mod_perl interactive debugging

2008-05-27 Thread william 
Hello, I am trying to debug my perl code under mod_perl and I had
followed all the instruction at this section
http://perl.apache.org/docs/1.0/guide/debug.html#Interactive_mod_perl_Debugging

I managed to see my perl debugging console prompted , but this prompt
is shown by the
tail -f /var/log/apache2.log

  DB<1> 
ModPerl::RegistryCooker::default_handler(/usr/local/lib/perl/5.8.8/ModPerl/RegistryCooker.pm:172):
172:return ($rc == Apache2::Const::OK && $old_status != $new_status)
173:? $new_status
174:: $rc;
  DB<1>

I was thrilled for a while that it did appear, but then it's just an
output but not input. Where am I suppose to see and use the debugger ?
Thanks.

Re: Trouble with mod_perl, Archive::Zip and taint mode

2008-05-27 Thread Roberto C . Sánchez 
Does anybody have any ideas on this?

Regards,

-Roberto

On Sun, May 25, 2008 at 03:45:24PM -0400, Roberto C. Sánchez wrote:
> [Please CC me on all replies]
> 
> So, I am writing some simple code to allow a user to upload his own
> photo galleries.  The section of code giving me problems is this:
> 
>   my $scratch_dir = $gallery_dir . "/scratch";
>   my $zipper = Archive::Zip->new();
>   my $zip_stat = $zipper->read($destfile);
>   if ($zip_stat == Archive::Zip::AZ_OK) {
> $zipper->extractTree('.', $scratch_dir);
> print "Extracted archive contents into target directory.\n";
>   } else {
> print "Unable to operate on the uploaded archive file.  Please fix the 
> problem and upload again.\n";
>   }
> 
> When I call extractTree() in the manner shown above, I get the
> "Extracted archive..." output, but nothing is actually extracted.  If I
> change the call to extractTree() with no arguments, I get a 500 error
> and this in my Apache log:
> 
> [Sun May 25 08:57:35 2008] [error] [asp] [11570] [error] error executing
> code for include /var/www/templates/Photo_page_edit.tmpl: Insecure
> dependency in open while running setgid at /usr/lib/perl/5.8/IO/File.pm
> line 70. <--> ; compiled to SCALAR(0x91f6f24) at
> /usr/share/perl5/Apache/ASP/Response.pm line 844. <--> ,
> /usr/share/perl5/Apache/ASP.pm line 1521
> 
> If I try this, I also get the same taint error:
> 
>   my $scratch_dir = $gallery_dir . "/scratch";
>   my $zipper = Archive::Zip->new();
>   my $zip_stat = $zipper->read($destfile);
>   if ($zip_stat == Archive::Zip::AZ_OK) {
> my @members = $zipper->memberNames();
> foreach my $fn (@members) {
>   $fn =~ /(.*)/;
>   $fn = $1;
>   $zipper->extractMember($n);
> }
> print "Extracted archive contents into target directory.\n";
>   } else {
> print "Unable to operate on the uploaded archive file.  Please fix the 
> problem and upload again.\n";
>   }
> 
> I have also tried adding in gratuitous untaintings, but to no avail.
> Has anyone been able to make Archive::Zip work?  If so, how?  I am very
> close to just using system() to call /usr/bin/unzip, but that is not
> very portable.
> 
> Regards,
> 
> -Roberto
> 
> P.S. The server running this site is Debian Etch, so unfortunately, I
> cannot use Archive::Extract which is included in Perl 5.10.0.
> 
> -- 
> Roberto C. Sánchez
> http://people.connexer.com/~roberto
> http://www.connexer.com



-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


signature.asc
Description: Digital signature

RE: Apache dies with mod_perl under Windows

2008-05-27 Thread Dan Horne 
> From: Octavian Rasnita
> What version of perl are you using?
> I know that ActivePerl 5.8.8 build 822 gives errors when using it with
Apache and mod_perl.
> So I use ActivePerl build 820.

> Octavian

Ah, well I'm running 822, so that might be the problem...

Attention:

This email together with any attachments is confidential. 
If you are not the intended recipient please delete the
 message and notify the sender. Any views or opinions 
presented are solely those of the author and will not 
necessarily reflect the views of Meridian Energy.

