On Nov 18, 2013, at 2:02 PM, SSC_perl wrote:
> Hi John,
>
> Thanks for getting back to me with your findings. I really appreciate
> it. I've gone through everything, made the changes that I could, and I have
> some questions to some of your remarks.
You should be responding to the list, not to any individual posters. In
responding to a post on this list, nobody is committing to providing follow-ups.
>> You are using the value from readdir() without prepending the path to the
>> file name.
>
> Unless I'm mistaken, I believe the full paths are being set in the
> variables, before being used by opendir. Am I misunderstanding something?
Here is one of the excerpts John included in his message:
forceorder.cgi:409: opendir(CARTS, $path);
forceorder.cgi-410- while (my $cartfile = readdir(CARTS)) {
forceorder.cgi-411- next if (-d $cartfile || $cartfile =~ /^(\.|index)/);
This code is testing the path in $cartfile. However, $cartfile contains a file
name (not a path) as returned by opendir. Therefore, the test '-d $cartfile'
will be applied to a file in the current directory. If $path is not empty, the
test will fail because the file does not exist in the current default
directory. Even if it does, it is not the file that is intended to be tested.
The path name should be prepended to the file name before testing, like this:
next if (-d "$path/$cartfile" || "$path/$cartfile" =~ /^(\.|index)/);
>> autoconfig.cgi:883: print "<font color=\"336666\">[dir] $dir/$file</font>
>> - .htaccess installed<br>\n";
>> The variable $file is not assigned a value.
>
> I'm not seeing this. I thought it was set earlier in the security sub,
> but maybe I've just been staring at it for too long.
If you want help on specific code, you should include that code in your
message. I was unable to download the code in question from your website, but I
really shouldn't have to do so. If you want help, you should make it as easy as
possible for people to help you.
>> Surf.pm:65: $cookie =~ Encode($cookie);
>> Surf.pm:66: $value =~ Encode($value);
>> Did you really mean to use the return value from Encode() as a regular
>> expression?
>
>
> Unfortunately, I can't answer this, as I wasn't the one who wrote that
> code and I don't understand cookies. If someone knows the answer to this,
> I'd appreciate hearing it.
This has nothing to do with cookies, but with the difference between assignment
('=') and regular expression binding ('=~'). Those statements are regular
expression tests, but they really look like they should be assignments, since
the return values are ignored.
--
To unsubscribe, e-mail: beginners-unsubscr...@perl.org
For additional commands, e-mail: beginners-h...@perl.org
http://learn.perl.org/
