Re: [Catalyst] Catalyst 5.90080 on CPAN!

2015-01-19 Thread Mark Ellis 
You *should* be ok going from 5.90062 to 5.90082, but just in case I'd read
the Upgrading guide,
https://metacpan.org/pod/distribution/Catalyst-Runtime/lib/Catalyst/Upgrading.pod

and the delta
https://metacpan.org/pod/distribution/Catalyst-Runtime/lib/Catalyst/Delta.pod

On 19 January 2015 at 10:22, Craig Chant 
wrote:

> Hi,
>
> Should I always update my Catalyst and if so, can someone please point me
> to the upgrade step by step documentation.
>
> I remember the last time I re-installed Catalyst due to getting a new PC
> and when firing up my dev machine it refused to run the app because it had
> been developed on a different version of Catalyst.
>
> I've been reluctant to change / upgrade anything ever since and would
> appreciate some guidance as I don't' think just replacing / upgrading the
> Catalyst Runtime will work?
>
> I'm currently running ...
>
> Devel : Version 1.37
> Runtime: Version 5.90062
>
> Note: I use Perl Package Manager on Windows IIS, so anything with CLI *nix
> is not helpful.
>
> Many thanks,
>
> Craig (SSPL)
>
> -Original Message-
> From: John Napiorkowski [mailto:jjn1...@yahoo.com]
> Sent: 09 January 2015 17:18
> To: The Elegant MVC Web Framework
> Subject: [Catalyst] Catalyst 5.90080 on CPAN!
>
> Hey All!
>
> We just cut 5.90080 release to stable.
>
> Get it => https://metacpan.org/release/JJNAPIORK/Catalyst-Runtime-5.90080
>
> Info and overview =>
>
> http://jjnapiorkowski.typepad.com/modern-perl/2015/01/perl-catalyst-590080-released-to-cpan.html
>
> Enjoy and shout out if you see trouble!
>
> jnap
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
> This Email and any attachments contain confidential information and is
> intended solely for the individual to whom it is addressed. If this Email
> has been misdirected, please notify the author as soon as possible. If you
> are not the intended recipient you must not disclose, distribute, copy,
> print or rely on any of the information contained, and all copies must be
> deleted immediately. Whilst we take reasonable steps to try to identify any
> software viruses, any attachments to this e-mail may nevertheless contain
> viruses, which our anti-virus software has failed to identify. You should
> therefore carry out your own anti-virus checks before opening any
> documents. HomeLoan Partnership will not accept any liability for damage
> caused by computer viruses emanating from any attachment or other document
> supplied with this e-mail. HomeLoan Partnership reserves the right to
> monitor and archive all e-mail communications through its network. No
> representative or employee of HomeLoan Partnership has the authority to
> enter into any contract on behalf of HomeLoan Partnership by email.
> HomeLoan Partnership is a trading name of H L Partnership Limited,
> registered in England and Wales with Registration Number 5011722.
> Registered office: Pharos House, 67 High Street, Worthing, West Sussex,
> BN11 1DN. H L Partnership Limited is authorised and regulated by the
> Financial Conduct Authority.
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Please help to figure out with URL's

2014-12-04 Thread Mark Ellis 
On 4 December 2014 at 20:31, Larry Leszczynski  wrote:

>
> On Thu, Dec 4, 2014, at 12:41 PM, Trevor Leffler wrote:
> > This is a typical use:
> >
> >  rel="stylesheet">
>
> Assuming you're using Template Toolkit, you should use the "url" filter,
> not the "html" filter:
>
>rel="stylesheet">
>

afaik a url should be uri encoded when it's a url, and everything should be
html encoded when in html. the point being uri_for already uri_encodes the
url, and you should then html encode it when embedding it on the page, as
'&' is valid in a url, but not vaild in html

so  would be the correct method


> Larry
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] UTF8 problems with plugin::encoding

2014-07-22 Thread Mark Ellis 
I don't think there's anything you can do, you're app wants utf8 and
they're sending something else which doesn't map. and since you can't know
what format it is in, then all you can do is die if it doesn't map, which
is what the plugin does.

as far as i can tell the ruby middleware i found handles this by returning
a 400 bad request, which cataylst does as well. so there's no affect, other
than the noise in the logs.


On 22 July 2014 11:21, Bernhard Bauch  wrote:

