>>
>> I suggest that you do some reading first.
>>
>> perldoc perlintro
>>
>> perldoc perldata
>
> Unfair, Gunnar:
What has fairness to do with it?
> the key text is in perlsyn:
>
> ... the foreach loop index variable is an implicit alias for each item
> in the list that you're looping over.
The OP seemed to wonder about accessing individual elements in an array,
specifically the array @numbers (which you chose to not quote). Hence my
pointers to perlintro and perldata.
> But I didn't know that so the code has improved my education.
I don't mind if both you and the OP read perlsyn as well. :)
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
------------------------------
Date: Sat, 28 Jun 2008 15:01:55 +0100
From: Ben Morrow <ben@morrow.me.uk>
Subject: Re: how do prlglobs expand (was Re: 'nobody' using sudo -- scary!)
Message-Id: <jrshj5-ie42.ln1@osiris.mauzo.dyndns.org>
[please quote properly]
Quoth news1234@free.fr:
>
> What would happen if I use follwing statement in perl"
>
> foreach my $file (</home/*/.forward>){
> do_something($file);
> }
>
> would perl
> - iterate through the files
> - or would perl first create a list of all the files and then
> iterate through them.
'foreach' always creates a list and then iterates over it.
> - or would it hit a linit and not provide all hits.
> - or does it depend on the system perl is running on
You will eventually hit the memory limit on your system, and the limit
on the size of the pointer used to index the perl stack; you won't hit
any limits before that.
You can avoid pre-creating the list by using 'while' instead:
while (my $file = </home/*/.forward>) {
...
}
Ben
--
For far more marvellous is the truth than any artists of the past imagined!
Why do the poets of the present not speak of it? What men are poets who can
speak of Jupiter if he were like a man, but if he is an immense spinning
sphere of methane and ammonia must be silent? [Feynmann] ben@morrow.me.uk
------------------------------
Date: Sat, 28 Jun 2008 09:33:18 -0700 (PDT)
From: Trev <trevor.dodds@gmail.com>
Subject: Need help with a question.
Message-Id: <b1faad3b-49cb-4fc8-a65a-7b7ac82e9df5@p25g2000hsf.googlegroups.com>
I'm having a problem with my Perl script, what I would like the script
to achieve is to read a file, search it for certain words, put the
results into an Array so I can then call each result with $var[1] etc
and print output to a file. I tried doing it without Sub routines but
wasn't able to split the results. When I rapped the code into a Sub I
get these errors:
syntax error at test.pl line 7, near "@cpqlog_data"
syntax error at test.pl line 24, near "}"
How come these errors only appear when I use Sub { } ?
test.pl
use English;
use Warnings;
Sub LoadFile
{
open (DAT, "<output.txt") || die("Could not open file!");
@cpqlog_data=<DAT>;
foreach $cpqlog (@cpqlog_data)
{
{
chomp($cpqlog);
if ($cpqlog =~ /MAC/)
{
$cpqlog =~ s/ <FIELD NAME="Subject" VALUE="//i;
$cpqlog =~ s/ <FIELD NAME="MAC" VALUE="//i;
$cpqlog =~ s/"\/>//i;
}
}
}
close DAT;
}
Sub CreateLOG
{
open (BOO, "<blah2.txt");
@lines=<TMP>;
print $lines[1];
close BOO;
}
LoadFile;
CreateLOG;
------------------------------
Date: Sat, 28 Jun 2008 18:45:41 +0200
From: Gunnar Hjalmarsson <noreply@gunnar.cc>
Subject: Re: Need help with a question.
Message-Id: <6cn81vF3gbficU1@mid.individual.net>
Trev wrote:
> How come these errors only appear when I use Sub { } ?
Maybe because Perl is case sensitive.
s/Sub/sub/
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
------------------------------
Date: Sat, 28 Jun 2008 18:45:03 +0200
From: "Erwin van Koppen" <invalid@invalid.invalid>
Subject: Re: Need help with a question.
Message-Id: <48666a8f$0$14348$e4fe514c@news.xs4all.nl>
"Trev" wrote:
>
> How come these errors only appear when I use Sub { } ?
For one thing, you should use lowercase: sub { }
> open (BOO, "<blah2.txt");
> @lines=<TMP>;
You open BOO, but use TMP (which is not opened).
And, you don't check to see of BOO can be opened.
Fix these things, then it should run. However, I doubt it will do what you
want it to do...
------------------------------
Date: Sat, 28 Jun 2008 09:56:39 -0700 (PDT)
From: Trev <trevor.dodds@gmail.com>
Subject: Re: Need help with a question.
Message-Id: <00747f60-da06-4566-aa89-87cb95fc494c@y21g2000hsf.googlegroups.com>
On Jun 28, 12:45=A0pm, "Erwin van Koppen" <inva...@invalid.invalid>
wrote:
> "Trev" wrote:
>
> > How come these errors only appear when I use Sub { =A0 } ?
>
> For one thing, you should use lowercase: sub { }
>
> > open (BOO, "<blah2.txt");
> > @lines=3D<TMP>;
>
> You open BOO, but use TMP (which is not opened).
