Re: How fatalsToBrowser works ?
On Sun, 18 Aug 2002 06:08:38 +0800, [EMAIL PROTECTED] (Connie Chan)
wrote:
$main::SIG{__DIE__} = \Die4CGI::die;
*BUT!! I still not understand, how can this overided
the orgional die ? Why shouldn't I write as :
open FH, $file or Die4CGI::die($!) ;
Because your module says above that the MAIN SIG_DIE
is equal to your subroutine Die4CGI::die.
Would anybody tell me more ?
http://users.actcom.co.il/~choo/lupg/tutorials/signals/signals-programming.html
It's written for c, but the idea is exactly the same.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: How fatalsToBrowser works ?
Thanks everybody, I've made it =))
code
package Die4CGI;
use strict;
$main::SIG{__DIE__} = \Die4CGI::die;
sub die
{ my $dieMesg = shift; $dieMesg =~ s/ at .+$//;
my ($package, $file, $line) = caller;
$file =~ s/^C:\\Server\\Staff\\Connie\\Project\\onTry\\/\\/;
$file =~ s/\\/\//g;
print Content-type: text/html\n\n;
print HTML;
# A lot of html #
Garfield said: $dieMesg happens at: $file line $line.br
# A lot of html #
HTML
; exit(0);
}
1;
/code
So I can call it like the normal :
use strict;
use Die4CGI;
my $file = 'somewhere/somewhere';
open FH, $file or die $!; # prints what I want
Another fatalsToBrowser, simple and lovely!! ;)
*BUT!! I still not understand, how can this overided
the orgional die ? Why shouldn't I write as :
open FH, $file or Die4CGI::die($!) ;
Would anybody tell me more ?
Rgds,
Connie
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: How fatalsToBrowser works ?
You might find this link useful...
http://perl.apache.org/docs/general/perl_reference/perl_reference.html#Exception_Handling_for_mod_perl
Basically, fatalsToBrowser is OK to use, but it can be fraught with
underlying issues that Matt outlines pretty well in the above URL. Has
also given a talk on the subject at the last couple of O'Reilly conferences.
As an aside, at eXtropia, therer was a period of a couple years where we
used fatalsToBrowser quite a bit. And everytime some incompatibility
happened with mod_perl or some other advanced environment, we'd submit
the bug (and sometimes a sample patch) to Lincoln Stein who has been
very helpful.
However, Perl 5.6.0 in particular ruined all of that for us by changing
the behavior of how fatalsToBrowser worked making eval {} tests
impossible to use in your code. 5.6.1 fixed the problem, but there are
MANY ISPs still running 5.6.0 and our support email volume skyrocketted.
So now when we give out scripts we provide a debug version of the CGI
which calls the original CGI behind the scenes wrapped in an eval system
that can do the same thing as fatals To Browser. When you are done
debugging, the intention is that you disable it by changing $DEBUG = 0
instead of $DEBUG = 1 or you delete the debug script off your directory.
Generally, you shouldn't enable fatalsToBrowser in production as a
general security practice.
The nice thing about making the debug into a separate script that calls
the original CGI is that if you want to re-enable debugging output in
production, your production users pointing to the main CGI script will
not get any additional information. But you can still troubleshoot with
the debug version of the URL which your production users won't have
(unless they've been hacking around).
This is similar in concept to the fact that CGIWRAP has a debug and
nondebug version I think. Or at least that's the inspiration for me to
have written this. If you want this debug wrapper program, you can get
it by downloading just about any app off our website such as address
book. If you download address book, you will see address_book.cgi
and address_book_debug.cgi. The debug one can be easily modified to
work with your CGI script and as far as I know has no weird Perl version
problems like fatalsToBrowser.
