Re: A good book?
The CD Book shelf has just been updated to include the 3rd edition of Programming Perl. Don't let anyone sell you the old edition! best regards, Richard At 10:20 4/06/2001 +0100, you wrote: I would suggest you buy The Perl CD Bookshelf from O'Reilly. You get the Perl in a Nutshell book which is a good reference to a lot of Perl stuff, and a CD that includes in searchable HTML format: Perl in a Nutshell (yes, you get it twice!) Programming Perl, 2nd Edition Perl Cookbook - handy recipies Advanced Perl Programming Learning Perl, 2nd Edition Learning Perl on Win32 Systems - exactly like the above title but geared for Win32
Re: Session.pm
Michael, The error message indicates that Perl cannot find the Session.pm module. Be sure you have installed the module properly. If you have to install it locally on an ISP, then you'll need to add: use lib '/path/to/your/modules/'; Hope this helps, William On 3 Jun 2001, at 19:38, Michael Chopek wrote: Hi Folks; I'm trying to get a handle on using sessions so I have been trying to get through the docs at; http://www.awu.id.ethz.ch/~th/session/ (Session.pm) He has a few sample programs and his first is below; #!/usr/bin/perl -w # Hello World. use strict; use vars qw($sob); use Session; local $sob = Session-new(); if ($sob-open_session(0)) { main(); } $sob-close_session; # main sub main { if ( $sob-{COMPONENT}{call_number} ) { $sob-{COMPONENT}{call_number}++; } else { $sob-{COMPONENT}{call_number} = 1; } print $sob-header(), $sob-start_html('Hello', '[EMAIL PROTECTED]'), h1Hello World/h1 Your Sessions ID is $sob-{SESSION}{_session_id}p This is your $sob-{COMPONENT}{call_number}. call to main.cgi. p\n, $sob-end_html; return; } He says to name the file main.cgi and view it through the browseryet when I try to, I get the dreaded 500 Server error. Running the program from the command line and the Apache error logs produce this.. Can't locate object method new via package Session at main.cgi line 7. Any ideas why the example above will not run at my site? I know I'm missing something simple here..just not sure what. - thanks - -- best regards -michael -- [EMAIL PROTECTED] www.knowmad.com Charlotte, NC
Re: Limiting access to cgi scripts
Kurt Edmiston wrote: Hi, I want to limit access to one of my scripts. I have a list of web pages that are authorized to call my script, and I want to disable the script if another unauthorized page calls it. My code to do this looks like the following: my $referer = $ENV{HTTP_REFERER}; my $legal_referer; my(@legal_referers) = (http://www.some-url.com/page1.html;); # list of authorized pages my $clear = 0; foreach $legal_referer (@legal_referers) { if ($legal_referer eq $referer) { $clear = 1; } } if (!$clear) { # kill the script } ... I want to know if this is a good (safe) way to do this. I'm open to any suggestions. Thanks in advance. Hi, A problem is that the client can present any referer it wishes (or none), so a cracker could, if learning valid referers by trial/error or whatever, simply use one of those referers when making the query. Very easy to do in LWP, particularly to work around content shields. I actually do this, protecting my form CGIs from casual harrasment, but a determined malfeasant could simply read my form source, generate false forms with a forged referer, and DoS me. But this is only for my toy personal site :) One solution would be to combine a cookie with dynamic link generation, that would force a browser to cache a cookie, then generate links that required that cookie plus a separate string in the query to access the page. Cumbersome, yes, but without an even more cumbersome certificate-based AAA solution it is probably the most solid bet. Any solution that relies exclusively on a client being honest can be cracked trivially. :| Good luck! - MAtt
netscape won't read as html
hello, i am trying to print out some html in my script and IE and Opera both display the html properly, however netscape will actually display the html as if it were a text doc. i would assume that something would be incorrect in my content-type, but i just don't see it. thanks -charles #!/usr/bin/perl beginhtml; mainbody; endhtml; sub beginhtml { print begin_html; Content-type: text/html\n\n html\n headtitleControl Panel/title/head\n body bgcolor=white\n begin_html } sub endhtml { print end_html; /body /html end_html } sub mainbody { print main_body; Hello World mainbody }
