Re: Job tracking and publishing question.
From: "Thomas Whitney" <[EMAIL PROTECTED]> > I want to implement a job tracking and database publishing system and hoping > for some assistance. > > My company does short run 4 color digital printing. Because it is short urn > we handle multiple jobs every day. I developed an online bidding system; it > use Apache, mod_perl, and mysql. Now I would like to move to tracking jobs > online; first, for internal purposes -- it would make the workflow much > easier to follow -- and later for customers to view the status of their jobs > on the web. Each bid has about 38 data fields associated with it and each > job will have a few more fields along with an image file in the form of a > pdf. You would have to customize it quite a bit but you might look at 'Request Tracker' as a starting point: http://www.bestpractical.com/rt/ It uses mason with sql or postgresql as the framework. A new version is on the way so if you would probably want to get the latest beta from http://www.fsck.com/pub/rt/devel/ (2.1.86 now) to start. --- Les Mikesell [EMAIL PROTECTED]
Re: Need Help With Apache::Filter (mod 1.x) - Results
> Stas wrote: > > http://www.cpan.org/authors/id/G/GE/GEOFF/Apache-Clean-0.05.tar.gz > > p.s. Apache-Clean-2.x is for mp2. > Thanks Stas ! Looking in the tar file and at modperl_extra.pl, I was able to use the syntax and methods/properties to update my perl file. I was able to change some of the Body of my "default page" ! * Now, I need to get it working with Proxy/Reverse Proxy. (Having issues getting rid of the 'proxy:') i.e. ProxyPass / http://www.newsite.com/ keeps being sent as proxy:http://www.newsite.com/ * Next, Get it working with SSL * and Finally using it with RSA SecurID ! [I already have SecurID working - but disabled until the other items completed] David
Job tracking and publishing question.
Hi, I want to implement a job tracking and database publishing system and hoping for some assistance. My company does short run 4 color digital printing. Because it is short urn we handle multiple jobs every day. I developed an online bidding system; it use Apache, mod_perl, and mysql. Now I would like to move to tracking jobs online; first, for internal purposes -- it would make the workflow much easier to follow -- and later for customers to view the status of their jobs on the web. Each bid has about 38 data fields associated with it and each job will have a few more fields along with an image file in the form of a pdf. Each job needs to be tracked through production with operators at each stage having being able to update its status or add notes. After the job is finished an invoice would be printed to go out with the job. Web based applications are good for this because we use Mac's and PC's, and both must be able to have access to that job. I was looking at Bricolage, however it appears to be more suited to text content publishing. I currently use Template::Toolkit to print out the bids and I imagine I could do all the programming myself--naturally, it would be helpful to find some package that suited at least some of my requirements.. I would really appreciate any thoughts or suggestions. Thanks, Thomas Whitney
Need Help With Apache::Filter
I need help with the Apache::Filter and Apache::OutputChain modules. I've read all the documentation and review the few examples. I've installed the modules, but "it is still not working". What I want to accomplish: I have done via Apache 2.0 mod_ext_filter. However, I am forced to revert back to Apache 1.3 for other reasons. After much reading much (mod_perl website,google searches .. and this mailing list (week ago)), it looks like Apache::Filter and Apache::OutputChain is the only way. A Quick summary of what I want to do: * Change the Web Page Body ( i.e. s/something/something else) before it is sent back to the client. * This server is primarily a proxy server for the clients Any Examples of Apache::Filter would be greatly appreciated. Thanks ! David
mod_perl + GnuPG
I'm getting a strange error while trying to using the GnuPG module while running under mod_perl (everything works fine when executing from a shell) The message is: Can't locate object method "OPEN" via package "Apache::RequestRec" (perhaps you forgot to load "Apache::RequestRec"?) at /usr/lib/perl5/site_perl/5.6.3/GnuPG.pm line 252 Lines 250-253 in GnuPG.pm look like: # This is where the output goes if ( ref $self->{output} && defined fileno $self->{output} ) { open ( STDOUT, ">&" . fileno $self->{output} ) or die "can't redirect stdout to proper output fd: $!\n"; I tried prefixing the open call with CORE:: but this didn't appear to do anything (the error message was the same). Versions: perl 5.6.3 apache 2.0.44 mod_perl 1.99_08 GnuPG.pm 0.09 Thanks.
