Re: [MP2] Bug report - errors when compiling with MP_DEBUG flag

2005-06-07 Thread Stas Bekman 

William McKee wrote:

On Tue, Jun 07, 2005 at 09:34:29AM +1000, Stas Bekman wrote:


William, as you can see from the source src/modules/perl/modperl_util.h

#if defined(MP_TRACE) && defined(APR_HAS_THREADS)
#define MP_TRACEf_TID   "/tid 0x%lx"
#define MP_TRACEv_TID   (unsigned long)apr_os_thread_current()

The symbol is available if APR_HAS_THREADS is defined. So the apr header 
containing this definition found by mod_perl says that APR_HAS_THREADS is 
defined, whereas the library it tries to link against was compiled with 
threads disabled. Meaning that you have more than one libapr on your 
system and the wrong library gets linked.



Stas,

Thanks for the references. I tried searching for libaprutil-0.so but
couldn't see any in the path. I used nm on every libaprutil-0.so file I
could find but turned up no instances of a library which had the
apr_os_thread_current function.


That's OK, William. But you aren't after defined symbols in .so, you are 
after the APR_HAS_THREADS define which should be undef. Moreover, you are 
building a static version so the symbols aren't coming from .so but .a/.la 
archives. If you look at the linking command that you've pasted in the 
original report it had:


  /usr/local/src/httpd-2.0.54/srclib/apr/libapr-0.la

which is the one that you need to check.


I then grepped by mod_perl and httpd source directories for header files
which defined APR_HAS_THREADS. I changed srclib/apr/include/apr.h and
srclib/apr/include/apr.hnw then reconfigured mod_perl but it still
failed.


Please find all occurences of apr.h and check the value of APR_HAS_THREADS.

--
__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

mod_perl app fails to load after browsing several pages

2005-06-07 Thread diarmuid ryan 
Hi,

I am having trouble with a modperl app i am currently developing. i browse a
couple of pages
and perform a few actions but after a short time i am getting a blank
response from the server, see access log below, which indicates nothing in
the bytes returned part. no errors show in the error logs. this is happening
to me both with apache 1.3/modperl 1 and apache 2/mod perl 2. but it happens
on various different pages, not any one in particular. so my guess is that
it is the start script that hasa problem. any help in trying to troublshoot
this would be most helpful.

thanks in advance
diarmuid



apache access log

=
192.168.0.2 - - [07/Jun/2005:14:37:49 +0100] "GET
/perl/schoolweb.cgi?action=ManageNews HTTP/1.1" 200 -

=
script
===
#!/usr/bin/perl -w

use CGI;
use CGI::Carp qw(fatalsToBrowser);

use strict;

use lib '/srv/www/admin.schoolweb.ie/perl';

use SchoolWeb::Base;

$CGI::POST_MAX = 1024 * 1500;

srand;

BEGIN {

   my $q = new CGI;

   my $action = 'SchoolWeb::Actions::' . ($q->param('action') || 'Index');

   eval "use $action";

   $action->new();

}

Re: [MP2] Bug Report - Segfault when using Image::Magick

2005-06-07 Thread Stas Bekman 

William McKee wrote:

-8<-- Start Bug Report 8<--
1. Problem Description:

When using Image::Magick (either 6.1.9.4 or 6.2.3) under mod_perl, the
server segfaults. Used at the command line or under mod_cgi there are no
errors.

A core dump is attached. This is my first attempt at extracting a
backtrace from a core dump. I only rebuilt mod_perl with debugging
enabled so am not sure if it is sufficient for debugging this problem.

It looks to me that the system is calling thread-enabled libraries which
does not make sense given that my perl binary is not threaded. My
hosting provided and I used ldd to check the httpd binary and the perl
binary but neither were linked with lib_r which he says is the older
pthreads under FreeBSD.

This may be a continuation of a problem I reported earlier regarding
building a debug version of mod_perl. For some reason, my system is
finding APR_HAS_THREADS defined. Perhaps if I could figure out why that
is defined and make it undefined, this segfault will disappear.


