Re: File Upload Questions

[Issac Goldstand]

So far, I've seen two suggestions; both are very good, and I wanted to try
to offer a combination, based on a real implementation.
The relevant parts of the source code for uploading the content (as related
to writing the actual file on the server):

my $r=shift;
my $q=Apache::Request-instance($r);
[snip]
my $File=$q-upload('fid') || undef;
[snip]
my $hFile=$File-fh || undef;
[snip]
my $fLoc=fqName($hMD5);
open(my $DOUT,$fLoc);
binmode $DOUT;
 [snip]
seek($hFile,0,0);
ps_status(Compressing $fname...);
while ($hFile)
{
($output,$status)=$dStream-deflate($_);
$status == Z_OK or die (Error deflating: $status);
print $DOUT $output;
}
($output,$status)=$dStream-flush();
$status==Z_OK or die (Error flushing: $status);
print $DOUT $output;
close $DOUT;

As you can see, this code uses an interim deflate stream, but the loop would
work just as well without it (eg, simply print $DOUT $_; inside the while
loop).

  Issac

PS.  If you want to see the application, feel free to conatct me off-list
and I'll send you the URL.
- Original Message -
From: Dennis Daupert [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, November 14, 2002 10:47 PM
Subject: File Upload Questions


 I have gotten file upload working using Apache::Request for
 text files. But binary files seem to have other ideas :-)

 For example, uploading a word doc, I get a success message,
 but when I retrieve the doc after uploading it, and try to open it in
 Word 2000, I get the popup error message:

 The document name or path is not valid... etc

 Do I need to do anything to detect the content type of the file and
 set binary versus ascii transfers? The man page for Apache::Request
 talks about type, but not how to set the transfer.

 In case I have done something silly in my code, here is a section in which
 I untaint the filename, and also remove the leading c:\path\to\file info
 (for windows uploads) or similar /path/to/file for unix uploads:

 # now let's untaint the filename itself
 if ($data{'up_filename'} =~ /^([-\@\/\w\:\\.]+)$/) {
 $data{'up_filename'} = $1;
 my $cleanfile = $data{'up_filename'};
 $cleanfile = $1; # $cleanfile now untainted
 $cleanfile =~ s#\.\.##g;
 $cleanfile =~ s[//][/]g;
  # take out windows backslashes
  if ($cleanfile =~ /\\/) {
   my @parts = split ( /\\/, $cleanfile );
  $cleanfile = pop @parts;
}
# take out unix forward slashes
if ($cleanfile =~ /\//) {
my @parts = split ( /\//, $cleanfile );
   $cleanfile = pop @parts;
}
 $data{'up_filename'} = $cleanfile;
 }

 And then:

 my $fh = $upload-fh;
 my @file = $fh;

 open ( WRITEFILE, $data{'write_dir'}/$data
 {'up_filename'} ) or die couldn't open $data{'up_filename'} for writing:
 $! \n;
  print WRITEFILE @file;
 close (WRITEFILE);

 Any insight greatly appreciated.

 /dennis

 --
-
 Office phone: 817-762-8304

 --
-
  Great leaders never tell people how to do their jobs.
Great leaders tell people what to do and establish a
  framework within which it must be done.
   Then they let people on the front lines,
who know best, figure out how to get it done.
 ~ General H. Norman Schwarzkopf

Re: Apache::DBI and password security

[Rafiq Ismail (ADMIN)]

On Fri, 15 Nov 2002, [iso-8859-1] Faßhauer, Wolfgang, FCI3 wrote:
 one database user because of resource limits. The problem I see is that the
 password for connecting to the database is clear readable in the perl
 script.
 Does anybody know how to hide that password?

Have you thought of running your webserver as some 'www' user?  You can
then make your scripts readonly by a 'dev' group which the www user and
the developes are members of.

Re: Apache::DBI and password security

[Rafiq Ismail (ADMIN)]

On Fri, 15 Nov 2002, Rafiq Ismail (ADMIN) wrote:

 On Fri, 15 Nov 2002, [iso-8859-1] Faßhauer, Wolfgang, FCI3 wrote:
  one database user because of resource limits. The problem I see is that the
  password for connecting to the database is clear readable in the perl
  script.
  Does anybody know how to hide that password?