Re: Need Help With Apache::Filter (mod 1.x)
David Culp wrote: Any Examples of Apache::Filter would be greatly appreciated. http://www.cpan.org/authors/id/G/GE/GEOFF/Apache-Clean-0.05.tar.gz p.s. Apache-Clean-2.x is for mp2. __ Stas BekmanJAm_pH --> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
Need Help With Apache::Filter (mod 1.x)
I need help with the Apache::Filter and Apache::OutputChain modules. I've read all the documentation and review the few examples. I've installed the modules, but "it is still not working". What I want to accomplish: I have done via Apache 2.0 mod_ext_filter. However, I am forced to revert back to Apache 1.3 for other reasons. After much reading much (mod_perl website,google searches .. and this mailing list (week ago)), it looks like Apache::Filter and Apache::OutputChain is the only way. A Quick summary of what I want to do: * Change the Web Page Body ( i.e. s/something/something else) before it is sent back to the client. * This server is primarily a proxy server for the clients Any Examples of Apache::Filter would be greatly appreciated. Thanks ! David
Re: Newbie help with mod-perl 2.0
Apache::Request is not a mod_perl core module. It's a 3rd party module. It could be part of the core if Apache 2.0 were to accept the C library, but they didn't. So it's going to have its own life. And if you are interested in Apache::Request subscribe to [EMAIL PROTECTED] oops, s/[EMAIL PROTECTED]/[EMAIL PROTECTED]/ __ Stas BekmanJAm_pH --> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
Re: Cross Site Scripting
> On 11 Mar 2003 10:58:01 +0200, Clinton Gormley <[EMAIL PROTECTED]> said: CG> On Tue, 2003-03-11 at 06:03, Stas Bekman wrote: CG> Changes since 0.7 CG> * prevent cross-site scripting, now HTML-escaping the request field CG> In Stas' Apache::VMonitor announcement, he mentions changes to CG> prevent cross site scripting. CG> This is a concern for me at the moment, because I'm building a CG> site which will allow people to submit copy (to be displayed to CG> other users) and I would like them to be able to use HTML and CG> include links to other sites (much like slashdot). CG> Do any of you have any ideas about good techniques to prevent CSS CG> (and I don't mean those elements) in this scenario? Limit HTML to some safe subset and use HTML::TagFilter to enforce it. Make sure that you don't allow tag attributes which allow running javascript (like onclick, onchange, etc). The only problem with HTML::TagFilter I see is that it doesn't support restricting schemas in URIs. You definetely should not allow links like But maybe it is possible to extend HTML::TagFilter to do this too. -- Ilya Martynov, [EMAIL PROTECTED] CTO IPonWEB (UK) Ltd Quality Perl Programming and Unix Support UK managed @ offshore prices - http://www.iponweb.net Personal website - http://martynov.org
Re: [mp2] What happened to $r->connection->remote_addr?