Something is not right here. Your perl is not threaded:


*** /usr/public/bin/perl -V
Summary of my perl5 (revision 5 version 8 subversion 6) configuration:

[...]

usethreads=undef use5005threads=undef useithreads=undef 
usemultiplicity=undef
useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
use64bitint=define use64bitall=undef uselongdouble=undef
usemymalloc=y, bincompat5005=undef

[...]

However the segfault shows threads operation:


#0  0x882fa1d7 in kill () from /lib/libc.so.5
(gdb) bt
#0  0x882fa1d7 in kill () from /lib/libc.so.5
#1  0x882ef27e in raise () from /lib/libc.so.5
#2  0x88361627 in abort () from /lib/libc.so.5
#3  0x885d9c3f in _thread_exit () from /usr/lib/libc_r.so.5
#4  0x885d8311 in _thread_init () from /usr/lib/libc_r.so.5
#5  0x885cf1cc in _thread_init_hack () from /usr/lib/libc_r.so.5
#6  0x885db322 in _find_thread () from /usr/lib/libc_r.so.5


Have you built that module with that same perl? Try rebuilding it, first 
nuking any preinstalled instance of it (especially .so files).


--
__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: mod_perl app fails to load after browsing several pages

2005-06-07 Thread Stas Bekman 

diarmuid ryan wrote:

Hi,

I am having trouble with a modperl app i am currently developing. i browse a
couple of pages
and perform a few actions but after a short time i am getting a blank
response from the server, see access log below, which indicates nothing in
the bytes returned part. no errors show in the error logs. this is happening
to me both with apache 1.3/modperl 1 and apache 2/mod perl 2. but it happens
on various different pages, not any one in particular. so my guess is that
it is the start script that hasa problem. any help in trying to troublshoot
this would be most helpful.

thanks in advance
diarmuid



apache access log

=
192.168.0.2 - - [07/Jun/2005:14:37:49 +0100] "GET
/perl/schoolweb.cgi?action=ManageNews HTTP/1.1" 200 -

=
script
===
#!/usr/bin/perl -w

use CGI;
use CGI::Carp qw(fatalsToBrowser);


drop that line above. It sends all errors to the browser instead of 
error_log. Now try again. What does error_log say.



use strict;

use lib '/srv/www/admin.schoolweb.ie/perl';

use SchoolWeb::Base;

$CGI::POST_MAX = 1024 * 1500;

srand;

BEGIN {


You can't do that. BEGIN compiles things once and will only be run on the 
first execution. Drop the BEGIN { } block and it should work.



   my $q = new CGI;

   my $action = 'SchoolWeb::Actions::' . ($q->param('action') || 'Index');

   eval "use $action";


When you eval you need to check $@ for errors. See 'perldoc -f eval' for 
more information.


Besides, that code sample is a very very very bad idea. As you eval a 
non-trusted code. You can be hurt. Badly.


Make sure to turn the taint mode (PerlOptions -T in mp2, TaintMode On in 
mp1) and fix your code to untaint your code before eval'ing it.


--
__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: [mp2] make test errors

2005-06-07 Thread Stas Bekman 

William McKee wrote:

Stas,

It's been awhile, but I'm back to working on these tests under FreeBSD
5.3 with mp2. I'm using the current release (2.0.0) with Apache 2.0.54.
The root of many of my problems appears to be how Apache is resolving my
localhost address. Apparently FBSD resolves localhost to my Jail IP.
Apache is expecting the more usual 127.0.0.1. I was able to resolve the
issues reported below by adding the following line to my /etc/hosts file
above all other definitions:

  192.168.1.1 localhost


Great! William, can you please write a new entry for the troubleshooting 
chapter? With a full diagnosis and the solution? Really it should belong 
to the Apache-Test troubleshooting, but as at the moment it doesn't exist, 
we will just put it into the mp2's one.

http://perl.apache.org/docs/2.0/user/troubleshooting/troubleshooting.html


Assuming my jail ip was 192.168.1.1 this works and most tests are now
pasing. Thanks for bearing with me while I came to an understanding
about the behavior of localhost within a jail.

Currently, I'm still having troubles with t/filter/both_str_con_add.t.
Here's the output:

  t/filter/both_str_con_add1..4

[...]

