Re: [Catalyst] Strange Problem: gb2312 showed incorrect in mod_perl, but correct in developer server
Apache might force the encoding of specific mime types. Check the
apache config
and look for the content type View::JSON generates.
cheers,
moritz
Am 02.06.2008 um 18:39 schrieb J. Shirley:
2008/6/1 cui robin [EMAIL PROTECTED]:
2008/6/2 J. Shirley [EMAIL PROTECTED]:
2008/6/1 cui robin [EMAIL PROTECTED]:
Hi,
When a page loaded in firefox, then it will send a ajax request
to get
data
in json format.
Some gb2312 words is in the json data.
When catalyst is started by /home/robin/CBS/script/cbs_server.pl,
the
data
got by client is same as the data i print on the screen by
$c-log-debug().
It's showed corrected in firefox client or ie client.
But when catalyst is running by apache mod_perl, the data got by
client
is
different from the data i print on the screen by $c-log-
debug().It's
showed incorrected.
A chinese world in gb2312 charset have 2 bytes. what I found in
the
client
is that:
2 bytes of a chinese word was splited, and a octal byte \303 or
\302 was
added before every byte. So showed incorrect in client.
Anyone meet the same problem when using mod_perl?
Thanks!
Robincui
How are you generating the JSON? We had a similar circumstance
(although our production server would also exhibit failures under
the
built-in server) because of varying JSON.pm versions.
Make sure you use a JSON module that properly understands
unicode. I
try to use Catalyst::View::JSON wherever possibly, and if it isn't
then JSON::XS::encode_json( $perlref ) works the most reliably.
-J
I use standard JSON module [use JSON;] from cpan,version is 2.07.
code like
below:
my $json = new JSON;
$json-canonical(1);
my $response = $json-encode($var);
But i think the problem is nothing to do with JSON, for some
points like
below:
1. The problem will not occur when I use catalyst's built-in server
2. After JSON module convert a hash to JSON data, I use $c-log-
debug
output to screen, I saw it was correct.
I think the problem occur when apache (mod_perl) send data to
client. the
data was modified. But I don't kown why?
Some code like below:
my $jsResponse = $ajaxRequest-{response} . \n
$callback_function;
$c-log-debug(JS Response:\n$jsResponse); # the showed on the
screen
is correct;
$c-response-content_type('text/html; charset=GB2312');
$c-response-body($jsResponse);
The mod_perl,apache,perl version like below:
[Mon Jun 02 12:28:31 2008] [notice] Apache/2.0.55 (Unix) PHP/5.2.3
mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations
Any other solution?
Use Firebug, or related tools, and send the request and response
headers outside of mod_perl as the browser sees them.
That will help gather prudent information
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] untainting utf8 text for db
On 5 Jun 2008, at 19:05, Daniel McBrearty wrote:
database contains text fields which can be in any language and contain
any text and punctuation
1. I am getting params back via a web form to create new records. What
do I do to validate input (apart from length check)?
2. I want to take a param and do a like(%$param%) search returning
matching records. How do I protect this?
You mean foo LIKE '%$param%' and its done by
$rs-search({ col = { -like = %$param% } })
-ash
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] untainting utf8 text for db
yes, that's what I meant. but does using the DBIx::Class construct
sanitise, provide safety and prevent unwanted babies though?
IIRC it does for creating records.
On Thu, Jun 5, 2008 at 8:10 PM, Ash Berlin [EMAIL PROTECTED] wrote:
On 5 Jun 2008, at 19:05, Daniel McBrearty wrote:
database contains text fields which can be in any language and contain
any text and punctuation
1. I am getting params back via a web form to create new records. What
do I do to validate input (apart from length check)?
2. I want to take a param and do a like(%$param%) search returning
matching records. How do I protect this?
You mean foo LIKE '%$param%' and its done by
$rs-search({ col = { -like = %$param% } })
-ash
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
--
Daniel McBrearty
email : danielmcbrearty at gmail.com
http://www.engoi.com
http://danmcb.vox.com
http://danmcb.blogger.com
find me on linkedin and facebook
BTW : 0873928131
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
RE: [Catalyst] untainting utf8 text for db
I inquired about this myself a few months ago. Consensus if I remember
correctly was that DBIC gives you some safety in that it uses place
holders but that does not mean your protected fully from bad input or
malicious abuse of that parameter. I personally like having input meet
specific requirements and if doesn't meet them then just reject it. But
that does not always fly especially if you HAVE to be flexible. Another
approach is rejecting input if it has characters or data that you know
you don't want or expect things like , %, (, ), \, /, ?, `, *, +, just
as some examples. I think its better to be more strict with input than
less strict especially if its public facing. If its internal then its
different story.
Thanks,
--
Ali Mesdaq (CISSP, GIAC-GREM)
Security Researcher II
Websense Security Labs
http://www.WebsenseSecurityLabs.com
--
-Original Message-
From: Daniel McBrearty [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 05, 2008 11:22 AM
To: The elegant MVC web framework
Subject: Re: [Catalyst] untainting utf8 text for db
yes, that's what I meant. but does using the DBIx::Class construct
sanitise, provide safety and prevent unwanted babies though?
IIRC it does for creating records.
On Thu, Jun 5, 2008 at 8:10 PM, Ash Berlin [EMAIL PROTECTED]
wrote:
On 5 Jun 2008, at 19:05, Daniel McBrearty wrote:
database contains text fields which can be in any language and
contain any text and punctuation
1. I am getting params back via a web form to create new records.
What do I do to validate input (apart from length check)?
2. I want to take a param and do a like(%$param%) search returning
matching records. How do I protect this?
You mean foo LIKE '%$param%' and its done by
$rs-search({ col = { -like = %$param% } })
-ash
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive:
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
--
Daniel McBrearty
email : danielmcbrearty at gmail.com
http://www.engoi.com
http://danmcb.vox.com
http://danmcb.blogger.com
find me on linkedin and facebook
BTW : 0873928131
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive:
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
Protected by Websense Messaging Security -- www.websense.com
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