Re: Limiting access to cgi scripts
Kurt == Kurt Edmiston [EMAIL PROTECTED] writes: Kurt my $referer = $ENV{HTTP_REFERER}; No. Trivially forged, stripped by many security proxies and caches. Interesting as a logged item or a hint, however. Try something else. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 [EMAIL PROTECTED] URL:http://www.stonehenge.com/merlyn/ Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Re: testing null strings for form field values
On Mon, 4 Jun 2001, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote, if ( $formdata{view_name} ne ) { $view = $formdata{view_name}; $viewtag = 1; } is there a special method for testing against a null string for a form field's value? i am using the above data, but it seems to always return with a value of 1 making me think that something is incorrect in my if test. the form itself does not have anything default value specified for view_name. Take a look at these one-liner examples. The string (nothing) indicates that no output is printed. 1% perl -le '$x; print 1 if $x ne ' (nothing) 2% perl -le '$x = undef; print 1 if $x ne ' (nothing) 3% perl -wle '$x = undef; print 1 if $x ne ' Use of uninitialized value at -e line 1. 4% perl -wle '$x = i am here; print 1 if $x ne ' 1 5% perl -we '$x = undef; print ($x)\n; Use of uninitialized value at -e line 1. () 6% perl -we '$x = ; print ($x)\n; () Number 2 is basically same with number 1 in that $x is undefined, except that $x variable in the number 2 is explicitly assigned. (Number 1 will also give you extra warning if you use -w). The line under number 3 is not an output of the code, it's a warning that will guide you what's wrong with the code. Undefined value is not the same as empty string (), but both are evaluated to false. If you use undefined variable anyway, it will be evaluated to empty (see no.5 and 6). Empty field is sent as undefined value and when you test it against with 'ne' operator, it evaluates to true because they're not equal. You need the defined() function to test whether the variable contains some defined value, and it will cover both and 0 if the test returns true. if (defined $var) { } If you need the value of the variable and you don't want then you need to test that too, if (defined $var and $var ne ) { } or if (defined $var and length $var) { } But if you rather want to test $var against true value, you can simply use, if ($var) { } Btw, did you use -w switch and use strict in your script? You really should. All those example codes above will bail out when you use strict. hth s.a.n -- Hasanuddin Tamir: [EMAIL PROTECTED] - Trabas: www.trabas.com
Re: netscape won't read as html
On Mon, 4 Jun 2001 13:10:45 -0500 (CDT), [EMAIL PROTECTED] said: hello, i am trying to print out some html in my script and IE and Opera both display the html properly, however netscape will actually display the html as if it were a text doc. i would assume that something would be incorrect in my content-type, but i just don't see it. sub beginhtml { print begin_html; Content-type: text/html\n\n -- Flush Content-type to the left. I don't want to get into the details of which browser is conformant to the standards and which is not, just wanted to say that starting a header line with a space indicates that it's a continuation from the previous line. So, header lines should not be prepended by spaces, tabs, and such. html\n headtitleControl Panel/title/head\n body bgcolor=white\n begin_html } _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Re: testing null strings for form field values
Randal is of course right. I apologize for my extremely confusing and idiom riddled post. Randal L. Schwartz wrote: David == David Labatte [EMAIL PROTECTED] writes: David The why though is most likely that: undef ne '' That's not true. undef eq ''. Sorry I meant that statement in the english phrase sense not in the literal perl sense. I'll translate it from garbledslash.psudogeekese and never use that particularly poor and confusing dialect here again: undef is undef, '' is ''. Occasionally perl will care. Best to treat them differently until your comfortable with their differences. Not even close to what I actually said, but it's what I meant. I guess I was expecting the reader to somehow divine my actual thoughts. David What I usually do if I have code that expects an empty string David instead of an undef is append an empty string onto it when I read David the cgi.pm value into