In both cases, the first string works but the following ones are
failing. My guess is that the culprit is 


my $socket = Apache::TestRequest::vhost_socket

which is used across all three of the failing tests. I'll try to spend
some more time on it later today.

Also, the t/protocol/echo_filter.t test is failing. It runs tests 1 and
2 then keeps running until it fills up the disk space then dumps a
massive core file. I'm just skipping it for now.


Yeah, I guess you are hitting again the non-blocking socket issue FreeBSD. 
Please check the archives (I think on the dev list) talking about passing 
some special flag while building libapr to make the sockets work right. 
Unfortunately it didn't end up in the docs and I don't have the info handy.



--
__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

MP2 PerlAccessHandler dir_config() error

2005-06-07 Thread John Ferrell 

I am new to mod_perl.  I am trying to test the PerlAccessHandler using the
Apache::GateKeeper package.  However I am having trouble with the
dir_config() method.  When I access the URL I get an error 500 and the
apache log shows:

Can't locate object method "dir_config" via package "Apache2::RequestRec"
at /usr/local/apache2/mod_perl/Auth/GateKeeper.pm line 16.\n

If I modify the package and run it as a PerlResponseHandler it reads the
variable from the httpd.conf without error.

Hopefully someone can point me in the right direction.

thanks,
John

Here is the package:

package Auth::GateKeeper;

use strict;
use warnings;

use Apache2::Connection ();
use Apache2::RequestRec ();
use Apache2::RequestIO ();

use Apache2::Const -compile => qw(FORBIDDEN OK DECLINED SERVER_ERROR);

sub handler {
my $r = shift;
my $gate = $r->dir_config->('Gate');
#my $var = $r->dir_config('Gate');
return Apache2::Const::DECLINED unless defined $gate;
return Apache2::Const::OK if lc $gate eq 'open';

if (lc $gate eq 'closed') {
   #$r->log_reason("Access forbidden unless the gate is open",
$r->filename);
   return Apache2::Const::FORBIDDEN;
   }

#$r->log_error($r->uri, ": Invalid value for Gate ($gate)");
   return Apache2::Const::SERVER_ERROR;
}

1;

And the relevant portion of the httpd.conf:


  SetHandler perl-script
  PerlAccessHandler  Auth::GateKeeper
  PerlSetVar Gate closed
  Options Indexes FollowSymLinks ExecCGI

Re: MP2 PerlAccessHandler dir_config() error

2005-06-07 Thread Geoffrey Young 


John Ferrell wrote:
> I am new to mod_perl.  I am trying to test the PerlAccessHandler using the
> Apache::GateKeeper package.  However I am having trouble with the
> dir_config() method.  When I access the URL I get an error 500 and the
> apache log shows:
> 
> Can't locate object method "dir_config" via package "Apache2::RequestRec"
> at /usr/local/apache2/mod_perl/Auth/GateKeeper.pm line 16.\n

> use Apache2::Connection ();
> use Apache2::RequestRec ();
> use Apache2::RequestIO ();

you need

  use Apache2::RequestUtil

here

see the manpages for Apache2::porting and ModPerl::MethodLookup for help
finding missing packages when you know you have the method call right.

HTH

--Geoff

Re: MP2 PerlAccessHandler dir_config() error

2005-06-07 Thread Torsten Foertsch 
On Tuesday 07 June 2005 18:47, John Ferrell wrote:
> Can't locate object method "dir_config" via package "Apache2::RequestRec"
> at /usr/local/apache2/mod_perl/Auth/GateKeeper.pm line 16.\n

use Apache2::RequestUtil ();

and it should work.

Torsten


pgpsmwvfv1yLi.pgp
Description: PGP signature

Docs/User Guide: code sample incorrect in "Input and Output Filters"?

2005-06-07 Thread Matt Hahnfeld 
I was going through the filters documentation for mod_perl 2.0 here: 

http://perl.apache.org/docs/2.0/user/handlers/filters.html

Under "All-in-one" filter, there's some source code for Dump.pm.  Run
on my system under mod_perl 2.0.0 and Apache 2.0.54, it returns the
following error:

Can't locate object method "bucket_alloc" via package
"Apache2::Connection" at /usr/local/lib/perl/5.8.4/Apache2/Dump.pm line 38.

