我是Perl和复杂正则表达式的新手.我的意思是我之前使用过正则表达式的*,但没有比这更复杂.在下面的脚本中,我知道有一个非常大的安全漏洞,可以在其中注入和运行perl代码,以便即使是shell也可以执行任何命令.在试图阻止这种注射时,我逐渐意识到正则表达式比我想象的要困难得多.我正在使用的书说要使用它的组合
die "The specified user contains illegal characters!"
unless($user =~/^\w+$/);
我相当肯定这意味着来自用户的输入必须以多个单词开头,但我不确定这是如何阻止注入命令的,因为它从不检查分号.我认为除非条款应该更像
unless($user=~/^\w+;\w$/);
但是,似乎都不起作用.对此的任何帮助都会很棒,因为我真的很想理解这一点.谢谢!
#!/usr/bin/perl
use CGI;
use CGI::Carp qw(fatalsToBrowser);
$q = new CGI;
print $q->header,
$q->start_html('Finger User'),
$q->h1('Finger User'),
print "<pre>";
$user = $q->param("user");
#die "the specified user contains illegal characters!"
# unless ($user =~ /ls/);
if (!($user =~ /^\w*;\w*$/)){
print `/usr/bin/finger -s $user`;
}
print "</pre>";
print $q->end_html;
我正在尝试编写Perl脚本来比较2个文件的内容,以便列出所看到的任何差异.尝试以下但我不确定如何继续下去.请注意,以下只是脚本的一部分,因为我事先已对2个文件的内容进行了排序.提前致谢.
open (FILE1, "log") || die ("Can't open file log for reading") ;
open (FILE2, "master") || die ("Can't open file master for reading") ;
@file1 = <FILE1> ;
@file2 = <FILE2> ;
#$perlcompare = (compare('log','master')== 0) ;
#die ("Log and master files are equal and match.\n") ;
if (@file1 eq @file2) {
print "Log and master are equal and match.\n" ;
} else ????????????
exit 0;
我正在尝试使用Perl将数据写入MySQL数据库.但是,当我运行我的脚本时,我收到以下错误:
Can't locate loadable object for module DBD::mysql in @INC (@INC contains: C:/Perl/site/lib C:/Perl/lib .) at LargeLDAPSearch.pl line 10.
我确实有这些"使用"语句和以下代码.这只是一个小摘录,因为脚本在我尝试数据库连接之前工作:
use DBD::mysql;
use strict;
use warnings;
my $query_handle;
my ($platform,$database,$host,$port,$db_user,$pw) = ("mysql","results","localhost","3306","root","mysql123");
my $dsn = "dbi:$platform:$database:$host:$port";
my $connect = DBI->connect($dsn,$db_user,$pw) || die "Could not connect to database";
my $query_insert = "INSERT INTO " . $dbname . "(uid,status,lstpwdset,reset) VALUES (" . $strSAMA . "," . $strAcctControl . "," . $pwLS . "," . $reset . ")";
$query_handle = $connect->prepare($query_insert);
$query_handle->execute();
我已经进入我本地的Perl文件夹,并搜索了lib文件目录.在 …
这是我的问题,我对Perl知之甚少,而且我有这个功能需要修复.
deviceModelMenu()调用此函数时,CLI将显示以下文本:
The following models are available ================================================== 1. 2. Cisco1240 3. Catalyst3750 4. Catalyst3650 5. HP2524
第一项是空的,这是错误的,我需要修复它,显示此菜单的代码片段是:
my $features = shift;
print "=" x 50, "\n";
print "The following models are available\n";
print "=" x 50, "\n";
my $i=1;
foreach (keys %{$features->{features}[0]->{deviceModel}})
{
print "$i. $_ \n";
$i++;
}
如果我添加以下行:
warn Dumper($features->{features}[0]->{deviceModel});
它抛弃了这个:
$VAR1 = {
'deviceModel' => {
'' => {
'cfg' => []
},
'Cisco1240' => {
'cfg' => [
'cisco1240feature.cfg'
]
},
'Catalyst3750' => { … 寻找有关如何删除句子中的句点字符但不删除缩写句点的一些想法.例如
"The N.J. turnpike is long. Today is a beautiful day."
将改为:
"The N.J. turnpike is long Today is a beautiful day"
基本上我要做的就是浏览目录并对所有文件执行操作,在本例中为子searchForErrors.这个子工作.到目前为止我所拥有的是:
sub proccessFiles{
my $path = $ARGV[2];
opendir(DIR, $path) or die "Unable to open $path: $!";
my @files = readdir(DIR);
@files = map{$path . '/' . $_ } @files;
closedir(DIR);
for (@files){
if(-d $_){
process_files($_);
}
else{
searchForErrors;
}
}
}
proccessFiles($path);
任何帮助/建议都会很棒.而且,我是Perl的新手,所以解释越多越好.谢谢!
我一直在玩Perl中的哈希.以下按预期工作:
use strict;
use warnings;
sub cat {
my $statsRef = shift;
my %stats = %$statsRef;
print $stats{"dd"};
$stats{"dd"} = "DDD\n";
print $stats{"dd"};
return ("dd",%stats);
}
my %test;
$test{"dd"} = "OMG OMG\n";
my ($testStr,%output) = cat (\%test);
print $test{"dd"};
print "RETURN IS ".$output{"dd"} . " ORIG IS ". $test{"dd"};
输出是:
OMG OMG
DDD
OMG OMG
RETURN IS DDD
ORIG IS OMG OMG
当我在混合中添加一个数组时,它会出错.
use strict;
use warnings; sub cat {
my $statsRef = shift;
my %stats = %$statsRef;
print $stats{"dd"}; …use Text::Diff;
for($count = 0; $count <= 1000; $count++){
my $data_dir="archive/oswiostat/oracleapps.*dat";
my $data_file= `ls -t $data_dir | head -1`;
while($data_file){
print $data_file;
open (DAT,$data_file) || die("Could not open file! $!");
$stats1 = (stat $data_file)[9];
print "Stats: \n";
@raw_data=<DAT>;
close(DAT);
print "Stats1 is :$stats1\n";
sleep(5);
if($stats1 != $stats2){
@diff = diff \@raw_data, $data_file, { STYLE => "Context" };
$stats2 = $stats1;
}
print @diff || die ("Didn't see any updates $!");
}
}
输出:
$ perl client_socket.pl
archive/oswiostat/oracleapps.localdomain_iostat_12.06.28.1500.dat
Stats:
Stats1 is …use threads;
use threads::shared;
sub test {
my $s :shared = 22;
my $thread = threads->new(\&thrsub);
$thread->join();
print $s;
}
sub thrsub {
$s = 33;
}
test;
为什么不在线程中共享数据?
奇怪的是,当我在Perl中执行代码时,输出总是出现在命令行的左侧.例如.
admin@admin-machine:~$ perl my_program
1 2 3 4 5 admin@admin-machine:~$
如何让它在一行上显示输出,如下所示?
admin@admin-machine:~$ perl my_program
1 2 3 4 5
admin@admin-machine:~$