>
> And, you don't check to see of BOO can be opened.
>
> Fix these things, then it should run. However, I doubt it will do what yo=
u
> want it to do...
Thanks, I've made the changes and so far so good.
------------------------------
Date: Sat, 28 Jun 2008 19:01:51 +0200
From: "Erwin van Koppen" <invalid@invalid.invalid>
Subject: Re: Need help with a question.
Message-Id: <48666e7f$0$14348$e4fe514c@news.xs4all.nl>
"Trev" wrote:
>
> Thanks, I've made the changes and so far so good.
foreach $cpqlog (@cpqlog_data) {
{
chomp($cpqlog);
if ($cpqlog =~ /MAC/) {
$cpqlog =~ s/ <FIELD NAME="Subject" VALUE="//i;
$cpqlog =~ s/ <FIELD NAME="MAC" VALUE="//i;
$cpqlog =~ s/"\/>//i;
}
}
}
You do understand that the above code does not actually change anything in
the file, right? The substitutions in $cpqlog are just discarded at the end
of the loop.
Oh, and you might want to get rid of the superfluous { }'s...
------------------------------
Date: Sat, 28 Jun 2008 12:02:11 -0500
From: "Dan Mercer" <damercer@comcast.net>
Subject: Re: Need help with a question.
Message-Id: <u4OdnYLka-IS8_vVnZ2dnUVZ_sHinZ2d@comcast.com>
"Trev" <trevor.dodds@gmail.com> wrote in message
news:b1faad3b-49cb-4fc8-a65a-7b7ac82e9df5@p25g2000hsf.googlegroups.com...
> I'm having a problem with my Perl script, what I would like the script
> to achieve is to read a file, search it for certain words, put the
> results into an Array so I can then call each result with $var[1] etc
> and print output to a file. I tried doing it without Sub routines but
> wasn't able to split the results. When I rapped the code into a Sub I
> get these errors:
>
> syntax error at test.pl line 7, near "@cpqlog_data"
> syntax error at test.pl line 24, near "}"
>
> How come these errors only appear when I use Sub { } ?
>
> test.pl
> use English;
> use Warnings;
>
> Sub LoadFile
> {
> open (DAT, "<output.txt") || die("Could not open file!");
> @cpqlog_data=<DAT>;
>
> foreach $cpqlog (@cpqlog_data)
> {
> {
> chomp($cpqlog);
>
> if ($cpqlog =~ /MAC/)
> {
> $cpqlog =~ s/ <FIELD NAME="Subject" VALUE="//i;
> $cpqlog =~ s/ <FIELD NAME="MAC" VALUE="//i;
> $cpqlog =~ s/"\/>//i;
>
> }
> }
> }
> close DAT;
> }
>
> Sub CreateLOG
> {
> open (BOO, "<blah2.txt");
> @lines=<TMP>;
> print $lines[1];
> close BOO;
> }
>
> LoadFile;
> CreateLOG;
You're going to feel really dumb. I feel really dumb because it took me 5
minutes to figure out.
Perl is case sensitive. Sub should be sub. In fact, Sub is treated as the
name of a subroutine
which cascades into all sorts of ugliness. Ironically, it's not something
the syntax checker
is good at figuring out. BTW, in CreateLOG you open BOO and read TMP. You
should also
consider "use strict;" which will help you find many syntax errors (just not
this one). You can also
run "perl -c" against your script to just run the compiler pass. I have F4
set to do that in vim
so I can check for syntax errors as I write the code - saves enormous
amounts of time and
energy.
Dan Mercer
------------------------------
Date: Sat, 28 Jun 2008 10:12:11 -0700 (PDT)
From: Trev <trevor.dodds@gmail.com>
Subject: Re: Need help with a question.
Message-Id: <c18e9fad-2f69-462d-86f8-fa64a3b6b0e1@27g2000hsf.googlegroups.com>
On Jun 28, 1:01=A0pm, "Erwin van Koppen" <inva...@invalid.invalid>
wrote:
> "Trev" wrote:
>
> > Thanks, I've made the changes and so far so good.
>
> foreach $cpqlog (@cpqlog_data) {
> =A0 =A0 {
> =A0 =A0 chomp($cpqlog);
>
> =A0 =A0 if ($cpqlog =3D~ /MAC/) {
> =A0 =A0 =A0 =A0 $cpqlog =3D~ s/ =A0<FIELD NAME=3D"Subject" VALUE=3D"//i;
> =A0 =A0 =A0 =A0 $cpqlog =3D~ s/ =A0<FIELD NAME=3D"MAC" VALUE=3D"//i;
> =A0 =A0 =A0 =A0 $cpqlog =3D~ s/"\/>//i;
> =A0 =A0 }
> =A0 =A0 }
>
> }
>
> You do understand that the above code does not actually change anything i=
n
> the file, right? The substitutions in $cpqlog are just discarded at the e=
nd
> of the loop.
>
> Oh, and you might want to get rid of the superfluous { }'s...
Yeah, I figured that out, I added a print BOO so the results are
writen to a file which I load in the next sub. This might not be the
best code but I'm still learning.