 Have you thought of running your webserver as some 'www' user?  You can
 then make your scripts readonly by a 'dev' group which the www user and
 the developes are members of.
CORRECT:
'readonly' should be 'only readable' by

R.

AW: Apache::DBI and password security

[Faßhauer, Wolfgang, FCI3]

Hi,

I want to build a database application based on mod_perl and Apache::DBI.
The goal of Apache::DBI is to get persistent database connections using
only
one database user because of resource limits. The problem I see is that
the
password for connecting to the database is clear readable in the perl
script.
Does anybody know how to hide that password?
I think, storing it in a file for reading by the script is not the right
way
(?).

Thanks for help!

- Wolfgang

 Have you thought of running your webserver as some 'www' user?  You can
 then make your scripts readonly by a 'dev' group which the www user and
 the developes are members of.
CORRECT:
'readonly' should be 'only readable' by

Yes, that's our plan, too. But the risk still remains that someone will get
a look to the script. I think, there is a golden rule: Never put clear text
passwords in files. Those files are stored in archives by backup for
example. There maybe a lot of people (sysadmin, developer, ...) concerned
with the webserver. So it's not easy to secure it.

- Wolfgang

Re: AW: Apache::DBI and password security

[Rafiq Ismail (ADMIN)]

On Fri, 15 Nov 2002, [iso-8859-1] Faßhauer, Wolfgang, FCI3 wrote:
  Have you thought of running your webserver as some 'www' user?  You can
  then make your scripts readonly by a 'dev' group which the www user and
  the developes are members of.
 CORRECT:
 'readonly' should be 'only readable' by

 Yes, that's our plan, too. But the risk still remains that someone will get
 a look to the script. I think, there is a golden rule: Never put clear text
 passwords in files. Those files are stored in archives by backup for
 example. There maybe a lot of people (sysadmin, developer, ...) concerned
 with the webserver. So it's not easy to secure it.


A thought, although I've never been so secure myself and I'm not sure how
secure this would be - but it's one of those silly convoluted ideas you
have to tell someone.  Since you're using mod_perl and apache_dbi, this is
just a thought.  Use the Crypt::Blowfish_PP to generate an encrypted
password and place it as a variable in a package somewhere.  During server
startup take a password from the command line, some sort of:

Perl
Paranoid::CryptDBIPassword::promptForPassword
/Perl

getliner.

Take the value as my $key and:

my $bfish = Crypt::Blowfish_PP-new($key)

$Apache::PARANOID::dbiPassword
= $bfish-decrypt($encryptedPassword);



then whenever you want your password you access
$Apache::PARANOID::dbiPassword.


Hmm.  I think that the guy who wrote Blowfish_PP would cut my danglies off
for that one.

R.

AW: Apache::DBI and password security

[Faßhauer, Wolfgang, FCI3]

Yes, that's our plan, too. But the risk still remains that someone
will get a look to the script. I think, there is a golden  rule: Never put
clear text passwords in files. Those files are stored in archives by backup
for example. There maybe a lot of people (sysadmin, developer, ...)
concerned with the webserver. So it's not easy to secure it.

A thought, although I've never been so secure myself and I'm not
sure how
secure this would be - but it's one of those silly convoluted ideas
you
have to tell someone.  Since you're using mod_perl and apache_dbi,
this is
just a thought.  Use the Crypt::Blowfish_PP to generate an
encrypted
password and place it as a variable in a package somewhere.  During
server
startup take a password from the command line, some sort of:

Perl
Paranoid::CryptDBIPassword::promptForPassword
/Perl

getliner.

Take the value as my $key and:

=09my $bfish =3D Crypt::Blowfish_PP-new($key)

=09$Apache::PARANOID::dbiPassword
=09=3D $bfish-decrypt($encryptedPassword);



then whenever you want your password you access
$Apache::PARANOID::dbiPassword.


Hmm.  I think that the guy who wrote Blowfish_PP would cut my
danglies off
for that one.

R.

This is an interesting idea.
Many thanks to you, Rafiq!