it. David $formdata{view_name} = $query-param('view_name') . ''; David That way undefined form elements have a consistent value and David it's easy to just send them back out to the user if I have to David without mangling them for display. This is voodoo programming. You must've had some problem that this appeared to solve at some point, but it isn't needed for what you are answering here, so I don't know how that can help. Sorry your right, this is bad programming and way beyond the scope of what was asked in this question and should not have been mentioned. Since I've badly explained myself already, I'll waste a little more time and say it's a useful idiom to force the cgi.pm return value to a true '' so the differences between it and undef don't bite you unexpectedly. I'll try to be more on topic with my responses from now on. undef acts for all intents and purposes the same as an empty string. If you have warnings on, you'll get messages when you use it as an empty string, but you would have got a message on that first concatenate as well. Very true, and sorry this post is not very clear, lucid or representative of what I was thinking. Not the best of contributions on my part, and I'm sorry for anyone I've confused. I will improve. I promise :) Thank you Randal for being there giving me a standard to improve to. -- Perl, because 600 billion oysters can't be wrong Canadian Consulting Services' pet perl hacker David Labatte [EMAIL PROTECTED]
Re: if statement printing when it shouldnt :)
[EMAIL PROTECTED] wrote: : if ( $viewtag = 1 ) { : print The value of \$view was $view\np; : } : : i would have thought that the second statement would not print since the : form had not been submitted. however, instead, the if statements' print : does get stuck into the html. A pernicious little bug: you're using = when you want ==. Also, it's a numerical comparison, so there's no need to quote the 1: if ($viewtag == 1) { or better yet, if (1 == $viewtag) { The second one is a compile error if you use =. -- tdk
REPOST: Regex compilation in mod_perl?
Hi all, I'm trying to write a script to retrieve a list of URLs, search them for a list of words and print the results. I wrote it first as a standalone script and got it working, but when I converted it to a web page it no longer works properly. The data is typed into two TEXTAREAs, one url or string to a line. The url of the script when called looks like this: http://fw/cgi-bin/searchweb.pl?PAGES=http%3A%2F%2Fwww.colossalrecords.com.au% 2Fnewrelease-page.htm%0D%0Ahttp%3A%2F%2Fwww.bonzairecords.com%2Fcatalogue.htm STRINGS=Rush%0D%0AHold+ItSearch=Search Since the data is string\n\rstring I figured I could use split /^/ to separate out the individual strings. There's probably an easier way to do it though... the split seems to work correctly, and both @strings and %content get filled apparently ok. The problem is that it only returns some of the results that it should. If a page only contains one of the strings, it will return none. If the page contains many of the strings, it will only return one. I have a feeling that it's something really obvious but I can't see what it is. I've tried different parameters on the regex and adding a reset after each string to no effect. Can anyone see what could be causing the problem? Thanks for your help, Len Here's the script. Thanks to Curtis for adding use strict and my vars. #!/usr/bin/perl -w # search for each of a number of strings in a number of web pages use strict; use CGI; require LWP::UserAgent; my $q = new CGI; my $textstr = $q-param('STRINGS'); my $pages = $q-param('PAGES'); my @strings; my $i = 0; my $ua = new LWP::UserAgent; my %content; print $q-header(-expires='-1d'); print EOH; html titleSearch results/title body bgcolor=ff h1Search results/h1 EOH foreach my $line (split /^/, $textstr) { chomp $line; $strings[$i] = $line; $i++; } foreach my $line (split /^/, $pages) { chomp $line; my $request = new HTTP::Request(GET = $line); print Loading $linebr; my $response = $ua-request($request); if ($response-is_success) { $content{$line} = $response-content; } else { print bError: $line.$response-status_line./bbr; } } print brSearchingbr; foreach my $page (keys %content) { print $page.br; foreach $string (@strings) { # \Q deals with () in pattern if ($content{$page} =~ /\Q$string/g) { print 'blockquote'.$string.' found/blockquote'; } # worth a try reset; } } print EOF; /body /html EOF