Re: Stricture and warnings (was Re: problems parsing web form information into a perl script)

2004-03-09 Thread zsdc
to the error log would hang the process? use CGI::Carp qw(fatalsToBrowser warningsToBrowser); -- ZSDC Perl and Systems Security Consulting -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>

Re: Image Magick problem

2004-03-09 Thread zsdc
It makes a snapshot of all your installed CPAN modules which you can then install all at once later after you upgrade perl on your system or anywhere else. See: perldoc CPAN http://search.cpan.org/search?module=CPAN -- ZSDC Perl and Systems Security Consulting -- To unsubscribe, e-mail: [E

Stricture and warnings (was Re: problems parsing web form information into a perl script)

2004-03-09 Thread zsdc
know how to lexically ignore particular warnings and strictures, and I wouldn't call them beginners in the first place. Sorry for a long and off-topic post, but I just wanted to say that there is absolutely nothing which would be impossible to do with: use strict; use warnings; in the be

Re: Problem using hidden variables

2004-03-06 Thread zsdc
ommand-line argument, so instead of this: my $first = $q->param('first'); there should be: my $first = $q->param('first') || 'default value'; Now it works, but is insecure. There is a cross-site scripting vulnerability. You should change: print $first; t

Re: Execute an external script

2004-03-02 Thread zsdc
$!; and see what it says. Watch out for whitespace. -- ZSDC -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>

Re: matching newline

2004-03-02 Thread zsdc
Camilo Gonzalez wrote: zsdc wrote: Camilo Gonzalez wrote: zsdc wrote: Tracy Hurley wrote: Camilo, I don't think you need to put $email in quotes to do the check, but it works if you do. Try this: if $email =~/@.*@/g || $email =~ /\n/s; It still might not be secure depanding on how $

Re: matching newline

2004-02-29 Thread zsdc
Camilo Gonzalez wrote: zsdc wrote: Tracy Hurley wrote: Camilo, I don't think you need to put $email in quotes to do the check, but it works if you do. Try this: if $email =~/@.*@/g || $email =~ /\n/s; It still might not be secure depanding on how $email is being used later. Is it used

Re: matching newline

2004-02-28 Thread zsdc
ct(-as_email => 'email'); You should do the same with other parameters, like name and address. You might need to write your own handler, but it's very easy. Here's an example from the CGI::Untaint documentation, to match a single digit: package Mysite::CGI::Untaint::digit

Re: Problem while searching and printing data from a text file into a HTML page

2004-02-22 Thread zsdc
u are trying to do. It prints "name" fields of every row containing "us", "mx" or "ca" in its "country" field. You have to tune it to your own file format. -- ZSDC -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>

Re: cgi mail script anyone?

2003-10-03 Thread zsdc
[EMAIL PROTECTED] wrote: I need to send a mail from the cgi. It must be able to have a reply or sender as someone different from the local web owner (apache). See http://search.cpan.org/modlist/Mail_and_Usenet_News/Mail -- ZSDC -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands

Re: Capturing At Compile Time

2003-09-17 Thread zsdc
e C files using the standard and 'optimised' C backends. "The code generated in this way is not guaranteed to work. The whole codegen suite ("perlcc" included) should be conĀ­ sidered very experimental. Use for production purposes is strongly discouraged." -- ZSDC Perl Consulting -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Re: Counter triggered on download

2003-08-27 Thread zsdc
dea: open FILE, '<', $file That way the "command|" argument won't work, but there still is a problem with double dots or slashes in $path. In my opinion the -T switch is a must for CGI scripts. -- ZSDC Perl and Systems Security Consulting -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Re: file updation

2003-08-25 Thread zsdc
updating the empty columns ? Few weeks ago Kake Pugh wrote an article on Perl.com entitled How to Avoid Writing Code: http://www.perl.com/pub/a/2003/07/15/nocode.html It's about using Class::DBI and the Template Toolkit. It might be exactly what you are looking for. -zsdc. -- To unsubs

Re: Counter triggered on download

2003-08-24 Thread zsdc
ually, it's the same as just: print "Content-Type: application/pdf\n\n"; CGI.pm is great but it's an overkill for just printing HTTP Content-Type header. -zsdc. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

[OT] Re: [PBML] PLEASE USE [PBML] in your subject line

2003-08-22 Thread zsdc
e quite a good clue that it's somehow related to the [EMAIL PROTECTED] mailing list. (By the way, it's not [EMAIL PROTECTED], but [EMAIL PROTECTED], so your acronym should probably be [PBCML], [BCPML], [BCPOML] or something like that.) -zsdc. -- To unsubscribe, e-mail: [EMAIL PROTE

Re: elsif issues ....still

2003-08-22 Thread zsdc
Octavian Rasnita wrote: Yes, it should be used ... == 1 without quoting the numbers. It doesn't really matter: #!/usr/bin/perl -wl die unless 3 == "3" and 1 != "3" and 2 eq "2" and 3 ne "1" and 5 eq 5 and "6" == &qu

Re: elsif issues ....still

2003-08-21 Thread zsdc
ode, you'll see that it works just fine. -zsdc. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Re: elsif issues ....still

2003-08-21 Thread zsdc
other part of your code is changing it? Insert: print "variable is $variable\n"; just before the "if." Do you have: use strict; use warnings; in the beginning of your program? -zsdc. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Re: Replacing carriage return with character string '\n' coming from a textarea param

2003-08-21 Thread zsdc
can also quote it yourself: http://search.cpan.org/author/TIMB/DBI-1.37/DBI.pm#quote but placeholders are better. -zsdc. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]