Adding "use Apache2::Connection" to the top of the module solves the
problem.  Is the additional "use" line a requirement?

Thanks!
Matt

Re: mod_perl2 make test errors - Apache2::Const

2005-06-07 Thread Gokul P. Nair 
Thanks for the link Stas. I'm still stumped as what
could be the problem though, because the version of
perl i'm using i.e. v5.8.6 is statically linked as is
evident from the output of this command:

perl -V:useshrplib
useshrplib='false';

but then there is only one instance of libperl.a and
there are no bogus instances of it which is evident
from this 'find' command:

find / | grep libperl*
/usr/local/lib/perl5/5.8.6/i686-linux/CORE/libperl.a
/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE/libperl.so
/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/libperl.so
/usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE/libperl.so
/usr/lib/perl5/5.8.4/i386-linux-thread-multi/CORE/libperl.so
/usr/lib/perl5/5.8.2/i386-linux-thread-multi/CORE/libperl.so
/usr/lib/perl5/5.8.1/i386-linux-thread-multi/CORE/libperl.so

output from some other commands:

ldd 
/usr/local/src/mod_perl-2.0.0/src/modules/perl/mod_perl.so
libnsl.so.1 => /lib/libnsl.so.1 (0xf6e94000)
libdl.so.2 => /lib/libdl.so.2 (0xf6e9)
libm.so.6 => /lib/tls/libm.so.6 (0xf6e6c000)
libcrypt.so.1 => /lib/libcrypt.so.1
(0xf6e3e000)
libutil.so.1 => /lib/libutil.so.1 (0xf6e3a000)
libc.so.6 => /lib/tls/libc.so.6 (0xf6d13000)
/lib/ld-linux.so.2 (0x002e7000)

ldd /usr/local/apache2/bin/httpd
libperl.so =>
/usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE/libperl.so
(0x02c87000)
libutil.so.1 => /lib/libutil.so.1 (0x0099f000)
libc.so.6 => /lib/tls/libc.so.6 (0x0030)
libaprutil-0.so.0 =>
/usr/local/apache2/lib/libaprutil-0.so.0 (0xf6fd6000)
libgdbm.so.2 => /usr/lib/libgdbm.so.2
(0x00429000)
libdb-4.2.so => /lib/tls/i686/libdb-4.2.so
(0xf6f08000)
libexpat.so.0 => /usr/lib/libexpat.so.0
(0x00608000)
libapr-0.so.0 =>
/usr/local/apache2/lib/libapr-0.so.0 (0xf6ee3000)
librt.so.1 => /lib/tls/librt.so.1 (0x00cdc000)
libm.so.6 => /lib/tls/libm.so.6 (0xf6ec)
libcrypt.so.1 => /lib/libcrypt.so.1
(0x00cac000)
libnsl.so.1 => /lib/libnsl.so.1 (0x0082a000)
libpthread.so.0 => /lib/tls/libpthread.so.0
(0x0053f000)
libdl.so.2 => /lib/libdl.so.2 (0x0044e000)
/lib/ld-linux.so.2 (0x002e7000)

LD_PRELOAD=/usr/local/lib/perl5/5.8.6/i686-linux/CORE/libperl.a
/usr/local/src/mod_perl-2.0.0/src/modules/perl/mod_perl.so
Segmentation fault

