[9183] in Perl-Users-Digest
Perl-Users Digest, Issue: 2800 Volume: 8
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Wed Jun 3 17:07:26 1998
Date: Wed, 3 Jun 98 14:01:35 -0700
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Wed, 3 Jun 1998 Volume: 8 Number: 2800
Today's topics:
Success of call to open() or system() ? <dcannon@clearcommerce.com>
Untaint A variable.. Please Help. <kenn@xuviet.org>
Re: Untaint A variable.. Please Help. <rootbeer@teleport.com>
Re: Untainting a variable <rootbeer@teleport.com>
Re: Use of HTML, POD, etc in Usenet (was: Re: map in vo (Abigail)
Re: Use of HTML, POD, etc in Usenet (was: Re: map in vo (Chris Nandor)
Re: Using perl to post a CGI form Matthew.Wickline@usa.net
Re: value of a environment variable (Tad McClellan)
verify the userID and password mysamatar@hotmail.com
Re: verify the userID and password <rootbeer@teleport.com>
Re: Why aren't my objects destructors being called? <zenin@bawdycaste.org>
Win32 Perl and Unix Perl (Christopher Spence)
Win32::AdminMisc not working? <kisaac@enterprise.net>
Digest Administrivia (Last modified: 8 Mar 97) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Wed, 03 Jun 1998 15:15:00 -0500
From: Derry Cannon <dcannon@clearcommerce.com>
Subject: Success of call to open() or system() ?
Message-Id: <3575AEC3.42055DF3@clearcommerce.com>
Hey, there!
I've got a form parser that emails the form content to me. However,
I can't seem to figure out how to determine if the mail command was
successful. The code follows:
open (MAIL, "|mail -s \"Website Feedback - $in{Name}\"
\"$mailto{$in{To}}\"");
print MAIL "Name: $in{Name}\n";
print MAIL "Company: $in{Company}\n";
print MAIL "Email: $in{Email}\n";
print MAIL "Phone: $in{Phone}\n";
print MAIL "Topic: $topic{$in{To}}\n\n";
print MAIL "$in{Comments}\n\n\n";
close (MAIL);
Obviously, if I get the email it works. ; ) My problem is that I want
to post a confirmation screen saying the email was unsuccessful if the
mail command doesn't work (eg-if the email address is invalid). Setting
$success = open (.......) just tells me that the open() was successful,
not if the mail command it's piping to was. Same problem trying to
track the success of a call using system():
$var = system("mv", "file1", "file2");
$var receives a value of zero, regardless of whether or not file1
exists. Any help would be greatly appreciated.
Thanks!
Derry Cannon
------------------------------
Date: 3 Jun 1998 18:52:59 GMT
From: "Kenny Nguyen" <kenn@xuviet.org>
Subject: Untaint A variable.. Please Help.
Message-Id: <01bd8f20$6ff514e0$04fb7880@internet.internet.com>
Hello All,
I posted a message earlier regarding about security mode, but I wasn't
clear of it. What I basically want is how to untaint a variable. My ISP
has taint checking turned on.
I have a perl script to open a new file and write to it. The file name
depends on the variables obtained from reading a text file.
Note: Server is under winNT running perl5.
Example:
#!/usr/bin/perl
$DataLog = "../data/log.txt";
$path = "../poetry/";
&get_number;
#---------------------------------
sub get_number {
open(NUMBER,"$DataLog");
$newcounter = <NUMBER>;
close(NUMBER);
$newcounter++;
open(NUM,">$DataLog") || die $!;
print NUM "$newcounter";
close(NUM);
}
open (file, ">$path$newcounter\.html") || die "Can't write to file $!\n";
print file "Hello world!";
close (file);
#---End...
When i trun the above script i get this in return:
Insecure dependency in open while running with -T switch at
D:\208.225.169.47\cgi-bin\test.cgi line 16.
Line 16 is the open (file, ">$path$newcounter\.html") || die "Can't write
to file $!\n";
Please please please help me on how to get around this.
Kenny,
------------------------------
Date: Wed, 03 Jun 1998 20:15:32 GMT
From: Tom Phoenix <rootbeer@teleport.com>
Subject: Re: Untaint A variable.. Please Help.