Later,
Gunther
Connie Chan wrote:
Thanks everybody, I've made it =))
code
package Die4CGI;
use strict;
$main::SIG{__DIE__} = \Die4CGI::die;
sub die
{ my $dieMesg = shift; $dieMesg =~ s/ at .+$//;
my ($package, $file, $line) = caller;
$file =~ s/^C:\\Server\\Staff\\Connie\\Project\\onTry\\/\\/;
$file =~ s/\\/\//g;
print Content-type: text/html\n\n;
print HTML;
# A lot of html #
Garfield said: $dieMesg happens at: $file line $line.br
# A lot of html #
HTML
; exit(0);
}
1;
/code
So I can call it like the normal :
use strict;
use Die4CGI;
my $file = 'somewhere/somewhere';
open FH, $file or die $!; # prints what I want
Another fatalsToBrowser, simple and lovely!! ;)
*BUT!! I still not understand, how can this overided
the orgional die ? Why shouldn't I write as :
open FH, $file or Die4CGI::die($!) ;
Would anybody tell me more ?
Rgds,
Connie
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: How fatalsToBrowser works ?
-Original Message-
From: Connie Chan [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 16, 2002 11:38 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: How fatalsToBrowser works ?
I am on a Win32 system, and I use the fatalsToBrowser to
prompt errors
with some scripts. However, the error mesg will also prompt
where exactly
the file(script) is located. In case, I don't want the full
path is exposed.
Can I modify sth , perhaps regex s///, to mask the root path ?
like :
File not found : html/log/connie.txt at
C:\WWWroot\CGI-ALL\index.pl line 12.
is better be masked as :
File not found : html/log/connie.txt at /index.pl line 12.
Why is revealing the full path to your script risky? What could a bad guy do
with that information? If you're concerned about that, using fatalsToBrowser
is probably a bad idea.
If you really want to munge the message, you could subclass CGI::Carp and
install your munger in front of the call to CGI::Carp::die in the
$SIG{__DIE__} handler.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: How fatalsToBrowser works ?
[...]
If you really want to munge the message, you could subclass CGI::Carp and
install your munger in front of the call to CGI::Carp::die in the
$SIG{__DIE__} handler.
But what is a 'munger' ? and what about $SIG{__DIE__}?
How to play with ? Is there any reference documents I
can read on ?
Rgds,
Connie
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: How fatalsToBrowser works ?
-Original Message-
From: Connie Chan [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 16, 2002 12:13 PM
To: Bob Showalter; [EMAIL PROTECTED]
Subject: Re: How fatalsToBrowser works ?
[...]
If you really want to munge the message, you could subclass
CGI::Carp and
install your munger in front of the call to CGI::Carp::die in the
$SIG{__DIE__} handler.
But what is a 'munger' ? and what about $SIG{__DIE__}?
How to play with ? Is there any reference documents I
can read on ?
A 'munger' would be a routine you write to remove the offending information
from the error message. Since only you know what you want to remove, you
will need to write this.
__DIE__ is a pseueo-signal called by the die() function. CGI::Carp works by
installing its own handler for $SIG{__DIE__}. By subclassing CGI::Carp, you
could catch the __DIE__ signal yourself, adjust the error message, and pass
the (now adjusted) message on to CGI::Carp's normal routine.
perldoc -m CGI::Carp (to see how CGI::Carp works)
perldoc -f die
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: How fatalsToBrowser works ?
Please people, do NOT cross post to the beginners lists. If your question is not CGI related, post to the beginners list, if your question is CGI related, post to the beginners-cgi list. Never, ever, ever, ever should you need to ask a question on both lists. If you don't know which list to post something to, read the FAQ of the list (on http://learn.perl.org/, and also posted here weekly) and make an educated guess of which _one_ to post to. Thanks for your cooperation. Cheers, Kevin On Fri, Aug 16, 2002 at 11:38:12PM +0800, Connie Chan ([EMAIL PROTECTED]) said something similar to: I am on a Win32 system, and I use the fatalsToBrowser to prompt errors with some scripts. However, the error mesg will also prompt where exactly the file(script) is located. In case, I don't want the full path is exposed. Can I modify sth , perhaps regex s///, to mask the root path ? like : File not found : html/log/connie.txt at C:\WWWroot\CGI-ALL\index.pl line 12. is better be masked as : File not found : html/log/connie.txt at /index.pl line 12. Is that possible ? Rgds, Connie -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- [Writing CGI Applications with Perl - http://perlcgi-book.com] What's another word for Thesaurus? -- Steven Wright -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How fatalsToBrowser works ?