 - Wolfgang

Re: AW: Apache::DBI and password security

[Rafiq Ismail (ADMIN)]

On Fri, 15 Nov 2002, [iso-8859-1] Faßhauer, Wolfgang, FCI3 wrote:
Hmm.  I think that the guy who wrote Blowfish_PP would cut my
 danglies off
for that one.

This is an interesting idea.

Cutting my danglies off? hmm.  Sounds painful.

Many thanks to you, Rafiq!

s'ok, although I wouldn't implement this myself.  There are probably nicer
ways of being paranoid out there.

And just use Crypt::Blowfish if you really want to use Blowfish.
:)

Good luck.

R.

RE: URI escaping question

[Narins, Josh]

 According to RFC 2396 (http://www.ietf.org/rfc/rfc2396.txt) the reserved
 characters in the query component of a URI are ;, /, ?, :,
@,,
 =, +, ,, and $.

As amended by RFC 2732(http://www.ietf.org/rfc/rfc2732.txt) the characters 
[ and ] have been added (formerly _unwise_)

There is also an _unwise_ set including {, },|,\, and ` 

On a side note, although URI::Escape properly unescapes Unicode,
it doesn't escape it (for me, with 5.6.1)

Neils Poppe recently suggested this on perl-xml for UTF-8

sub escape {
  join '', map {
chr($_) =~ /([a-zA-Z0-9_.-])/o? $1 : sprintf %%%02X, $_
  } unpack 'C*', shift
}




-Original Message-
From: Kyle Oppenheim [mailto:kyleo;tellme.com]
Sent: Thursday, November 14, 2002 7:11 PM
To: modperl List
Subject: Re: URI escaping question


According to RFC 2396 (http://www.ietf.org/rfc/rfc2396.txt) the reserved
characters in the query component of a URI are ;, /, ?, :, @,,
=, +, ,, and $.
Apache::Util-escape_uri() does not escape :, @, , =, +, ,, or
$.

Something like the following should work:

use URI::Escape qw(uri_escape);

sub uri_escape_query_value {
my $character_class = '^A-Za-z0-9\-_.!~*\'()';
uri_escape($_[0], $character_class);
}

- Kyle

- Original Message -
From: Ray Zimmerman [EMAIL PROTECTED]
To: modperl List [EMAIL PROTECTED]
Cc: Raj Chandran [EMAIL PROTECTED]
Sent: Thursday, November 14, 2002 12:25 PM
Subject: URI escaping question


 Oops ... finger slipped before I was done typing ...

 Suppose I have a hash of string values that I want to include in the
 query string of a redirect URL. What is the accepted way of escaping
 the values to be sure that they come through intact?

 Specifically, it seems that Apache::Util-escape_uri() is not
 escaping '=' and '' so if one of the values in the hash is a URI
 with a query string it messes things up.

 --
   Ray Zimmerman  / e-mail: [EMAIL PROTECTED] / 428-B Phillips Hall
Sr Research  /   phone: (607) 255-9645  /  Cornell University
 Associate  /  FAX: (815) 377-3932 /   Ithaca, NY  14853



--
This message is intended only for the personal and confidential use of the designated 
recipient(s) named above.  If you are not the intended recipient of this message you 
are hereby notified that any review, dissemination, distribution or copying of this 
message is strictly prohibited.  This communication is for information purposes only 
and should not be regarded as an offer to sell or as a solicitation of an offer to buy 
any financial product, an official confirmation of any transaction, or as an official 
statement of Lehman Brothers.  Email transmission cannot be guaranteed to be secure or 
error-free.  Therefore, we do not represent that this information is complete or 
accurate and it should not be relied upon as such.  All information is subject to 
change without notice.

Re: File Upload Questions

[Dennis Daupert]

Thanks all for the suggestions;  I really appreciate the help.
I will tuck BINMODE away for future reference.

Before I got those ideas, while digging around in the mailing
list archives I found a reference to the link function in
Apache::Request that creates a hard symlink to a specified
path from the uploaded temp file, thus:

  my $upload = $apr-upload('file');
  $upload-link(/path/to/newfile) or
  die sprintf link from '%s' failed: $!, $upload-tempname;

I tried that last night, and it works great.

Makes me a believer in checking the archives.

