[tpm] Irritation problem

Chris Jones cj at enersave.ca
Thu Apr 5 01:58:14 PDT 2012


Thanks so much!
This is the top of my script files:

#! c:/apps/perl/bin/perl.exe -w
use strict;
use CGI 2.5 qw(:all) ;
use CGI qw/escape unescape/;
use CGI::Carp qw/fatalsToBrowser/;
use DBI;

I do have use strict;

I check from the command line:
perl -c frameset3.cgi

perl -c frameset3.cgi
frameset3.cgi: Name "Mysql::db_errstr" used only once: possible typo 
at frameset3.cgi line 41
frameset3.cgi syntax OK

I am going to correct the errors you noted, thank you!


At 03:47 AM 05/04/2012, Uri Guttman wrote:
>On 04/05/2012 12:58 AM, Chris Jones wrote:
>
>>#Read the config file
>>open INFILE, "../input/config1.dat" or die "config1.dat not found\n";
>
>first off, use lexical file handles, not global bareword handles.
>
>
>>my ($key, $value);
>
>declare vars when first used.
>
>you are using lexicals but i can tell you are not using strict. see 
>why i can tell below.
>
>>my %confighash;
>>
>>while( <INFILE> ) {
>>s/#.*//; # ignore comments by erasing them
>>next if /^(\s)*$/; # skip blank lines
>>chomp; # remove trailing newline characters
>>($key, $value)=split("\t",$_);
>
>my( $key, $value ) = split /\t/ ;
>
>as i said above declare vars when first used. use more horizontal 
>white space for your readers. the first arg to split is always a 
>regex so make it look like one. split's default string input is $_. 
>in general i recommend not using $_ for various reasons but i won't 
>go into them now.
>
>
>>my $outfilename = $confighash{outfilename};
>>my $modfilename = $outfiilename . ".mod"; #add the extension.
>
>look carefully at those two lines. there is a major difference. if 
>you asked perl for help by using strict, perl would have told you 
>the problem. this is why you always use strict in programs big and small.
>
>>open(OUTFILE, ">$modfilename") or &Error_Exit("$modfilename not opened:
>
>don't call subs with &. that is perl4 style and is not required nor 
>desired in perl5.
>
>>$!");
>>
>>Produces an:
>>"Insecure dependency in open while running with -T switch at
>>/cgi-bin/my_script.cgi line 1371
>
>that is because you read data from the outside which is tainted and 
>you didn't untaint it before using it in a file name to be opened. 
>besides that you have the typo i mentioned.
>>
>>Where as:my $outfilename = "hardcode_the_path/filename";
>
>the filename is not coming from the outside so it isn't tainted so no error.
>
>>my $modfilename = $outfiilename . ".mod"; #add the extension
>
>same typo. if this was real code, the file open would work as you 
>opening just '.mod' in the current dir.
>
>>open(OUTFILE, ">$modfilename") or &Error_Exit("$modfilename not opened:
>>$!");
>
>uri
>_______________________________________________
>toronto-pm mailing list
>toronto-pm at pm.org
>http://mail.pm.org/mailman/listinfo/toronto-pm

 >>
Christopher Jones, P.Eng.
Suite 1801, 1 Yonge Street
Toronto, ON M5E1W7
Tel. 416-203-7465
Fax. 416-946-1005
email cj at enersave.ca



More information about the toronto-pm mailing list