** PLEASE CONSIDER THE ENVIRONMENT BEFORE PRINTING *

Re: Trouble with mod_perl, Archive::Zip and taint mode

2008-05-27 Thread Perrin Harkins 
On Sun, May 25, 2008 at 3:45 PM, Roberto C. Sánchez
> [Sun May 25 08:57:35 2008] [error] [asp] [11570] [error] error executing
> code for include /var/www/templates/Photo_page_edit.tmpl: Insecure
> dependency in open while running setgid at /usr/lib/perl/5.8/IO/File.pm
> line 70. <--> ; compiled to SCALAR(0x91f6f24) at
> /usr/share/perl5/Apache/ASP/Response.pm line 844. <--> ,
> /usr/share/perl5/Apache/ASP.pm line 1521

You may be seeing the same problem that these people had:
http://mail-archives.apache.org/mod_mbox/perl-modperl/200705.mbox/[EMAIL 
PROTECTED]

If so, upgrading to Perl 5.8.8+ and mod_perl 2.0.3+ will probably fix it.

> P.S. The server running this site is Debian Etch, so unfortunately, I
> cannot use Archive::Extract which is included in Perl 5.10.0.

Just because it's not part of the core perl libs doesn't mean you
can't install it.  This problem is probably fixable by upgrading Perl
or mod_perl though.

- Perrin

Re: mod_perl interactive debugging

2008-05-27 Thread Perrin Harkins 
On Tue, May 27, 2008 at 1:38 PM, william <[EMAIL PROTECTED]> wrote:
> Hello, I am trying to debug my perl code under mod_perl and I had
> followed all the instruction at this section
> http://perl.apache.org/docs/1.0/guide/debug.html#Interactive_mod_perl_Debugging
>
> I managed to see my perl debugging console prompted , but this prompt
> is shown by the
> tail -f /var/log/apache2.log

Did you actually start your server with httpd -X as shown in that documentation?

- Perrin

Re: mod_perl2: handle session without CGI::Session

2008-05-27 Thread Perrin Harkins 
On Tue, May 27, 2008 at 4:08 AM, mome <[EMAIL PROTECTED]> wrote:
> What do you means by " Either get the session ID
> yourself and pass it to CGI::Session->new()"?
> Does it mean I can simply create the session ID from any way eventhough
> hardcode e.g.  23asfsdfw22456 and pass it?

Your session ID is in a cookie, right?  So read the cookie and get the
session ID.  There's nothing magical happening here.

> At the moment, I also try Apache::Session and want to see if it can replace
> CGI::Session

There's nothing wrong with CGI::Session.  Your POST data got lost
because you were making CGI::Session read it.  If you pass in a
session ID or a query object, it will not need to read the POST data.

- Perrin

Adding php_value etc, so virtualhosts with mod_perl

2008-05-27 Thread Tue Topholm 
Hi All

I have a small issue, I have this code:


use DBI;
my ($sth, $dbh, $domain, $domainID, $created, $sql, $sqlsa, $alias, 
$path,$settingName,$settingValue);
$dbh = DBI->connect("DBI:mysql::","xxx","xxx");
$sth = $dbh->prepare("SELECT domainID, domain, created FROM domain ORDER BY 
domainID ASC");
$sth->execute();
while (($domainID, $domain, $created) = $sth->fetchrow_array())
{
if($created == 0)
{
system("/bin/mkdir /home/$domain");
system("/bin/mkdir /home/$domain/www");
system("/bin/mkdir /home/$domain/ErrorLog");
system("/bin/cp /home/index.php /home/$domain/www/index.php");
system("/bin/chown apache:apache -R /home/$domain");
$sql = $dbh->prepare("UPDATE domain SET created = 1 WHERE 
domainID = $domainID");
$sql->execute();
}
@apacheSettings = {ServerName => "$domain",
   ServerAdmin=> "[EMAIL PROTECTED]",
 ServerAlias=> "www.$domain",
 DocumentRoot   => "/home/$domain/www",
 ErrorLog   => "/home/$domain/ErrorLog/$domain-error_log",
CustomLog  => qq{"|/usr/sbin/cronolog 
/websitelog/${domain}_access_log.\%Y-\%m-\%d" combined}};
$sql = $dbh->prepare("SELECT settingName, settingValue FROM 
settings WHERE domainID = $domainID");
$sql->execute();
while (($settingName, $settingValue) = $sql->fetchrow_array())
{
@apacheSettings{$settingName} = $settingValue;
}
push @{ $VirtualHost{'*:80'} },@apacheSettings;