/dennis


---
Office phone: 817-762-8304

---
 Great leaders never tell people how to do their jobs.
   Great leaders tell people what to do and establish a
 framework within which it must be done.
  Then they let people on the front lines,
   who know best, figure out how to get it done.
~ General H. Norman Schwarzkopf

Re: AW: Apache::DBI and password security

[Matthew Byng-Maddick]

On Fri, Nov 15, 2002 at 12:52:13PM +, Rafiq Ismail (ADMIN) wrote:
   $Apache::PARANOID::dbiPassword
   = $bfish-decrypt($encryptedPassword);
 then whenever you want your password you access
 $Apache::PARANOID::dbiPassword.
 Hmm.  I think that the guy who wrote Blowfish_PP would cut my danglies off
 for that one.

Which is why you copied him in the first place? :-) In general, though, there
isn't a good way to get any security from any system that has to be able to
access sensitive data in an automatic way. 

MBM

-- 
Matthew Byng-Maddick [EMAIL PROTECTED]   http://colondot.net/

Re: AW: Apache::DBI and password security

[James G Smith]

=?iso-8859-1?Q?=22Fa=DFhauer=2C_Wolfgang=2C_FCI3=22?= [EMAIL PROTECTED]
ads.net wrote:
Hi,

I want to build a database application based on mod_perl and Apache::DBI.
The goal of Apache::DBI is to get persistent database connections using
only
one database user because of resource limits. The problem I see is that
the
password for connecting to the database is clear readable in the perl
script.
Does anybody know how to hide that password?
I think, storing it in a file for reading by the script is not the right
way
(?).

Thanks for help!

- Wolfgang

 Have you thought of running your webserver as some 'www' user?  You can
 then make your scripts readonly by a 'dev' group which the www user and
 the developes are members of.
CORRECT:
'readonly' should be 'only readable' by

Yes, that's our plan, too. But the risk still remains that someone will get
a look to the script. I think, there is a golden rule: Never put clear text
passwords in files. Those files are stored in archives by backup for
example. There maybe a lot of people (sysadmin, developer, ...) concerned
with the webserver. So it's not easy to secure it.

Something we do is put the password in a file outside the document
root.  The script reads the file.  If running with mod_perl, this can
be in a file readable only by root read during server startup
(assuming the server starts up as root).  Then the password can be
cached in memory.  

If it changes, a graceful restart might be sufficiant, but I haven't
tried that yet -- most of our current code is PHP that we're are
working on replacing.  The last time I played with mod_perl and
graceful restarts was the early 1.2x or late 1.1x mod_perl and it
didn't always work well, iirc.  I think some of that has been fixed.
-- 
James Smith [EMAIL PROTECTED], 979-862-3725
Texas AM CIS Operating Systems Group, Unix

DBI question

[Brett . Gillett]

Hiya everyone,

I am new to mod_perl and have a question about generating dynamic webpages
from a mysql database.  I have a script that queries a IDS database
and generates results such as Top 5 Signatures, etc.  The problem is when I
pass the results to the web interface it seems to be looping.  What I mean
is
that when I refresh the page, instead of getting the Top 5 - i get the top
10, then 15etc.

I am using HTML::Template to generate my HTML files, and I have two servers
running, one for static docs, one for mod_perl stuff, and I create me DB
connections persistently in my startup.pl file.

It seems if you wait long enough, you only get 5 results for some of the
queries others I get X5

Anyone seen this behaviour before?? Suggestions would be appreciated.

Brett

RE: DBI question

[Narins, Josh]

Brett;
The script, and variables, are being cached. Declaring the variables
in the smallest possible scope with my should do the trick.

The reason that you sometimes see only 5 is that you are hitting an
apache child which has not been hit before.

Reading this will definitely be helpful...

http://perl.apache.org/docs/1.0/guide/porting.html

-josh

-Original Message-
From: [EMAIL PROTECTED] [mailto:Brett.Gillett;tsx.ca]
Sent: Friday, November 15, 2002 4:00 PM
To: [EMAIL PROTECTED]
Subject: DBI question


Hiya everyone,

I am new to mod_perl and have a question about generating dynamic webpages
from a mysql database.  I have a script that queries a IDS database
and generates results such as Top 5 Signatures, etc.  The problem is when I
pass the results to the web interface it seems to be looping.  What I mean
is
that when I refresh the page, instead of getting the Top 5 - i get the top
10, then 15etc.