Kamil wrote: SB> 1.99_05 is one 7 months old. Please test it again with the released 1.99_08 or SB> even better with the current cvs: SB> http://perl.apache.org/download/source.html#2_0_Development_Source_Distribution SB> As for missing methods reports, see: SB> http://perl.apache.org/docs/2.0/api/ModPerl/MethodLookup.html SB> e.g. you need to load 'Apache::Connection' to get remote_addr I've tried to test ModPerl::MethodLookup, but cannot find this module. Where can i find it ? Sorry if lame, its my first steps with mp2. It was added only recently. So you have to use the cvs version of mod_perl. http://perl.apache.org/download/source.html#2_0_Development_Source_Distribution %perl -MApache2 -MModPerl::MethodLookup -le 'print((ModPerl::MethodLookup::lookup_method(shift))[0])' construct_url Can't locate ModPerl/MethodLookup.pm in @INC (@INC contains: /usr/local/perl/lib/site_perl/5.8.0/i586-linux/Apache2 /usr/local/perl/lib/5.8.0/i586-linux /usr/local/perl/lib/5.8.0 /usr/local/perl/lib/site_perl/5.8.0/i586-linux /usr/local/perl/lib/site_perl/5.8.0 /usr/local/perl/lib/site_perl .). BEGIN failed--compilation aborted. %/usr/local/perl/lib/site_perl/5.8.0/i586-linux/ModPerl# ls BuildOptions.pm FunctionMap.pm MapUtil.pm RegistryBB.pm TestRun.pm Code.pm Global.pm ParseSource.pm RegistryCooker.pm TypeMap.pm Config.pmMM.pm PerlRun.pm RegistryLoader.pm Util.pm Const.pm Manifest.pm Registry.pm StructureMap.pmWrapXS.pm I've tested it with mod_perl/1.99_08 (standard instalation), apache 2.0.44, perl 5.8.0. -- Pozdrawiam, Kamil. -- __ Stas BekmanJAm_pH --> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
Re: Newbie help with mod-perl 2.0
Svein E. Seldal wrote: Hi, Thanks for your help. I'm closer to my goal, thanks to you. However, I have more questions, and I'd hoped you'd enlighten me. I'm reading a lot of documentation on the web about MP2, but I need some more information to clear things out, and to stitch all these small threads of information together. Sure, after reading the available docs you are welcome to ask questions here. First of all, my intentions was to use the new MP2 methods only, because I'm redesigning things from scratch. And thus having to use Apache::compat is a slightly setback, isn't it? It is. Do you have any idea when the new MP2-ish methods will be ready? Which ones are you talking about? args() and content() would never be the same as they were in mp1 (it's not a question of time). See: http://perl.apache.org/docs/2.0/user/compat/compat.html#C__r_E_gt_content_ Especially Apache::Request? Apache::Request is not a mod_perl core module. It's a 3rd party module. It could be part of the core if Apache 2.0 were to accept the C library, but they didn't. So it's going to have its own life. And if you are interested in Apache::Request subscribe to [EMAIL PROTECTED] Joe is working on finishing the C library, feel free to ask if he needs help and help him to finish it faster. Once the C library is completed the Perl glue can be written. But not before. With other words Apache::Request will be the new MP2 way to do things in the future? Yes. Now, testing revealed that $r->args() is only containing the query-string that is part of the URI (now I would guess you say daahh) -- this is usually used in context with GET requests. When I send a POST request, the query-string will be stored in the contents of the message, and not in $r->args(). However, I still need to parse the string as with the GET message. Last but least, I need to support GET form-data (to support file uploads), which leaves us with a third type of argument syntax. Are there any methodes that I can use (now) to parse these POST requests, or do I have to write a parser myself? Will Apache::Request be able to handle these cases? (Because if it will, I can probably settle for args() and content() now, and use my own parser until Apache::Request shows up.) Yes. But you can use CGI.pm for now, which does all that, but slower (pure perl). __ Stas BekmanJAm_pH --> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
Re: Newbie help with mod-perl 2.0