> here’s also a perl-script that does it
>
> --
> use Encode qw(decode encode);
> use LWP::UserAgent;
>
> my $str = '深入 so what';
> my $oct = encode("gb2312", $str);
> my $url = 'http://wbc-inco.net/object/event/past';
> my $ua   = LWP::UserAgent->new();
> my $response = $ua->post( $url, { $oct => $oct } );
> my $content  = $response->decoded_content();
> --
>
> On 22 Jul 2014, at 11:33, Bernhard Bauch  wrote:
>
> hey all,
>
> this pyton3 script triggers the error ….
>
> 
> import httplib2
> import urllib.parse
>
> somestr = '深入 so what'
> encodedstr = somestr.encode('gb2312')
> url = 'http://myappdomain.com/search'
> body = { encodedstr:encodedstr }
> headers = {
> 'Content-type': 'application/x-www-form-urlencoded',
> 'Accept': 'text/html, application/xml;q=0.9, application/xhtml+xml,
> image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1',
> 'Accept-Encoding': 'gzip, deflate',
> 'Accept-Language': 'zh;q=0.9,en;q=0.8'
> }
> http = httplib2.Http()
> response, content = http.request(url, 'POST', headers=headers,
> body=urllib.parse.urlencode(body))
> 
>
> now its possible to reproduce the error :)
>
> any ideas how to solve this ?
> ruby people did this with adding a utf8-sanitizer in the middleware..
>
> bye, bernhard
>
>
> On 21 Jul 2014, at 22:19, Bernhard Bauch  wrote:
>
> more news..
>
> the crawler/searcheinge that triggers these errors is
> http://easou.com
>
> this searchengine delivers their pages not in UTF8 — but in “gb2312” which
> is “simple chinese”
> if i open the “wrong utf8” parameters from the faulty requests with
> “gb2312” some readable signs appear.
> >> this leads me to: catalyst does not handle requests with gb2312 encoded
> parameters (because they are not utf8) -and the request does not promote
> that it is encoded in other than utf8.
>
> any ideas what to do ?
>
> bye, bernhard
>
>
>
> On 21 Jul 2014, at 14:36, Roman Winfinit  wrote:
>
> Hello,
>
> How are you running your application? Ie: mod_perl, fcgi, fcgi +
> httpd/nginx, plack + ... also what version of perl are you using and what
> os?
>
> -roman
> On Jul 21, 2014 6:58 AM, "Bernhard Bauch"  wrote:
>
>> Hey all,
>>
>> on most of my website running on (latest catalyst: 5.90065) i always get
>> utf8 related errors.
>> the usually appear if a spider
>> Mozilla/5.0 (compatible; EasouSpider; +
>> http://www.easou.com/search/spider.html)
>> comes accross.
>>
>> the error is:
>> Caught exception in engine "UTF8 Error: utf8 "\x98" does not map to
>> Unicode at /usr/local/…./lib/perl5/Catalyst/Plugin/Unicode/Encoding.pm line
>> 167.
>>
>> It took me while to get the actual parameters the spiders sends because
>> the debug-message of catalyst do not tell that much :...
>>
>> —
>> [2014/07/16 15:08:47] [5.255.253.218] [INFO] vim
>> /usr/local/…./lib/perl5/Catalyst.pm +2016: *** Request 164 (0.032/s)
>> [10682] [Wed Jul 16 15:08:47 2014] ***
>> [2014/07/16 15:08:47] [5.255.253.218] [DEBUG] vim
>> /usr/local/…./lib/perl5/Catalyst.pm +2309: Response Code: 400;
>> Content-Type: text/plain; charset=UTF-8; Content-Length: unknown
>> [2014/07/16 15:08:47] [5.255.253.218] [INFO] vim
>> /usr/local/.../lib/perl5/Catalyst.pm +1880: Request took 0.006491s
>> (154.059/s)
>>
>> .---+---.
>> | Action
>>
>>| Time  |
>>
>> +---+---+
>>
>> '---+---'
>> —
>>
>> i changed to Plugin::Unicode::Encoding plugin a bit to find out what the
>> client sends … the results are these:
>> UTF8 trash arrives - and the module seems unable to deal with it…
>>
>> 
>> Caught exception in engine "UTF8 Error: utf8 "\x98" does not map to
>> Unicode at /usr/local/…../lib/perl5/Catalyst/Plugin/Unicode/Encoding.pm
>> line 170.
>>  -
>>
>> URL: notice/list
>>
>> PARAMS:$VAR1 = {
>>

Re: [Catalyst] HTML encoding parameters

2014-06-29 Thread Mark Ellis 
I've had really good results with HTML::StripScripts::Parser, you can set
allowed tags, attributes and stop JavaScript injection. You can also set
allowed attributes on certain tags only, it's really flexible
On 29 Jun 2014 05:14, "bill hauck"  wrote:

> Hi.
>
> Please forgive me if this is an easy one.  It's late and I haven't found
> any mention of it.
>
> I'd like to encode form fields so that only the standard bold, italic,
> underline, list, etc. are allowed and and script, style, etc. tags are
> encoded.  Also, I'd like to only let the base tags through and no
> attributes so setting an onmouseover in a paragraph is encoded.  Basically
> I'm trying to avoid XSS and other nastiness.
>
> Is there a module that does this to all parameters at once?  Do i simply
> need to do it to each paramter I accept?  For now I've been adding the html
> filter in my Template Toolkit templates, but that's a pain and relies on
> each output field filtering.  I'd like to encode before storing the data in
> the database so it's safe no matter how it's presented.
>
> Any help is appreciated.
>
> Thanks,
>
> bill
>
>
>
>
>
>
>
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Catalyst email

2014-04-11 Thread Mark Ellis 
could be related to this
http://www.ietf.org/mail-archive/web/ietf/current/msg87153.html


On 11 April 2014 16:54, Len Jaffe  wrote:

> FYI: Gmail is putting your email in spam, saying that they could not
> verify that it came from yahoo.com.
>
> --
> lenja...@jaffesystems.com   614-404-4214@lenjaffe
> Information Technology Smoke Jumper, Host of Columbus Code 
> Jam
> www.lenjaffe.com http://www.theycomewithcheese.com
> Advent Planet  - An Aggregation of
> Online Advent Calendars.
>
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/