RANT Can we have a weekly FAQ on cross posting? Kinda like: Subject: Weekly FAQ on cross posting Don't do it. /RANT -Original Message- From: Connie Chan [mailto:[EMAIL PROTECTED]] Sent: Friday, August 16, 2002 11:38 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: How fatalsToBrowser works ? I am on a Win32 system, and I use the fatalsToBrowser to prompt errors with some scripts. However, the error mesg will also prompt where exactly the file(script) is located. In case, I don't want the full path is exposed. Can I modify sth , perhaps regex s///, to mask the root path ? like : File not found : html/log/connie.txt at C:\WWWroot\CGI-ALL\index.pl line 12. is better be masked as : File not found : html/log/connie.txt at /index.pl line 12. Is that possible ? Rgds, Connie -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] The views and opinions expressed in this email message are the sender's own, and do not necessarily represent the views and opinions of Summit Systems Inc. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How fatalsToBrowser works ?
So, you are cross posting now! Never ever do this if that's not CGI related to CGI, and not to Perl to either any of them. If you don't understand, please read the FAQ. In case, I can't assume the subs.ers are subs. on both group, but my question is related to both on CGI issues and Perl issues. So I have the reason to cross posting. On my point of view, this actually asking to 2 independent groups. I believe that I behaves good on almost postes, to the right list. I seldom cross posting unless I have the reason to. Also, if you are not giving ans. to my question, but a warning, pls go on by private, if you are not trying to telling the world that you are a police. I still submit to beginners list, as I have the impression that this list is more leadership. If some guys still warn or suggestion me to choose either one of the group for even my questions are related to both, I will follow and respect on it. Rgds, Connie - Original Message - From: Kevin Meltzer [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, August 17, 2002 12:12 AM Subject: Re: How fatalsToBrowser works ? Please people, do NOT cross post to the beginners lists. If your question is not CGI related, post to the beginners list, if your question is CGI related, post to the beginners-cgi list. Never, ever, ever, ever should you need to ask a question on both lists. If you don't know which list to post something to, read the FAQ of the list (on http://learn.perl.org/, and also posted here weekly) and make an educated guess of which _one_ to post to. Thanks for your cooperation. Cheers, Kevin -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How fatalsToBrowser works ?
On Sat, Aug 17, 2002 at 12:08:14AM +0800, Connie Chan ([EMAIL PROTECTED]) said something similar to: So, you are cross posting now! I am the one who watches the lists, if you haven't noticed or read the FAQs. Admins cross-posting isn't unheard of when it comes to administriva situations. Never ever do this if that's not CGI related to CGI, and not to Perl to either any of them. If you don't understand, please read the FAQ. I wrote the FAQ. In case, I can't assume the subs.ers are subs. on both group, but my question is related to both on CGI issues and Perl issues. So I have the reason to cross posting. On my point of view, this actually asking to 2 independent groups. No, you don't. If the question is related to Perl _and_ CGI, then it should go to the beginners-cgi list. If it is CGI related, it doesn't belong on the beginners list. This isn't rocket science. Many people subscribe to both list. But, as with any list(s), it is appropriate to post to the best suited one for the topic of your question. Some people have even emailed me privately asking if it is OK to say 'thanks' on a list (which it is, of course). Why is it some people are so polite, and others are so argumentative? I believe that I behaves good on almost postes, to the right list. I seldom cross posting unless I have the reason to. There is no reason to, unless you are an admin for the lists. This has been discussed before, if you searched the archives you would likely find me saying don't cross-post multiple times. You would also find list members asking people not to cross-post. These are sister lists, not independent groups. If the FAQ and the members of the lists hasn't made that apparant, me stating it should. Also, if you are not giving ans. to my