On Tue, 11 Mar 2003, Svein E. Seldal wrote: > Hi, > > Thanks for your help. I'm closer to my goal, thanks to you. However, I > have more questions, and I'd hoped you'd enlighten me. I'm reading a lot > of documentation on the web about MP2, but I need some more information > to clear things out, and to stitch all these small threads of > information together. > > First of all, my intentions was to use the new MP2 methods only, because > I'm redesigning things from scratch. And thus having to use > Apache::compat is a slightly setback, isn't it? Yes. You are doing the Right Thing. > Do you have any idea > when the new MP2-ish methods will be ready? Especially Apache::Request? It's under development. The others are all there, or what specifically are you lacking? Meanwhile you use CGI.pm ... > > With other words Apache::Request will be the new MP2 way to do things in > the future? Yes. Subscribe to [EMAIL PROTECTED] to get the progress updates. > > Now, testing revealed that $r->args() is only containing the > query-string that is part of the URI (now I would guess you say daahh) > -- this is usually used in context with GET requests. > > When I send a POST request, the query-string will be stored in the > contents of the message, and not in $r->args(). However, I still need to > parse the string as with the GET message. > > Last but least, I need to support GET form-data (to support file > uploads), which leaves us with a third type of argument syntax. > > Are there any methodes that I can use (now) to parse these POST > requests, or do I have to write a parser myself? Will Apache::Request be > able to handle these cases? (Because if it will, I can probably settle > for args() and content() now, and use my own parser until > Apache::Request shows up.) CGI.pm should be able to do all of the above and many of its methods are the same as Apache::Request's. HTH, - nick -- Nick Tonkin {|8^)>
Re: [mp2] Using DBI instead of Apache::DBI
Georg Botorog wrote: Hello, In mod_perl1, using persistent (Apache::DBI) and dedicated, per-user connections (DBI) on the same machine required running two Apache instances, one with Apache::DBI and the other without it. Has anything about that changed in mod_perl2? Moreover, how does Apache2 know it has to load Apache::DBI? There is no "PerlModule Apache::DBI" statement in my httpd.conf (as it was under mp1), neither a "use Apache::DBI" in startup.pl or in any other module. Or, to put it the other way around: how can I avoid including Apache::DBI (in the DBI-only instance)? As you said Apache::DBI is either on or off and it will work just the same under mp2 as it does under mp1. However in the near future DBI is going to support pooling internally, which will take the benefit of threads if available. And I think it could be made more flexible than Apache::DBI, i.e. too be more than just on or off. I think Apache::DBI can do the same. What we really need is some sort of pragma where you can control Apache::DBI. e.g. let's say that once you load Apache::DBI it turns the pooling on globally. But than in your script you should be able to say (you can't do it just yet): no Apache::DBI; # which calls Apache::DBI::unimport $dbh = DBI->connect(...) and the unimport will restore the default DBI behavior for the scope of that pragma (e.g. handler) and restores to the previous behavior on the scope exit. Similar to how the warnings pragma works. It's be nice to have a generic pragma for turning any functionality on and off (do we have one already?). e.g. let's call it 'override': use override 'Apache::DBI'; # Apache::DBI overrides DBI here no override 'Apache::DBI'; # the previous functionality is restored (e.g. back to DBI) __ Stas BekmanJAm_pH --> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
Re: Newbie help with mod-perl 2.0
Hi, Thanks for your help. I'm closer to my goal, thanks to you. However, I have more questions, and I'd hoped you'd enlighten me. I'm reading a lot of documentation on the web about MP2, but I need some more information to clear things out, and to stitch all these small threads of information together. First of all, my intentions was to use the new MP2 methods only, because I'm redesigning things from scratch. And thus having to use Apache::compat is a slightly setback, isn't it? Do you have any idea when the new MP2-ish methods will be ready? Especially Apache::Request? With other words Apache::Request will be the new MP2 way to do things in the future? Now, testing revealed that $r->args() is only containing the query-string that is part of the URI (now I would guess you say daahh) -- this is usually used in context with GET requests. When I send a POST request, the query-string will be stored in the contents of the message, and not in $r->args(). However, I still need to parse the string as with the GET message. Last but least, I need to support GET form-data (to support file uploads), which leaves us with a third type of argument syntax. Are there any methodes that I can use (now) to parse these POST requests, or do I have to write a parser myself? Will Apache::Request be able to handle these cases? (Because if it will, I can probably settle for args() and content() now, and use my own parser until Apache::Request shows up.) Thanks, Svein