Message-Id: <Pine.GSO.3.96.980603131048.13600N-100000@user2.teleport.com>
On 3 Jun 1998, Kenny Nguyen wrote:
> Insecure dependency in open while running with -T switch at
> D:\208.225.169.47\cgi-bin\test.cgi line 16.
> Line 16 is the open (file, ">$path$newcounter\.html") || die "Can't write
> to file $!\n";
So, either $path or $newcounter (or both) are tainted. You said earlier
that you've read perlsec, so you must have tried some code like perlsec's
examples to extract the untainted data from those variables. If that
attempt didn't work, could you show us what you've tried? (You shouldn't
post the whole program, of course - just the one or two lines which assign
an untainted value to $path or to $newcounter.) Thanks!
--
Tom Phoenix Perl Training and Hacking Esperanto
Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: Wed, 03 Jun 1998 20:09:43 GMT
From: Tom Phoenix <rootbeer@teleport.com>
Subject: Re: Untainting a variable
Message-Id: <Pine.GSO.3.96.980603125438.13600M-100000@user2.teleport.com>
On Wed, 3 Jun 1998, Bernard Cosell wrote:
> I run into tainted data that is actually 'safe' all the time,
It's unusual (but it does occasionally happen) that perl's taint checking
will cause problems when you're action is actually safe. It is very
unusual for a program to be correct when it untaints any old data that
comes along.
> return &untaint($loginid) if &password_check($loginid, $password) ;
Is $loginid a username? If it is, it's easy enough to extract with a
simple pattern match. (It may be that what you're doing is all right, but
when you sidestep the security checks provided by taint checking, what's
the point of taint checking? Using that &untaint routine is like hiring a
deaf, dumb, and blind security guard - you're getting no real security.)
> I needed the untainted version of the loginid for other things in the
> subroutine, and so edited the program to be:
>
> my $id = &untaint($loginid) ;
> return $id if &password_check($loginid, $password) ;
>
> What's confusing me is that while the first form [with the untaint
> call -in- the 'return' statement] works perfectly, the second form
> [with the intermediate variable] gets me taint-errors when the
> calling-routine tries to make use of the returned value.
What do you return if the call to &password_check fails? My guess is that
you're returning the last thing evaluated in your sub - which may be the
false value returned from &password_check. That, of course, may be
tainted.
But $id shouldn't be tainted, from what I see. If you can cook up a short
test case (say, five or ten lines of code) in which current versions of
Perl make that value tainted when it shouldn't be, send it in with a bug
report. Thanks!
--
Tom Phoenix Perl Training and Hacking Esperanto
Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: 3 Jun 1998 19:26:11 GMT
From: abigail@fnx.com (Abigail)
Subject: Re: Use of HTML, POD, etc in Usenet (was: Re: map in void context regarded as evil - suggestion)
Message-Id: <6l480j$2c3$1@client3.news.psi.net>
Zenin (zenin@bawdycaste.org) wrote on MDCCXXXVII September MCMXCIII in
<URL: news:896891858.711190@thrush.omix.com>:
++ Chris Nandor <pudge@pobox.com> wrote:
++ : Yep. I would bounce excessive POD from clp.mod (depending on the
++ : circumstances), and I would allow HTML like yours to pass.
++
++ The problem I have with even the minor use of HTML, POD, etc
++ is simply that it isn't needed, ever. This isn't opinion, it's
++ simple logic. Any use of anything but plain text isn't going to
++ read the same on every reader, ever.
++
++ What's wrong with using the common conventions we have now such
++ as, YELLING, *bold*, **BOLD YELLING**, _underline_, etc? What's
++ wrong with just hitting enter twice instead of using <p></p>?
++ What's wrong with using
++ ---------------------------------------------------------------
++ instead of <hr>?
Standards.
++ My point is that HTML, POD, etc only serve to make messages harder
++ to read and non-portable. There is *nothing* that they can do that
++ should ever be in a Usenet message. Everything they could
++ justifiably be used for in Usenet can be done (and has been done
++ ever since Usenet started) with plain text and a bit of common
++ sense.
Really? I guess you have never seen postings with lines over 80 characters,
or text that was quoted 6 times using 6 different quoting conventions.
Would all text be marked up in a logical way (be it HTML or maybe some
SGML or XML based format; pod would be too simple), anyone could format
paragraphs to their wishes. 80 columns, proportional fonts, whatever. All
you would need is <p> and <pre> to do that. Would you have <blockquote>
instead of a myriad of quoting techniques, it would be a lot simpler to
write software that would hide quoted text on demand, or to make sure
a reply doesn't appear before the quoted text.