------------------------------
Date: Sat, 28 Jun 2008 18:40:28 +0100
From: Ben Morrow <ben@morrow.me.uk>
Subject: Re: Need help with a question.
Message-Id: <cl9ij5-3tk2.ln1@osiris.mauzo.dyndns.org>
Quoth Trev <trevor.dodds@gmail.com>:
> I'm having a problem with my Perl script, what I would like the script
> to achieve is to read a file, search it for certain words, put the
> results into an Array so I can then call each result with $var[1] etc
> and print output to a file. I tried doing it without Sub routines but
> wasn't able to split the results. When I rapped the code into a Sub I
> get these errors:
>
> syntax error at test.pl line 7, near "@cpqlog_data"
> syntax error at test.pl line 24, near "}"
>
> How come these errors only appear when I use Sub { } ?
>
> test.pl
> use English;
It's probably a bad idea to get into the habit of using English. Almost
noone who knows Perl well uses it, so you're going to have to learn the
punctation variables anyway; and once you've learned them, it's easier
to remember one list of special cases than two.
> use Warnings;
>
> Sub LoadFile
You've been told 'sub' is case-sensitive; 'warnings' is as well. If
you're on an OS with a case-insensitive filesystem, you need to be
particularly careful about the case of module names: loading a module
with the wrong case can have rather odd effects.
You also want
use strict;
here, and you need to declare your variables with 'my'.
> {
> open (DAT, "<output.txt") || die("Could not open file!");
Since you're just starting to learn Perl now, you *definitely* want to
get into the habit of using lexical filehandles right away; that is,
instead of 'DAT', use a real variable. You also want to use three-arg
open, and give the reason why the open failed:
open (my $DAT, '<', 'output.txt')
|| die("Could not open 'output.txt': $!");
I would use 'or' instead of '||', and omit the parens, but that's
entirely up to you.
> @cpqlog_data=<DAT>;
>
> foreach $cpqlog (@cpqlog_data)
This is not the most straightforward way to read a file. Since you're
processing it entirely line-by-line, read it line-by-line as well.
while (my $cpqlog = <$DAT>) {
> {
If you use GNUish indenting, and such a large indent, you'll quickly run
out of screen room... :)
> close DAT;
One of the advantages of lexical filehandles is that they close
themselves when they go out of scope. If you're not going to check the
return value of close (not generally necessary when reading a file),
it's much more convenient to omit it.
Once you've got the syntax errors sorted out, I presume you can start
working out the logic errors on your own... :) Don't be afraid to ask
again if you get stuck.
Ben
--
We do not stop playing because we grow old;
we grow old because we stop playing.
ben@morrow.me.uk
------------------------------
Date: Sat, 28 Jun 2008 09:58:30 -0700 (PDT)
From: =?KOI8-R?B?4eI=?= <mayweed@gmail.com>
Subject: Re: Perl search engine
Message-Id: <c137f87c-f5fe-449f-9db7-ee4095f70c7a@m36g2000hse.googlegroups.com>
Thanks for your message. I'll think about new blocks and rubrics.
Best wishes
AB
> > A new search engine through a perl-related websites is opened:
> >http://brainworker.ru/en/Hope it would be useful useful to somebody.
>
> Some Ideas; ... make anoter (Win32 specific) block
> * Vanilla Perl =A0"http://vanillaperl.com/"
> * Strawberry Perl =A0"http://strawberryperl.com/"
> * Active State FTP site: "http://ftp.activestate.com/"
>
> Regards
>
> M.
------------------------------
Date: Sat, 28 Jun 2008 15:05:52 +0100
From: Ben Morrow <ben@morrow.me.uk>
Subject: Re: Simplest way (or module) to tweak query in CGI server-side validation
Message-Id: <03thj5-ie42.ln1@osiris.mauzo.dyndns.org>
Quoth jerrykrinock@gmail.com:
>
> Well, a module isn't my idea of "bare metal", but the module has
> source code, and that source code invokes HTTP::Request::Common, which
> has source code too...
>
> http://search.cpan.org/src/GAAS/libwww-perl-5.813/lib/HTTP/Request/Common.pm
>
> and the "sub POST" function beginning at line 24 looks like what I
> asked for, the "bare metal" of doing a POST! Hmmm...not a simple
> solution, but at least now I know where to look in case I ever really
> need to modify and redirect a POST.
If you really need to know that level of detail, you'd be better off
reading RFC 2616 than the source to LWP... :)
Ben
--
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
ben@morrow.me.uk Groucho Marx
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
#The Perl-Users Digest is a retransmission of the USENET newsgroup
#comp.lang.perl.misc. For subscription or unsubscription requests, send
#the single line:
#
# subscribe perl-users
#or:
# unsubscribe perl-users
#
#to almanac@ruby.oce.orst.edu.
NOTE: due to the current flood of worm email banging on ruby, the smtp
server on ruby has been shut off until further notice.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
#To request back copies (available for a week or so), send your request
#to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
#where x is the volume number and y is the issue number.
#For other requests pertaining to the digest, send mail to
#perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
#sending perl questions to the -request address, I don't have time to
#answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V11 Issue 1678
***************************************