RE: mp2 building dependant libwin32-0.191 fails tests
Randy Yeah, I skipped the nmake install for libwin. Added all the other stuff and works much better. Thanks for all your efforts to help us. Chuck -Original Message- From: Randy Kobes [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 10:56 AM To: Goehring, Chuck Mr., RCI - San Diego Cc: [EMAIL PROTECTED] (E-mail) Subject: Re: mp2 building dependant libwin32-0.191 fails tests On Tue, 11 Mar 2003, Goehring, Chuck Mr., RCI - San Diego wrote: > Dear mod_perlers, I'm building mod_perl-1.99_08 for apache2. > Currently have the following built: > > httpd-2.0.44 > openssl-0.9.7a.tar.gz > perl-5.8.0.tar.gz > zlib-1.1.4.tar.gz > > In order to run the tests for mod_perl, I had to install > libwin32-0.191.tar.gz (to get Process.pm and ???). This lib bombed > its test with the following: [ .. ] The libwin32 package may not pass all the tests, depending on your Win32 flavour. You should go ahead and install it anyway, as it's needed for the mod_perl tests. > I have a directory E:\src_apache2\mod_perl-1.99_08\t\ that > contains a perl script called test. There is no t.t or test.t > in the whole heirarchy. The mod_perl tests do differ in that respect from tests in other packages, but that's by construction. > Just in case the test was bad, I went ahead and build mod_perl > anyway. It had a lot of errors also: > > Failed Test Stat Wstat Total Fail Failed List of Failed > apache\cgihandler.t22 100.00% 1-2 [ .. ] Did you install libwin32 before running the mod_perl tests? Also, have you installed the libwww-perl package and friends? -- best regards, randy kobes
[mp2] Using DBI instead of Apache::DBI
> Hello, > > In mod_perl1, using persistent (Apache::DBI) and dedicated, per-user > connections (DBI) on the same machine required running two Apache > instances, one with Apache::DBI and the other without it. > > Has anything about that changed in mod_perl2? > > Moreover, how does Apache2 know it has to load Apache::DBI? There is > no "PerlModule Apache::DBI" statement in my httpd.conf (as it was > under mp1), neither a "use Apache::DBI" in startup.pl or in any other > module. Or, to put it the other way around: how can I avoid including > Apache::DBI (in the DBI-only instance)? > > Thanks > George >
Re: mp2 building dependant libwin32-0.191 fails tests
On Tue, 11 Mar 2003, Goehring, Chuck Mr., RCI - San Diego wrote: > Dear mod_perlers, I'm building mod_perl-1.99_08 for apache2. > Currently have the following built: > > httpd-2.0.44 > openssl-0.9.7a.tar.gz > perl-5.8.0.tar.gz > zlib-1.1.4.tar.gz > > In order to run the tests for mod_perl, I had to install > libwin32-0.191.tar.gz (to get Process.pm and ???). This lib bombed > its test with the following: [ .. ] The libwin32 package may not pass all the tests, depending on your Win32 flavour. You should go ahead and install it anyway, as it's needed for the mod_perl tests. > I have a directory E:\src_apache2\mod_perl-1.99_08\t\ that > contains a perl script called test. There is no t.t or test.t > in the whole heirarchy. The mod_perl tests do differ in that respect from tests in other packages, but that's by construction. > Just in case the test was bad, I went ahead and build mod_perl > anyway. It had a lot of errors also: > > Failed Test Stat Wstat Total Fail Failed List of Failed > apache\cgihandler.t22 100.00% 1-2 [ .. ] Did you install libwin32 before running the mod_perl tests? Also, have you installed the libwww-perl package and friends? -- best regards, randy kobes
mp2 building dependant libwin32-0.191 fails tests