perl -V
Summary of my perl5 (revision 5 version 8 subversion
6) configuration:
  Platform:
osname=linux, osvers=2.6.9-1.667,
archname=i686-linux
uname='linux socrates.localdomain 2.6.9-1.667 #1
tue nov 2 14:41:25 est 2004 i686 i686 i386 gnulinux '
config_args=''
hint=recommended, useposix=true,
d_sigaction=define
usethreads=undef use5005threads=undef
useithreads=undef usemultiplicity=undef
useperlio=define d_sfio=undef uselargefiles=define
usesocks=undef
use64bitint=undef use64bitall=undef
uselongdouble=undef
usemymalloc=n, bincompat5005=undef
  Compiler:
cc='cc', ccflags ='-fno-strict-aliasing -pipe
-I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
optimize='-O2',
cppflags='-fno-strict-aliasing -pipe
-I/usr/local/include -I/usr/include/gdbm'
ccversion='', gccversion='3.4.2 20041017 (Red Hat
3.4.2-6.fc3)', gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8,
byteorder=1234
d_longlong=define, longlongsize=8,
d_longdbl=define, longdblsize=12
ivtype='long', ivsize=4, nvtype='double',
nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=4, prototype=define
  Linker and Libraries:
ld='cc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc
perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
libc=/lib/libc-2.3.3.so, so=so, useshrplib=false,
libperl=libperl.a
gnulibc_version='2.3.3'
  Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef,
ccdlflags='-Wl,-E'
cccdlflags='-fpic', lddlflags='-shared
-L/usr/local/lib'

Characteristics of this binary (from libperl):
  Compile-time options: USE_LARGE_FILES
  Built under linux
  Compiled at Mar 10 2005 13:29:19
  @INC:
/usr/local/lib/perl5/5.8.6/i686-linux
/usr/local/lib/perl5/5.8.6
/usr/local/lib/perl5/site_perl/5.8.6/i686-linux
/usr/local/lib/perl5/site_perl/5.8.6
/usr/local/lib/perl5/site_perl

Any ideas as to what could be wrong here? i've hit a
dead end here!
Thanks in advance.

Gokul P. Nair

--- Stas Bekman <[EMAIL PROTECTED]> wrote:

> Gokul P. Nair wrote:
> > I'm tyring to compile and install mod_perl 2.0 as
> a
> > dso on Apache 2.0.52 but it complains about not
> being
> > able to load Apache2::Const module. This is the
> error
> > i get when i run make test:
> > 
> > Can't load
> >
>
'/usr/local/src/mod_perl-2.0.0/blib/arch/auto/Apache2/Const/Const.so'
> > for module Apache2::Const:
> >
>
/usr/local/src/mod_perl-2.0.0/blib/arch/auto/Apache2/Const/Const.so:
> > undefined symbol: PL_markstack_ptr at
> [...]
> 
> Tha

Re: Docs/User Guide: code sample incorrect in "Input and Output Filters"?

2005-06-07 Thread Philippe M. Chiasson 
Matt Hahnfeld wrote:
> I was going through the filters documentation for mod_perl 2.0 here: 
> 
> http://perl.apache.org/docs/2.0/user/handlers/filters.html
> 
> Under "All-in-one" filter, there's some source code for Dump.pm.  Run
> on my system under mod_perl 2.0.0 and Apache 2.0.54, it returns the
> following error:
> 
> Can't locate object method "bucket_alloc" via package
> "Apache2::Connection" at /usr/local/lib/perl/5.8.4/Apache2/Dump.pm line 38.
> 
> Adding "use Apache2::Connection" to the top of the module solves the
> problem.  Is the additional "use" line a requirement?

Yes, it should have been. I've corrected the documentation.

Thanks!


Philippe M. Chiasson m/gozer\@(apache|cpan|ectoplasm)\.org/ GPG KeyID : 88C3A5A5
http://gozer.ectoplasm.org/ F9BF E0C2 480E 7680 1AE5 3631 CB32 A107 88C3A5A5


signature.asc
Description: OpenPGP digital signature

Re: mod_perl2 make test errors - Apache2::Const

2005-06-07 Thread Stas Bekman 

Gokul P. Nair wrote:

Thanks for the link Stas. I'm still stumped as what
could be the problem though, because the version of
perl i'm using i.e. v5.8.6 is statically linked as is
evident from the output of this command:

perl -V:useshrplib
useshrplib='false';


In the future please always submit a proper bug report as explained here:
http://perl.apache.org/bugs/
so we won't need to guess things. Thanks.


but then there is only one instance of libperl.a and
there are no bogus instances of it which is evident
from this 'find' command:

find / | grep libperl*
/usr/local/lib/perl5/5.8.6/i686-linux/CORE/libperl.a
/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE/libperl.so
/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/libperl.so
/usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE/libperl.so
/usr/lib/perl5/5.8.4/i386-linux-thread-multi/CORE/libperl.so
/usr/lib/perl5/5.8.2/i386-linux-thread-multi/CORE/libperl.so
/usr/lib/perl5/5.8.1/i386-linux-thread-multi/CORE/libperl.so



Here is your problem:


ldd /usr/local/apache2/bin/httpd
libperl.so =>
/usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE/libperl.so
(0x02c87000)


You've apache linked against dynamically built perl.