question, but a warning, pls go on by private, if you are not trying to telling the world that you are a police. I am the police of the lists. Again, (re)read the FAQs. Sorry I used your email as the one to respond to, but as someone active on the lists, you should know better. I do send PLENTY of emails in private, believe me. I also get emails in private asking me to make sure people do not cross-post. In fact, I do believe I have sent you private emails before about cross-posting. I still submit to beginners list, as I have the impression that this list is more leadership. If some guys still warn or suggestion me to choose either one of the group for even my questions are related to both, I will follow and respect on it. When you go to someones house, and they ask you to remove your shoes.. do you give them back-talk and wait for other guests to make the request to you? Please respect the people who run the lists, follow the rules of the lists, and thank them every day for the fact they provide you with an outlet to ask your questions. If you feel the need to argue with them, pick up your toys and go. Cheers, Kevin Rgds, Connie - Original Message - From: Kevin Meltzer [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, August 17, 2002 12:12 AM Subject: Re: How fatalsToBrowser works ? Please people, do NOT cross post to the beginners lists. If your question is not CGI related, post to the beginners list, if your question is CGI related, post to the beginners-cgi list. Never, ever, ever, ever should you need to ask a question on both lists. If you don't know which list to post something to, read the FAQ of the list (on http://learn.perl.org/, and also posted here weekly) and make an educated guess of which _one_ to post to. Thanks for your cooperation. Cheers, Kevin -- [Writing CGI Applications with Perl - http://perlcgi-book.com] It looks just like a Telefunken U-47! -- Frank Zappa -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How fatalsToBrowser works ?
I am on a Win32 system, and I use the fatalsToBrowser to prompt errors
with some scripts. However, the error mesg will also prompt where exactly
the file(script) is located. In case, I don't want the full path is
exposed. Can I modify sth , perhaps regex s///, to mask the root path ?
like :
File not found : html/log/connie.txt at C:\WWWroot\CGI-ALL\index.pl line
12.
is better be masked as :
File not found : html/log/connie.txt at /index.pl line 12.
Is that possible ?
Interesting... Looking at the CGI::Carp source, there seems to be some
undocumented functionality. It looks like you can define a variable
$CGI::Carp::CUSTOM_MSG, which can either be a message or a coderef.
I haven't tested this, but by the looks of things something like this might
work for you:
,[ code ]
| use CGI::Carp qw(fatalsToBrowser);
| BEGIN {
|$CGI::Carp::CUSTOM_MSG = sub {
| my $msg = shift;
| $msg =~ s/C:\WWWroot\CGI-ALL//;
|
| print STDOUT $msg;
|};
| }
`
As I said, untested, and undocumented as far as I can see. So who knows if
it'll actually work.
Thanks,
Daniel
--
Just wanna dance the night away
With senoritas who can sway
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: How fatalsToBrowser works ?
Please people, do NOT cross post to the beginners lists. If your question is not CGI related, post to the beginners list, if your question is CGI related, post to the beginners-cgi list. Never, ever, ever, ever should you need to ask a question on both lists. If you don't know which list to post something to, read the FAQ of the list (on http://learn.perl.org/, and also posted here weekly) and make an educated guess of which _one_ to post to. Thanks for your cooperation. Cheers, Kevin On Fri, Aug 16, 2002 at 11:38:12PM +0800, Connie Chan ([EMAIL PROTECTED]) said something similar to: I am on a Win32 system, and I use the fatalsToBrowser to prompt errors with some scripts. However, the error mesg will also prompt where exactly the file(script) is located. In case, I don't want the full path is exposed. Can I modify sth , perhaps regex s///, to mask the root path ? like : File not found : html/log/connie.txt at C:\WWWroot\CGI-ALL\index.pl line 12. is better be masked as : File not found : html/log/connie.txt at /index.pl line 12. Is that possible ? Rgds, Connie -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- [Writing CGI Applications with Perl - http://perlcgi-book.com] What's another word for Thesaurus? -- Steven Wright -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