Dear mod_perlers, I'm building mod_perl-1.99_08 for apache2. Currently have the following built: httpd-2.0.44 openssl-0.9.7a.tar.gz perl-5.8.0.tar.gz zlib-1.1.4.tar.gz In order to run the tests for mod_perl, I had to install libwin32-0.191.tar.gz (to get Process.pm and ???). This lib bombed its test with the following: ok 244 ok 245 E:\perl\bin\perl.exe "-MExtUtils::Command::MM" "-e" "test_harness(0, '. \blib\lib', '..\blib\arch')" t\test.t t\testok 4/18not ok 5 Can't add a user so there really isn't any point in continuing... t\testdubious Test returned status 255 (wstat 65280, 0xff00) DIED. FAILED tests 5-18 Failed 14/18 tests, 22.22% okay Failed Test Stat Wstat Total Fail Failed List of Failed --- t\test.t 255 6528018 14 77.78% 5-18 Failed 1/1 test scripts, 0.00% okay. 14/18 subtests failed, 22.22% okay. NMAKE : fatal error U1077: 'E:\perl\bin\perl.exe' : return code '0x2' Stop. NMAKE : fatal error U1077: 'cd' : return code '0x2' Stop. I have a directory E:\src_apache2\mod_perl-1.99_08\t\ that contains a perl script called test. There is no t.t or test.t in the whole heirarchy. Just in case the test was bad, I went ahead and build mod_perl anyway. It had a lot of errors also: Failed Test Stat Wstat Total Fail Failed List of Failed --- apache\cgihandler.t22 100.00% 1-2 apache\post.t 21 50.00% 2 apache\scanhdrs.t 9 2304 44 100.00% 1-4 apache\scanhdrs2.t 54 80.00% 1-2 4-5 api\sendfile.t 32 66.67% 2-3 compat\request_body.t 55 100.00% 1-5 compat\send_fd.t 32 66.67% 2-3 directive\perl.t 42 50.00% 2-3 directive\perlloadmodule2.t33 100.00% 1-3 directive\perlloadmodule3.t33 100.00% 1-3 directive\perlmodule.t 11 100.00% 1 directive\perlrequire.t22 100.00% 1-2 directive\setupenv.t 31 33.33% 2 filter\input_body.t22 100.00% 1-2 filter\lc.t11 100.00% 1 filter\reverse.t 22 100.00% 1-2 hooks\access.t 42 50.00% 2-3 hooks\trans.t 33 100.00% 1-3 modperl\getc.t 21 50.00% 2 modperl\readline.t 21 50.00% 2 modperl\sameinterp.t 9 230412 12 100.00% 1-12 modules\include.t 65 83.33% 1 3-6 modules\include2.t 43 75.00% 1 3-4 61 tests skipped. !!! error running tests (please examine t\logs\error_log) NMAKE : fatal error U1077: 'E:\perl\bin\perl.exe' : return code '0x1' Stop. What do I do next. Thanks Chuck
Re: Reading an array from perl script
Stas Bekman wrote: I used IPC::Shareable for sharing 3 arrays between 2 process . Among those, 2 are 2D arrays and one is 3D array. Its woking fine for 2D arrays but does not work for 3D array. If I modify the values in the 3D array its not reflecting in the main script itself. That sounds like the classic problem with TIE and nested data structures, as described here: http://search.cpan.org/author/CHAMAS/MLDBM-2.01/lib/MLDBM.pm#BUGS There is a simple workaround for it, also described there. - Perrin
Re: Cross Site Scripting
On Tue, 2003-03-11 at 02:58, Clinton Gormley wrote: > On Tue, 2003-03-11 at 06:03, Stas Bekman wrote: > > Changes since 0.7 > > > > * prevent cross-site scripting, now HTML-escaping the request field > In Stas' Apache::VMonitor announcement, he mentions changes to prevent > cross site scripting. > > This is a concern for me at the moment, because I'm building a site > which will allow people to submit copy (to be displayed to other > users) and I would like them to be able to use HTML and include links > to other sites (much like slashdot). > > Do any of you have any ideas about good techniques to prevent CSS (and > I don't mean those elements) in this scenario? > > I've read the articles on cert.org > (http://www.cert.org/tech_tips/malicious_code_mitigation.html) and > apache.org > (http://httpd.apache.org/info/css-security/encoding_examples.html) > There is also a great article by Paul Lindner, titled "Preventing Cross-site Scripting Attacks" which I found very helpful, available at: http://www.perl.com/pub/a/2002/02/20/css.html Thanks, -- Nathan Byrd <[EMAIL PROTECTED]>
Re: Cross Site Scripting
On Tue, 11 Mar 2003, Clinton Gormley wrote: > On Tue, 2003-03-11 at 06:03, Stas Bekman wrote: > > > Changes since 0.7 > > > > * prevent cross-site scripting, now HTML-escaping the request field > > > > In Stas' Apache::VMonitor announcement, he mentions changes to prevent > cross site scripting. > > This is a concern for me at the moment, because I'm building a site > which will allow people to submit copy (to be displayed to other users) > and I would like them to be able to use HTML and include links to other > sites (much like slashdot). > > Do any of you have any ideas about good techniques to prevent CSS (and I > don't mean those elements) in this scenario? I hate to blatantly advertise, but using AxKit mostly mitigates XSS (don't use the term CSS to mean cross site scripting - its confusing) bugs, with the exception of javascript in URLs and blank lines inserted into headers from a user submission. So you vastly limit the things you have to check for. -- <:->get a SMart net Spam trap - do not mail: [EMAIL PROTECTED]
Re[2]: [mp2] What happened to $r->connection->remote_addr?