I am using HTML::Template to generate my HTML files, and I have two servers
running, one for static docs, one for mod_perl stuff, and I create me DB
connections persistently in my startup.pl file.

It seems if you wait long enough, you only get 5 results for some of the
queries others I get X5

Anyone seen this behaviour before?? Suggestions would be appreciated.

Brett


--
This message is intended only for the personal and confidential use of the designated 
recipient(s) named above.  If you are not the intended recipient of this message you 
are hereby notified that any review, dissemination, distribution or copying of this 
message is strictly prohibited.  This communication is for information purposes only 
and should not be regarded as an offer to sell or as a solicitation of an offer to buy 
any financial product, an official confirmation of any transaction, or as an official 
statement of Lehman Brothers.  Email transmission cannot be guaranteed to be secure or 
error-free.  Therefore, we do not represent that this information is complete or 
accurate and it should not be relied upon as such.  All information is subject to 
change without notice.

Namespace problem

[Thomas Hilbig]

I am having a namespace problem that is a slight twist
to that described in the 1.0 docs
http://perl.apache.org/docs/1.0/guide/porting.html#Name_collisions_with_Modules_and_libs

My problem is even simpler, but worse.  If I have two
CGI programs using the same required script. 
Initially one works without any problems.  Then if I
call up the other script, each time I get an error
saying the subroutine cannot be found.  Refresh the
browser and it works, but then the first one starts to
give an error;

Error message: 
  Undefined subroutine
ModPerl::ROOT::ModPerl::Registry::home_httpd_qx_2dbin_gdtest1::goodDay

called at /home/httpd/qx-bin/gdtest1 line 7. 

This has to be something simple because I don't get
the error with normal Library components.   What am I
missing here??

Here is the package, and both CGI scripts that use it.
Thanks for any help,
Tom

-- commontest.pl  --
#!/usr/local/bin/perl
# Common Functions that will be 'required' by Perl CGI
scripts

CONFIG: {
   package commontest ;
}

sub goodDay {
  package commontest ;
  print H1Good Day Billy/H1\n ;
}

1;  

-- gdtest1 (First CGI script that uses the
package
#!/usr/local/bin/perl

require /usr/lib/perl5/site_perl/commontest.pl ; 
print Content-Type: text/html;
charset=ISO-8859-1\n\n ;
print headtitleTest
1/title/headbodyH1Test 1/H1\n ;

goodDay ;

print /bodyhtml\n ;
exit ;

-- gdtest2  (Second  CGI script that uses the
package
#!/usr/local/bin/perl

require /usr/lib/perl5/site_perl/commontest.pl ; 
print Content-Type: text/html;
charset=ISO-8859-1\n\n ;
print headtitleTest
2/title/headbodyH1Test 2/H1\n ;

goodDay ;

print /bodyhtml\n ;
exit ;


__
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com

Re: please help... mod_ssl seems to overwrite mod_perl and mod_perls eems to overwrite mod_ssl

[Danny Rathjens]

I followed the instructions in INSTALL.simple.mod_ssl and did:

setenv SSL_BASE SYSTEM
setenv EAPI_MM SYSTEM
cd mod_ssl-2.8.10-1.3.26
./configure --with-apache=../apache_1.3.26/
cd ../mod_perl
perl Makefile.PL DO_HTTPD=1 APACHE_PREFIX=/usr/local/apache APACHE_SRC=../apache-1.3.26/src USE_APACI=1 EVERYTHING=1 APACI_ARGS='--enable-module=ssl'
make

../apache-1.3.26/src/httpd -l
should list both mod_ssl.c and mod_perl.c

Mitchel, Jennifer (Jem) wrote:

Hi all,

  How do I get  BOTH mod_perl and mod_ssl built into and working in Apache?

  I had mod_perl successfully built into my apache to use Authentication hook.