It would probably never work - people in general would prefer <yellow>
and <blue> over logical markup - but I don't think plain text all the time
would be as good. Of course, plain text should always be acceptable.
Abigail
--
perl -pwle '$_ .= reverse'
------------------------------
Date: Wed, 03 Jun 1998 20:53:00 GMT
From: pudge@pobox.com (Chris Nandor)
Subject: Re: Use of HTML, POD, etc in Usenet (was: Re: map in void context regarded as evil - suggestion)
Message-Id: <pudge-0306981647190001@192.168.0.3>
In article <896891858.711190@thrush.omix.com>, Zenin
<zenin@bawdycaste.org> wrote:
# The problem I have with even the minor use of HTML, POD, etc
# is simply that it isn't needed, ever. This isn't opinion, it's
# simple logic. Any use of anything but plain text isn't going to
# read the same on every reader, ever.
Huh? I have never seen a POD reader built-in to a newsreader. Hence, POD
in a post will look the same to everyone, necessarily.
--
Chris Nandor mailto:pudge@pobox.com http://pudge.net/
%PGPKey = ('B76E72AD', [1024, '0824090B CE73CA10 1FF77F13 8180B6B6'])
------------------------------
Date: Wed, 03 Jun 1998 20:34:17 GMT
From: Matthew.Wickline@usa.net
Subject: Re: Using perl to post a CGI form
Message-Id: <6l4c09$bds$1@nnrp1.dejanews.com>
In article <6ktnd4$4v6$1@news.uta.edu>, cjc9024@omega.uta.edu (CoRey) wrote:
> i recently stumbled upon
> http://babelfish.altavista.digital.com/cgi-bin/translate?
:
> I want a perl/shell script which will automate this for me. i'm
:
Many CGI scripts are authored to accept GET and POST. This is one of those.
(you may need to edit the following to get it on one line)
http://babelfish.altavista.digital.com/cgi-bin/translate?urltext=http://
WWW.SOME.DOMAIN.AND/PATH/ETC/OF/FILE.HTML&languagepair=en_fr&Submit=Translate&
doit=done
The abbove URL will give you your translated page.
You mentioned that you found how to set the language, so you can edit as
appropriate. You can also edit the URL as needed.
Now you just need to automate the lynx -source thingie of URLs constructed by
pasting in your URLs... no need to deal with posting forms afterall :)
-matt
-----== Posted via Deja News, The Leader in Internet Discussion ==-----
http://www.dejanews.com/ Now offering spam-free web-based newsreading
------------------------------
Date: Wed, 3 Jun 1998 14:58:56 -0500
From: tadmc@flash.net (Tad McClellan)
Subject: Re: value of a environment variable
Message-Id: <0u94l6.0u5.ln@localhost>
indhiraa@hotmail.com wrote:
: I need to get the value of environment variable whose name
: is stored in another variable.
$envVar = 'LD_LIBRARY_PATH';
$ldpath = $ENV{$envVar};
I think you should have been able to answer this question yourself
in about five minutes of searching for 'environment' in the
documentation that came with Perl.
You must be really really busy to require that we do the
reading for you...
--
Tad McClellan SGML Consulting
tadmc@metronet.com Perl programming
Fort Worth, Texas
------------------------------
Date: Wed, 03 Jun 1998 19:13:16 GMT
From: mysamatar@hotmail.com
Subject: verify the userID and password
Message-Id: <6l478c$45g$1@nnrp1.dejanews.com>
Here is the scenerio:
Every user log from his/her machine(this morning, or yesterday, or ...) and do
their job, some time user move to different machine and execute an
application AX(intranet application) to do some work at this time the user is
not consider the owner of the transaction. The 2nd user get the access right
of the user who log in from this machine because the application AX uses the
login information to grant the privilege of the users at the login time of the
system.
At the start of the application AX, the user have to login.
IS it a way to verify if the user who start the application AX is the user who
login to the system from this machine using perl/cgi(Oracle webserver)?
we are using the Oracle Webserver on the Unix platform.
please use my email address for answering.
thanks.