Also check:
ldd /usr/local/src/mod_perl-2.0.0/blib/arch/auto/Apache2/Const/Const.so


LD_PRELOAD=/usr/local/lib/perl5/5.8.6/i686-linux/CORE/libperl.a
/usr/local/src/mod_perl-2.0.0/src/modules/perl/mod_perl.so
Segmentation fault


You can't preload an archive as .so object, I'm not sure why does it even 
let you do that.


--
__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: mod_perl app fails to load after browsing several pages

2005-06-07 Thread Stas Bekman 
[diarmuid, please don't forget to Reply-All and CC the list on your follow 
ups]



  my $q = new CGI;

  my $action = 'SchoolWeb::Actions::' . ($q->param('action') || 'Index');

  eval "use $action";




When you eval you need to check $@ for errors. See 'perldoc -f eval' for
more information.



ok...i've done this, but it now complains on somei modules not being found
e.g.

EVAL: Can't locate SchoolWeb/Actions/ManageFiles.pm in @INC

[EMAIL PROTECTED] Actions]# ls -l
/srv/www/admin.schoolweb.ie/perl/SchoolWeb/Actions/ManageFiles.pm
-rwxr-xr-x  1 diarmuid apache 6346 May 27 08:58
/srv/www/admin.schoolweb.ie/perl/SchoolWeb/Actions/ManageFiles.pm
[EMAIL PROTECTED] Actions]#

use lib '/srv/www/admin.schoolweb.ie/perl';


You need to show a complete error message, not a part of it. It's possible 
that you have a permission problem. Check that the username you run apache 
with can read those files (you could su(1) to that user, and try to cat(1) 
the .pm file, for example)



Besides, that code sample is a very very very bad idea. As you eval a
non-trusted code. You can be hurt. Badly.



I would have thought it ok since the SchoolWeb::Actions prefix is there? is
there a better way around trying to dynamically load my modules?


watch this:

  $q->param('action' => 'ManageFiles; qx[rm -rf /]')
  my $action = 'SchoolWeb::Actions::' . ($q->param('action'));
  eval "use $action";

say bye bye to quite a few of your files writable by the user you run 
apache with.


To make it safely you could for example have a hash of valid names and 
check that $action is in that hash before evalling it.



Make sure to turn the taint mode (PerlOptions -T in mp2, TaintMode On in
mp1) and fix your code to untaint your code before eval'ing it.



How do i taint check my code as in my example?


http://perl.apache.org/search/swish.cgi?query=taint&sbm=&submit=search


--
__
Stas BekmanJAm_pH --> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: Apache2::DBI

2005-06-07 Thread Adam Kennedy 

Indeed.

All that might be needed is a small...

=head1 COMPATIBILITY

Apache::DBI is compatible with both the mod_perl 1 and mod_perl 2 APIs.

... somewhere very near the beginning of the POD. (personally I'd have 
it right after the synopsis and before the description).


And I'd recommend this for anyone that is going to take the "one module 
to rule them all and in the darkness bind them" strategy :)


Adam K

Philip M. Gollucci wrote:

Aron Wrote:

I just downloaded your patch for Apache::DBI yesterday.  I'm running 
mp2 RC6 with Apache 2.0.54 on a debian platform.  The patch seems to 
be working flawlessly.  Incidentally, I also moved DBI.pm and 
AuthDBI.pm to the Apache2 namespace.



I'd leave them in the Apache namespace unless you changed the package 
directives as well.

I left it in the Apache namespace as it should work for 1.x and 2.x