  Then I added mod_ssl in and I started to get errors from my .htaccess file

   Error:
   [Fri Nov 15 14:39:03 2002] [alert] [client 135.2.60.152]  /web/content/askLucent/password-reset/cgi-bin/.htaccess: Invalid command 'PerlSetVar', perhaps mis-spelled or defined by a module not included in the server configuration

 
  Contents of .htaccess
Limit GET POST
AuthName NT Domain\Login and Password
AuthType Basic
#PerlSetVar NT_Controllers 'na02il0015dc00:na02il0015dc01'
PerlSetVar NT_Controllers 'na02il0015dc04:na02il0015dc01:NA02IL0015DC02'
PerlAuthenHandler Apache::AuthenN2
require valid-user
/Limit

 so i rebuilt mod_perl back into apache and now I get errors of directives from mod_ssl in my httpd.conf file

  Error:
  5e-cts root: /web/server/apache/1.3.22/bin/apachectl stop ; /web/server/apache/1.3.22/bin/apachectl start
/web/server/apache/1.3.22/bin/apachectl stop: httpd (no pid file) not running
Syntax error on line 1008 of /web/server/apache/1.3.22/conf/httpd.conf:
Invalid command 'SSLRandomSeed', perhaps mis-spelled or defined by a module not included in the server configuration
/web/server/apache/1.3.22/bin/apachectl start: httpd could not be started


 Lines from httpd.conf:
  
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed startup file:/dev/random  512
SSLRandomSeed connect file:/dev/random  512

 I need to use both mod_perl and mod_ssl and it seems like keeps overwriting the other.  How do I change this so I can get them built in together?

Thank you
Jem


--
_.,-*~`^'~*-,._ Danny Rathjens _.,-*~`^'~*-,._
FireCast: Rock solid kiosk software: http://wirespring.com

RFC: Template::YetAnother

[Thomas Klausner]

Hi!

Yes, this is a RFC for Yet Another Templating System. I know that
there are a lot of those around. But this own might be
different/interesting (at least I think/hope so...)

I also posted this on perlmonks:
http://www.perlmonks.org/index.pl?node_id=213300

So, here it is, in POD format:

=pod

=head1 NAME

Template::YetAnother

=head1 INTRODUCTION

=head2 Why another templating system?

There are a lot of templating modules on CPAN. Some are obvious, some
are hidden in very strange namespaces (eg HTML::Processor). Some are
used a lot, some not. I read a lot of manpages, but definitly not all
and none completly. If there is a module doing what I am proposing,
please inform me!

Before we continue, read Perrin Harkins' Choosing a Templating
System, available here:
http://perl.apache.org/docs/tutorials/tmpl/comparison/comparison.html

There are different types of Templating Systems available. Some are
complete Application Frameworks, including stuff like Session
Management, Form Handling etc. Examples include Mason, AxKit and
Embperl. They are nice. They work. But that's not what I'm looking
for.

I want Just Templates.

Why?

Because IMO, the main reason for using templates is to seperate code
from markup. The code produces some data. The markup displays the
data. Those Application Frameworks don't seem to be too good at
seperating code and markup (I have to admit though, that I know next
to nothing about them, only that they are too big/powerfull). After
all, they Bembed code in markup.

So I am looking for a pipeline-type, Just-Template System, which
reduces the number of available modules somewhat.

The best-known contestors here are TemplateToolkit
resp. Apache::Template and HTML::Template. But if you look at there
manpages, you'll quickly find references to stuff like CTPL_LOOP
(HTML::Template). TT2 even has it's own mini-language. So, once again,
code (even rather trivial) mixed with the markup.

There is one module, CGI::FastTemplate, that does seperate code from
markup completly. But the way different templates are strung together
seems rather comlicated to me.

But why is there no Templating System with a clean seperation of code
and markup?

There are two types of code (at least) that pollute nearly all
Templating Systems:

=over

=item * Loops

Loops are one of the things computers do best (for very good reasons,
mainly lazyness of humans). So, a template should be able to handle
large amounts of similar data using ... a template. Obvious. So a
Templating System must handle Loops. Most (all?) do it by adding some
sort of LOOP or FOREACH Syntax, thereby introducing code into the
markup. But there is another way to loop over data: Recursion.

=item * If-Blocks

As the template is rather general, you want it to handle slightly
different kinds of data differently. One very obvious example would be
to print something like No Data instead of Cundef. Or to highlight
the current item in a list.