M. Samatar
mysamatar@hotmail.com
samatm1@medtronic.com
-----== Posted via Deja News, The Leader in Internet Discussion ==-----
http://www.dejanews.com/ Now offering spam-free web-based newsreading
------------------------------
Date: Wed, 03 Jun 1998 20:21:48 GMT
From: Tom Phoenix <rootbeer@teleport.com>
Subject: Re: verify the userID and password
Message-Id: <Pine.GSO.3.96.980603131638.13600O-100000@user2.teleport.com>
On Wed, 3 Jun 1998 mysamatar@hotmail.com wrote:
> IS it a way to verify if the user who start the application AX is the user who
> login to the system from this machine using perl/cgi(Oracle webserver)?
I think you're really asking, "Is there any way to be sure of the identity
of a remote user"? The WWW Security FAQ talks about that.
http://www.w3.org/Security/Faq/
Hope this helps!
--
Tom Phoenix Perl Training and Hacking Esperanto
Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: 3 Jun 1998 19:21:50 GMT
From: Zenin <zenin@bawdycaste.org>
Subject: Re: Why aren't my objects destructors being called?
Message-Id: <896902215.285968@thrush.omix.com>
Martin Gregory <mgregory@asc.sps.mot.com> wrote:
>snip<
: # WHY DO I HAVE TO DO THIS TO FREE THE MEMORY?
Install the Devel::Peek module from CPAN (and "use Devel::Peek" in
your code). When you get to this section of code, use the
statement:
Dump $parser;
(you may want to exit() here too, as Dump() will print out what
we want)
Among a ton of other stuff, it will give you the REFCNT of the
underlying object (probably the second REFCNT you see, not the
first (which is for $parser, not the object $parser references)).
If it's not 1, something else besides $parser is referencing it
(circular ref in the object maybe?). Other deeper members could
have similar circular refs that aren't being broken correctly, which
would cause similar memory leaks.
In any event, this is a great tool for finding out just where your
leak is comming from and if the module writer is or isn't the
one to complain to about the leak (or maybe a perl bug, it could
happen).
The destructor won't be called until the object count's REFCNT
drops to 0 (or global destruction, ala end of program execution).
When $parser goes out of scope, it will drop REFCNT by one for
it's underlying object, but if it's above 1 at that point it
won't get destroyed.
--
-Zenin
zenin@archive.rhps.org
------------------------------
Date: Wed, 03 Jun 1998 19:35:48 GMT
From: cspence@delphi-tech.com (Christopher Spence)
Subject: Win32 Perl and Unix Perl
Message-Id: <6l48k6$2k4$1@ffx2nh2.uu.net>
Besides os, what is the comparison of speed? Is there much of a difference?
------------------------------
Date: Wed, 3 Jun 1998 21:00:04 +0100
From: "Karl" <kisaac@enterprise.net>
Subject: Win32::AdminMisc not working?
Message-Id: <6l4a1h$fd1$1@news.enterprise.net>
Can anyone tell me why this doesn't work?
use Win32::AdminMisc;
$USER = "phyl";
if ( Win32::AdminMisc::UserSetMiscAttributes("", "$USER",
USER_FULL_NAME, "fred") ) {
print "Updated $USER\n";
}
if ( Win32::AdminMisc::UserGetMiscAttributes("", "$USER", \%ATTRIBUTES)
){
print "Phyl's new name $ATTRIBUTES{USER_FULL_NAME}\n";
}
It produces the output:
Updated phyl
Phyl's new name Phyl Smith
In other words the "set" doesn't appear to work.
Using Perl 5.003_007 from ActiveState build 316
Admin::Misc from www.roth.net build 311
Thanks for any help.
Karl.
------------------------------
Date: 8 Mar 97 21:33:47 GMT (Last modified)
From: Perl-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 8 Mar 97)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.misc (and this Digest), send your
article to perl-users@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
The Meta-FAQ, an article containing information about the FAQ, is
available by requesting "send perl-users meta-faq". The real FAQ, as it
appeared last in the newsgroup, can be retrieved with the request "send
perl-users FAQ". Due to their sizes, neither the Meta-FAQ nor the FAQ
are included in the digest.
The "mini-FAQ", which is an updated version of the Meta-FAQ, is
available by requesting "send perl-users mini-faq". It appears twice
weekly in the group, but is not distributed in the digest.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V8 Issue 2800
**************************************