$sqlsa = $dbh->prepare("SELECT domain, path FROM serveralias 
WHERE domainID =" . $domainID);
$sqlsa->execute();
while (($alias, $path) = $sqlsa->fetchrow_array())
{
[EMAIL PROTECTED] $VirtualHost{'*:80'} },
{
ServerName  => $alias,
ServerAdmin => "[EMAIL PROTECTED]",
DocumentRoot=> $path,
ErrorLog=> 
"/home/$domain/ErrorLog/$domain-error_log",
CustomLog   => qq{"|/usr/sbin/cronolog 
/websitelog/${domain}_access_log.\%Y-\%m-\%d" combined},
};
}
}
$sth->finish();
$dbh->disconnect();


Med venlig hilsen / Kind Regards

Tue Topholm
Device.Webbureau

Re: mod_perl2: handle session without CGI::Session

2008-05-27 Thread Perrin Harkins 
On Mon, May 26, 2008 at 10:48 PM, mome <[EMAIL PROTECTED]> wrote:
> When passing Apache2::Request object to CGI::Session->new() as the following
>
> sub authen_handler{
> my $self = shift;
>  my $req = Apache2::Request->new($r);
>  my $session=CGI::Session->new(undef,$req,{Directory=>
> $TMP_SESSION_FOLDER});
>  my $sesName = $session->name; # this line cause error
>  my $sesID = $session->id;
> ...
> ...}

I'm not sure if CGI::Session works with Apache2::Request.  I'd suggest
you either get the session ID yourself.  You can create your own CGI
object instead ( CGI->new($r) ) and pass that in, but it just wastes
resources.  You're better off handling the cookie yourself.

- Perrin

SSL_CIPHER_USEKEYSIZE not accessable

2008-05-27 Thread G. Allen Morris III 
I can't acccess SSL_CIPHER_USEKEYSIZE from Mod_perl 2
or at least I can't figure out how to do it.

  I have tried:

  $r->subprocess_env();

  $r->print($r->subprocess_env('SSL_CIPHER_USEKEYSIZE'));

Allen Morris

Re: SSL_CIPHER_USEKEYSIZE not accessable

2008-05-27 Thread Tom Donovan 

G. Allen Morris III wrote:

I can't acccess SSL_CIPHER_USEKEYSIZE from Mod_perl 2
or at least I can't figure out how to do it.

  I have tried:

  $r->subprocess_env();

  $r->print($r->subprocess_env('SSL_CIPHER_USEKEYSIZE'));

Allen Morris


Make sure your Apache config passes the SSL StdEnvVars to Perl programs.

 http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions

For Apache 2.2, this is usually set in /conf/extra/httpd-ssl.conf like this:


SSLOptions +StdEnvVars


Note that "pl" is added to the list of file extensions which get StdEnvVars 
passed to them.

-tom-

Cookie help - using both cgi.pm and APR::Request::Cookie

2008-05-27 Thread cfaust-dougot 
Folks,
 
I taking over some really old code and I'm in the process of converting it over 
to mp2. I want to be able to use APR::Request::Cookie to create the cookie for 
the new things I'm doing but I need to create it exactly like CGI.pm is 
currently doing so the old code will continue to work until I get everthing 
updated.
 
I'm hoping someone knows both methods enough to tell me what I'm doing wrong.
 
The CGI.pm cookie is being created like:
$query->cookie(-name=>'name',-value=>[val1,val2,val3,val4,val5,val6,val7],-expires=>'+5y',-domain=>www.domain.com,-path=>/);
 
 
I do my cookies like:
 my $packed_cookie = APR::Request::Cookie->new($r->pool,
  name  => 'name',
  value  => $cookie_value,  
  path  => '/',
  domain => 'www.domain.com',
  expires => +5y,
  );
 $r->err_headers_out->add('Set-Cookie' => $packed_cookie->as_string);
 
For the value I made an array
@cookie_value = ('val1','val2','val3','val4','val5',val6','val7');
 
In $packed_cookie I tried using @cookie_value directly, I tried it as an 
arrayref ($cookie_value), I tried it like [EMAIL PROTECTED] etc and not matter 
what I do I can't get the old code to read it via
 
my ($val1,$val2,$val3,$val4,$val5,$val6,$val7) = $query->cookie(-name=>'name');
 
The cookie is getting set though, I can view it from within Mozilla. It just 
isn't being read by CGI.pm
 
Does anyone know what I'm doing wrong?
 
TIA!!