Often IF-Blocks are also used to present different kinds of data
differently, which can lead to long series of IF-ELSIF-ELSE
blocks. Which is a clear pointer that one should use Object
Orientation instead.

Another way would be to add something like attributes to the data. But as far as I 
know, attributes aren't included that thightly into Perl as OO.

=back

So I am looking for a Templating System that does Just Templating, no
code in the markup, maybe by using recursion and OO.

I didn't find anything.

So I am proposing this:

=head2 Template::YetAnother

The name is just a placeholder right now, other ideas are:

=over

=item * Template::Dumper

=item * Template::Stringify

=item * Template::OO

=item * Template::OO_Dumper

=item * any other ideas?

=back

Template::YetAnother is yet another Templating module, using a
slightly different approach than most of the other Templating modules.

The templates are completly dumb. There is Babsolutly no piece of
code in a template - neither Perl nor mini language. A template
consists of arbitrary text (e.g. HTML) and Template Tags, e.g.
[% title %]

Your application builds up a data structure. The data structure
consists of various Perl Data Types (Strings, Arrays, Hashes) and
Template::YetAnother Objects (or Data Structures marked with some
other kind of metainformation, e.g. with attributes)

The data structure gets passed to Template::YetAnother, which
magically find the right template for each object and replaces all
Template Tags (recursivly) with the dumped/stringified data structure.

Template::YetAnother is like Data::Dumper on steroids. It's the big
Stringifyer.

Template::YetAnother doesn't use one monolithic template, but a lot of
small template fragments, each one correlating to a data type
generated by the application.

Template::YetAnother is just an idea right now. I am trying the write
documentation, write tests, write code way of development... There is
only a small prove-of-concept type bit of code (I can send it/post it
if somebody cares..). 

please help... mod_ssl seems to overwrite mod_perl and mod_perl seems to overwrite mod_ssl

[Mitchel, Jennifer (Jem)]

Hi all,

  How do I get  BOTH mod_perl and mod_ssl built into and working in Apache?

  I had mod_perl successfully built into my apache to use Authentication hook.

  Then I added mod_ssl in and I started to get errors from my .htaccess file

   Error:
   [Fri Nov 15 14:39:03 2002] [alert] [client 135.2.60.152]  
/web/content/askLucent/password-reset/cgi-bin/.htaccess: Invalid command 'PerlSetVar', 
perhaps mis-spelled or defined by a module not included in the server configuration

 
  Contents of .htaccess
Limit GET POST
AuthName NT Domain\Login and Password
AuthType Basic
#PerlSetVar NT_Controllers 'na02il0015dc00:na02il0015dc01'
PerlSetVar NT_Controllers 'na02il0015dc04:na02il0015dc01:NA02IL0015DC02'
PerlAuthenHandler Apache::AuthenN2
require valid-user
/Limit

 so i rebuilt mod_perl back into apache and now I get errors of directives from 
mod_ssl in my httpd.conf file

  Error:
  5e-cts root: /web/server/apache/1.3.22/bin/apachectl stop ; 
/web/server/apache/1.3.22/bin/apachectl start
/web/server/apache/1.3.22/bin/apachectl stop: httpd (no pid file) not running
Syntax error on line 1008 of /web/server/apache/1.3.22/conf/httpd.conf:
Invalid command 'SSLRandomSeed', perhaps mis-spelled or defined by a module not 
included in the server configuration
/web/server/apache/1.3.22/bin/apachectl start: httpd could not be started


 Lines from httpd.conf:
  
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLRandomSeed startup file:/dev/random  512
SSLRandomSeed connect file:/dev/random  512

 I need to use both mod_perl and mod_ssl and it seems like keeps overwriting the 
other.  How do I change this so I can get them built in together?

Thank you
Jem

timing downloads with mod_perl

[Nick]

I would like to log the time it take users to download
items from my site.  Has anyone has any success
writing a mod perl prog to accomplish this?

Thanks!

__
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com

Executing Apache::Registry cached script from normal mod_perl

[Matthew Hodgson]

Hi,

I have a script which executes under Apache::Registry and resides in
/perl/blah.pl.  However, it only generates a fragment of a page, and is
normally embedded into an html template using SSI with something like:

!--#perl sub=Apache::Include arg=/perl/blah.pl --

I am very aware that this would be better implemented as a raw perl module
used from apache's startup.pl (and then embedded using something like
!--#perl sub=Blah --) - but practically this isn't an option right
now.

