diff options
| author | Perl 5 Porters <perl5-porters@africa.nicoh.com> | 1997-04-23 00:00:00 +1200 |
|---|---|---|
| committer | Chip Salzenberg <chip@atlantic.net> | 1997-04-23 00:00:00 +1200 |
| commit | 46fc3d4c69a0adf236bfcba70daee7fd597cf30d (patch) | |
| tree | 3b70f4a42d2ccd034756c9786032a1e531569e62 /pod/perlfaq9.pod | |
| parent | 10a676f83f541430b63a3192b246bf6f86d3b189 (diff) | |
| download | perl-46fc3d4c69a0adf236bfcba70daee7fd597cf30d.tar.gz | |
[inseparable changes from match from perl-5.003_97g to perl-5.003_97h]
BUILD PROCESS
Subject: Fix up Linux hints for tcsh, and Configure patch
Date: Tue, 22 Apr 1997 11:02:27 -0400 (EDT)
From: Andy Dougherty <doughera@lafcol.lafayette.edu>
Files: Configure hints/linux.sh
Msg-ID: Pine.SOL.3.95q.970422101051.2506C-100000@fractal.lafayette.e
(applied based on p5p patch as commit 1eb1b1cb9647b817d039bb17afa3e74940b5ef92)
Subject: There is no standard answer to 'Use suidperl?'
From: Chip Salzenberg <chip@perl.com>
Files: hints/bsdos.sh hints/freebsd.sh hints/linux.sh hints/machten_2.sh
CORE LANGUAGE CHANGES
Subject: Support PRINTF for tied handles
Date: Sun, 20 Apr 1997 18:26:13 -0400
From: Doug MacEachern <dougm@opengroup.org>
Files: pod/perldelta.pod pod/perltie.pod pp_sys.c t/op/misc.t
Msg-ID: 199704202226.SAA08032@postman.osf.org
(applied based on p5p patch as commit e7c5525577c16ee25e3521e86aca2b5105dba394)
CORE PORTABILITY
Subject: Fix bitwise shifts and pack('w') on Crays
From: Chip Salzenberg <chip@perl.com>
Files: pp.c
DOCUMENTATION
Subject: FAQ udpate (23-apr-97)
Date: Wed, 23 Apr 1997 12:22:55 -0600 (MDT)
From: Nathan Torkington <gnat@prometheus.frii.com>
Files: pod/perlfaq*.pod
private-msgid: 199704231822.MAA05074@prometheus.frii.com
OTHER CORE CHANGES
Subject: Mondo Cool patch for buffer safety and convenience
From: Chip Salzenberg <chip@perl.com>
Files: XSUB.h doop.c dump.c ext/DynaLoader/dl_dlopen.xs ext/DynaLoader/dl_hpux.xs ext/DynaLoader/dl_next.xs ext/DynaLoader/dlutils.c ext/ODBM_File/ODBM_File.xs global.sym gv.c interp.sym mg.c op.c perl.c perl.h pod/perlguts.pod pp.c pp_ctl.c pp_hot.c pp_sys.c proto.h regcomp.c regexec.c sv.c toke.c util.c
Subject: Problems with glob
Date: Sun, 20 Apr 1997 02:44:32 -0400 (EDT)
From: Ilya Zakharevich <ilya@math.ohio-state.edu>
Files: op.c
Msg-ID: 1997Apr20.024432.1941365@hmivax.humgen.upenn.edu
(applied based on p5p patch as commit a1230b335277820e65b8a9454ab751341204cf4f)
Subject: Fix scalar leak in closures
From: Chip Salzenberg <chip@perl.com>
Files: op.c scope.c
Subject: Refine error messages re: anon subs' prototypes
From: Chip Salzenberg <chip@perl.com>
Files: op.c
Subject: Outermost scope is void, not scalar
From: Chip Salzenberg <chip@perl.com>
Files: pp_ctl.c
Diffstat (limited to 'pod/perlfaq9.pod')
| -rw-r--r-- | pod/perlfaq9.pod | 59 |
1 files changed, 48 insertions, 11 deletions
diff --git a/pod/perlfaq9.pod b/pod/perlfaq9.pod index 9e6355f816..f4f4759ba5 100644 --- a/pod/perlfaq9.pod +++ b/pod/perlfaq9.pod @@ -1,6 +1,6 @@ =head1 NAME -perlfaq9 - Networking ($Revision: 1.15 $, $Date: 1997/03/25 18:17:20 $) +perlfaq9 - Networking ($Revision: 1.16 $, $Date: 1997/04/23 18:12:06 $) =head1 DESCRIPTION @@ -62,9 +62,10 @@ A quick but imperfect approach is }gsix; This version does not adjust relative URLs, understand alternate -bases, deal with HTML comments, or accept URLs themselves as -arguments. It also runs about 100x faster than a more "complete" -solution using the LWP suite of modules, such as the +bases, deal with HTML comments, deal with HREF and NAME attributes in +the same tag, or accept URLs themselves as arguments. It also runs +about 100x faster than a more "complete" solution using the LWP suite +of modules, such as the http://www.perl.com/CPAN/authors/Tom_Christiansen/scripts/xurl.gz program. @@ -83,14 +84,30 @@ others, including some that it