SB> 1.99_05 is one 7 months old. Please test it again with the released 1.99_08 or SB> even better with the current cvs: SB> http://perl.apache.org/download/source.html#2_0_Development_Source_Distribution SB> As for missing methods reports, see: SB> http://perl.apache.org/docs/2.0/api/ModPerl/MethodLookup.html SB> e.g. you need to load 'Apache::Connection' to get remote_addr I've tried to test ModPerl::MethodLookup, but cannot find this module. Where can i find it ? Sorry if lame, its my first steps with mp2. %perl -MApache2 -MModPerl::MethodLookup -le 'print((ModPerl::MethodLookup::lookup_method(shift))[0])' construct_url Can't locate ModPerl/MethodLookup.pm in @INC (@INC contains: /usr/local/perl/lib/site_perl/5.8.0/i586-linux/Apache2 /usr/local/perl/lib/5.8.0/i586-linux /usr/local/perl/lib/5.8.0 /usr/local/perl/lib/site_perl/5.8.0/i586-linux /usr/local/perl/lib/site_perl/5.8.0 /usr/local/perl/lib/site_perl .). BEGIN failed--compilation aborted. %/usr/local/perl/lib/site_perl/5.8.0/i586-linux/ModPerl# ls BuildOptions.pm FunctionMap.pm MapUtil.pm RegistryBB.pm TestRun.pm Code.pm Global.pm ParseSource.pm RegistryCooker.pm TypeMap.pm Config.pmMM.pm PerlRun.pm RegistryLoader.pm Util.pm Const.pm Manifest.pm Registry.pm StructureMap.pmWrapXS.pm I've tested it with mod_perl/1.99_08 (standard instalation), apache 2.0.44, perl 5.8.0. -- Pozdrawiam, Kamil.
Re[2]: [mp2] What happened to $r->connection->remote_addr?
SB> 1.99_05 is one 7 months old. Please test it again with the released 1.99_08 or SB> even better with the current cvs: SB> http://perl.apache.org/download/source.html#2_0_Development_Source_Distribution SB> As for missing methods reports, see: SB> http://perl.apache.org/docs/2.0/api/ModPerl/MethodLookup.html SB> e.g. you need to load 'Apache::Connection' to get remote_addr I've tried to test ModPerl::MethodLookup, but cannot find this module. Where can i find it ? Sorry if lame, its my first steps with mp2. %perl -MApache2 -MModPerl::MethodLookup -le 'print((ModPerl::MethodLookup::lookup_method(shift))[0])' construct_url Can't locate ModPerl/MethodLookup.pm in @INC (@INC contains: /usr/local/perl/lib/site_perl/5.8.0/i586-linux/Apache2 /usr/local/perl/lib/5.8.0/i586-linux /usr/local/perl/lib/5.8.0 /usr/local/perl/lib/site_perl/5.8.0/i586-linux /usr/local/perl/lib/site_perl/5.8.0 /usr/local/perl/lib/site_perl .). BEGIN failed--compilation aborted. %/usr/local/perl/lib/site_perl/5.8.0/i586-linux/ModPerl# ls BuildOptions.pm FunctionMap.pm MapUtil.pm RegistryBB.pm TestRun.pm Code.pm Global.pm ParseSource.pm RegistryCooker.pm TypeMap.pm Config.pmMM.pm PerlRun.pm RegistryLoader.pm Util.pm Const.pm Manifest.pm Registry.pm StructureMap.pmWrapXS.pm I've tested it with mod_perl/1.99_08 (standard instalation), apache 2.0.44, perl 5.8.0. -- Pozdrawiam, Kamil.
Cross Site Scripting
On Tue, 2003-03-11 at 06:03, Stas Bekman wrote: Changes since 0.7 * prevent cross-site scripting, now HTML-escaping the request field In Stas' Apache::VMonitor announcement, he mentions changes to prevent cross site scripting. This is a concern for me at the moment, because I'm building a site which will allow people to submit copy (to be displayed to other users) and I would like them to be able to use HTML and include links to other sites (much like slashdot). Do any of you have any ideas about good techniques to prevent CSS (and I don't mean those elements) in this scenario? I've read the articles on cert.org (http://www.cert.org/tech_tips/malicious_code_mitigation.html) and apache.org (http://httpd.apache.org/info/css-security/encoding_examples.html) thanks Clinton Gormley