My problem is that I would like to nonetheless execute this code from
'normal' mod_perl; from a library used from startup.pl.  I've tried doing
this two ways to date, both of which have failed painfully:

1) Apache::Include-virtual(/perl/blah.pl);

Which simply segfaults the httpd process - presumably because the perl
interpreter which tries to handle the Included request collides with the
one actually executing the original script.

2) Apache::ROOTwww_2edomain_2ecom::perl::blah_2epl();

Which fails with the above being an Undefined subroutine.  Now, running
this with apache in non-forking mode as httpd -X and
$Apache::Registry::Debug = 4, I first request the URL of /perl/blah.pl to
make sure that Apache::Registry has compiled and cached the script:

[Fri Nov 15 19:58:13 2002] [error] Apache::Registry::handler for
/www01/domain.com/perl/blah.pl in process 31030
[Fri Nov 15 19:58:13 2002] [error] Apache::Registry::handler examining
/perl/blah.pl
[Fri Nov 15 19:58:13 2002] [error] Apache::Registry::handler package
Apache::ROOTwww_2edomain_2ecom::perl::blah_2epl

And see that it seems to compile and cache the script fine, with the
expected name, and indeeds generates the output to the browser correctly.

However, on then requesting a different Apache::Registry script which
makes use of the library preloaded in startup.pl which attempts to execute
Apache::ROOTwww_2edomain_2ecom::perl::blah_2epl(), it still dies on
failing to find that subroutine.

Any insight into how I might persuade this to work (without doing the
Right Thing and shifting everything into preloaded libraries (and perhaps
handlers)) would be appreciated.

This is all happening under Apache/1.3.27 mod_perl/1.27, with
Apache::Registry version 2.01 running on debian woody x86.

thanks,

Matthew.

Re: Executing Apache::Registry cached script from normal mod_perl

[Josh Chamas]

Matthew Hodgson wrote:

Hi,

I have a script which executes under Apache::Registry and resides in
/perl/blah.pl.  However, it only generates a fragment of a page, and is
normally embedded into an html template using SSI with something like:

!--#perl sub=Apache::Include arg=/perl/blah.pl --

I am very aware that this would be better implemented as a raw perl module
used from apache's startup.pl (and then embedded using something like
!--#perl sub=Blah --) - but practically this isn't an option right
now.



How about just executing this file like this:

  do $path_to/perl/blah.pl;

Regards,

Josh

Josh Chamas, Founder   phone:925-552-0128
Chamas Enterprises Inc.http://www.chamas.com
NodeWorks Link Checkinghttp://www.nodeworks.com

Re: RFC: Template::YetAnother

[Josh Chamas]

Thomas Klausner wrote:

Hi!

Yes, this is a RFC for Yet Another Templating System. I know that
there are a lot of those around. But this own might be
different/interesting (at least I think/hope so...)

I also posted this on perlmonks:
http://www.perlmonks.org/index.pl?node_id=213300

So, here it is, in POD format:



Don't do it.  If you want a stripped down version of
an existing templatting language, then that's great.
Work with the authors of exising frameworks like Template Toolkit
or HTML::Template that *were designed* as pure template frameworks
( as opposed to the app frameworks like Embperl, ASP, AxKit, Mason)

I'm sure you can get the authors to accept patches to disable features
that you don't want, you might even be able to create a subclass
of such a template module that sets these for the end user,
so if they just use Template:JustVarsPlease, and Template::JustVarsPlease
is a subclass of Template or HTML::Template, then you have
your solution.

Those template solutions that are too much for you got that way
because their users wanted  needed more.  That is the natural
evolution of these things.  The perl template user community is
already fractured enough, better to hop onto a project, hack it to your
satisfaction ( with the blessing of the maintainers ) to get
the configs/subclasses you need for your requirements.

That's what I would do anyway. :)

Regards,

Josh

Josh Chamas, Founder   phone:925-552-0128
Chamas Enterprises Inc.http://www.chamas.com
NodeWorks Link Checkinghttp://www.nodeworks.com