Re: Internal -e escape char

Tue, 16 Dec 2003 15:20:10 -0800 

Dan Muey wrote:

[snip]

> I could replace all single quotes with double quotes and escape everythgin
> inbetween them but that seems like a lot.
> 
> Any ideas how to deal with the single quotes? (Since shell escape
> characters may or may not work since apache is executing it)

after trying (a few years ago) to do something similar to what you propose 
which lead to a total mess and difficult to maintain codes, i have 
basically gave up this escape-shell-character approach. it's almost 
impossible to know when to escape and when not to escape. i now use a 
different approach. instead of involving Perl from the command line with 
-e, i simply print the code to a file and then run the code within the 
file. here is a strip down version of what i used to do:

#!/usr/bin/perl -w
use strict;

use CGI;
use File::Temp qw/tempfile tempdir/;

my $cgi = CGI->new;

if($cgi->param('code')){

        my($fh,$fn) = tempfile(DIR => tempdir(CLEANUP => 1));

        print $fh "#!/usr/bin/perl -w\n";
        print $fh "use strict;\n\n";

        print $fh $cgi->param('code');

        close($fh);

        if(chmod(0755,$fn)){
                html($cgi,$cgi->param('code'),`$fn`);
        }else{
                html($cgi,"Unable to run: \n\n" . $cgi->param('code'));
        }
}else{
        html($cgi,undef);
}

#-- DONE-- #

sub html{

        my $cgi  = shift;
        my $code = shift;

        my $value = $code || '';

        if(@_){
                $value .= "\n\n__END__\n\n";
                $value .= $_ for(@_);
        }

        print $cgi->header,<<HTML;
<html><body>
<form method=post action=your_script.pl>
<textarea name=code cols=60 rows=10>$value</textarea><br>
<input type=submit value=Submit>
</form>
</body></html>
HTML

}

__END__

a textarea is printed along a submit button, code is entered through the 
textarea, when the submit button is clicked, a tmp file is create which 
holds the code from the textarea. the file is then run from the command 
line and output is returned back to the textarea. finally, the tmp file is 
deleted when the script finish.

david 
-- 
sub'_{print"@_ ";* \ = * __ ,\ & \}
sub'__{print"@_ ";* \ = * ___ ,\ & \}
sub'___{print"@_ ";* \ = * ____ ,\ & \}
sub'____{print"@_,\n"}&{_+Just}(another)->(Perl)->(Hacker)

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>

Reply via email to