cleverly synthesizes on its own. =head2 How do I fetch an HTML file? -Use the LWP::Simple module available from CPAN, part of the excellent -libwww-perl (LWP) package. On the other hand, and if you have the -lynx text-based HTML browser installed on your system, this isn't too -bad: +One approach, if you have the lynx text-based HTML browser installed +on your system, is this: $html_code = `lynx -source $url`; $text_data = `lynx -dump $url`; +The libwww-perl (LWP) modules from CPAN provide a more powerful way to +do this. They work through proxies, and don't require lynx: + + # print HTML from a URL + use LWP::Simple; + getprint "http://www.sn.no/libwww-perl/"; + + # print ASCII from HTML from a URL + use LWP::Simple; + use HTML::Parse; + use HTML::FormatText; + my ($html, $ascii); + $html = get("http://www.perl.com/"); + defined $html + or die "Can't fetch HTML from http://www.perl.com/"; + $ascii = HTML::FormatText->new->format(parse_html($html)); + print $ascii; + =head2 how do I decode or create those %-encodings on the web? Here's an example of decoding: @@ -127,7 +144,7 @@ server, or perhaps check some of the other FAQs referenced above. The HTTPD::UserAdmin and HTTPD::GroupAdmin modules provide a consistent OO interface to these files, regardless of how they're -stored. Databases may be text, dbm, Berkeley DB or any database with a +stored. Databases may be text, dbm, Berkley DB or any database with a DBI compatible driver. HTTPD::UserAdmin supports files used by the `Basic' and `Digest' authentication schemes. Here's an example: @@ -136,6 +153,19 @@ DBI compatible driver. HTTPD::UserAdmin supports files used by the ->new(DB => "/foo/.htpasswd") ->add($username => $password); +=head2 How do I make sure users can't enter values into a form that cause my CGI script to do bad things? + +Read the CGI security FAQ, at +http://www-genome.wi.mit.edu/WWW/faqs/www-security-faq.html, and the +Perl/CGI FAQ at +http://www.perl.com/CPAN/doc/FAQs/cgi/perl-cgi-faq.html. + +In brief: use tainting (see L<perlsec>), which makes sure that data +from outside your script (eg, CGI parameters) are never used in +C<eval> or C<system> calls. In addition to tainting, never use the +single-argument form of system() or exec(). Instead, supply the +command and arguments as a list, which prevents shell globbing. + =head2 How do I parse an email header? For a quick-and-dirty solution, try this solution derived @@ -185,6 +215,12 @@ comments), looks for addresses you may not wish to accept email to (say, Bill Clinton or your postmaster), and then makes sure that the hostname given can be looked up in DNS. It's not fast, but it works. +Here's an alternative strategy used by many CGI script authors: Check +the email address with a simple regexp (such as the one above). If +the regexp matched the address, accept the address. If the regexp +didn't match the address, request confirmation from the user that the +email address they entered was correct. + =head2 How do I decode a MIME/BASE64 string? The MIME-tools package (available from CPAN) handles this and a lot @@ -224,8 +260,8 @@ Again, the best way is often just to ask the user. =head2 How do I send/read mail? Sending mail: the Mail::Mailer module from CPAN (part of the MailTools -package) is Unix-centric, while Mail::Internet uses Net::SMTP which is -not Unix-centric. Reading mail: use the Mail::Folder module from CPAN +package) is UNIX-centric, while Mail::Internet uses Net::SMTP which is +not UNIX-centric. Reading mail: use the Mail::Folder module from CPAN (part of the MailFolder package) or the Mail::Internet module from CPAN (also part of the MailTools package). @@ -292,3 +328,4 @@ CPAN). No ONC::RPC module is known. Copyright (c) 1997 Tom Christiansen and Nathan Torkington. All rights reserved. See L<perlfaq> for distribution information. + |