Overloaded "echo" command in perl within system (backtick, exec) call

Discussion in 'Perl' started by Leszek Dubiel, May 10, 2004.

  1. I have made system of cgi scripts that allow user do some well-defined
    operations on files. The problem is that I very often use command
    "echo" to pass data to pipes. For example in perl program I have

    `(echo '$comment' | sed 's/^/# /'; echo '$content' | ./format.ed) |
    sum.pl`.

    This command fails if $comment or $content extend system ARG_MAX
    variable.

    How do you (more experienced programmers) would solve that problem? I
    think increasing ARG_MAX is a bad idea. Also if I prepare function
    save(string, toFile), which dumps string to file, I could write:

    save($comment, $tmp1), save($content, tmp2), `(cat tmp1 | sed 's/^/#
    /'; cat tmp2 | ./format.ed) | sum.pl`,

    but that looks very bad.

    Thank you for your help in advance.
     
    Leszek Dubiel, May 10, 2004
    #1
    1. Advertising

  2. Leszek Dubiel

    Guest

    (Leszek Dubiel) wrote in message news:<>...
    > I have made system of cgi scripts that allow user do some well-defined
    > operations on files.


    Are you sure? Interpolating user input unlaundered into strings that
    are then passed to the Unix shell is actually allowing the user to do
    anything thety damn well please.

    > The problem is that I very often use command
    > "echo" to pass data to pipes. For example in perl program I have
    >
    > `(echo '$comment' | sed 's/^/# /'; echo '$content' | ./format.ed) |
    > sum.pl`.
    >
    > This command fails if $comment or $content extend system ARG_MAX
    > variable.
    >
    > How do you (more experienced programmers) would solve that problem? I
    > think increasing ARG_MAX is a bad idea. Also if I prepare function
    > save(string, toFile), which dumps string to file, I could write:
    >
    > save($comment, $tmp1), save($content, tmp2), `(cat tmp1 | sed 's/^/#
    > /'; cat tmp2 | ./format.ed) | sum.pl`,
    >
    > but that looks very bad.


    An experienced Perl programmer would probably do the whole lot in
    Perl.

    However it is possible that the commands you cite are simplified
    examples and the real stuff is not stuff you could simply re-implement
    in Perl.

    An experienced Perl programmer (or indeed any one familar with the
    FAQ) would not use backticks in a void context (see FAQ).

    Since you are discarding the result of the backticks you could simply
    open the subrocesses using a pipe open (see documentation of the Perl
    open() function).

    This newsgroup does not exist (see FAQ). Please do not start threads
    here.
     
    , May 11, 2004
    #2
    1. Advertising

  3. > > I have made system of cgi scripts that allow user do some well-defined
    > > operations on files.

    >
    > Are you sure? Interpolating user input into strings that ...


    Yes -- those strings are treated as normal texts -- they are passed to
    sed (as input not program), some scripts to sort, compute sums, they
    are saved to text files.

    > An experienced Perl programmer would probably do the whole lot in
    > Perl.


    I will try to do as much as I can in perl. But how can I pass huge
    string to sed editor? Do I really have to save it to file and then use
    backtics? (Acutally I use ssed...)

    > However it is possible that the commands you cite are simplified
    > examples and the real stuff is not stuff you could simply re-implement
    > in Perl.


    Yes -- examples are very simplified. I have pipe combined of several
    tools that use sed (script.ed), bash (script.sh) and perl (script.pl).


    > Since you are discarding the result of the backticks you could simply
    > open the subrocesses using a pipe open


    Does pipe open have ARG_MAX limit? Isn't that strange to use pipe open
    instead of backtics?

    Leszek Dubiel

    PS. I will never start threads here....sorry.
     
    Leszek Dubiel, May 11, 2004
    #3
  4. Leszek Dubiel

    Guest

    (Leszek Dubiel) wrote in message news:<>...
    > > > I have made system of cgi scripts that allow user do some well-defined
    > > > operations on files.

    > >
    > > Are you sure? Interpolating user input into strings that ...

    >
    > Yes -- those strings are treated as normal texts -- they are passed to
    > sed (as input not program),


    You may be _sure_, but you are not _correct_.

    You said somthing like:

    `echo '$content' | ./format.ed) | sum.pl`

    There $content is passed to /bin/sh as part of shell script (i.e. as
    program).

    Suppose:

    $content="Now I kill all your files'; rm -rf / 2>/dev/null; echo 'Ha
    ha!";

    > But how can I pass huge string to sed editor?


    Use a pipe or a temporary file. Note there are tricks you can do to
    allow you to have an unnamed temporary file.

    http://groups.google.com/groups?threadm=

    > Do I really have to save it to file and then use
    > backtics? (Acutally I use ssed...)


    Why are you using backticks? As I asked before, are you actually
    using the captured STDOUT from the sub-process? It is very important
    that you do not igonre this question again or I will stop trying to
    help you.

    BTW: If the answer is "yes" then your question is FAQ: "How can I open
    a pipe both to and from a command?" Be aware that many of the Perl
    questions you come up with will be the same ones that everyone else
    comes up with and so you should consult the FAQ.

    > > An experienced Perl programmer would probably do the whole lot in
    > > Perl.

    >
    > I will try to do as much as I can in perl.
    >
    > > However it is possible that the commands you cite are simplified
    > > examples and the real stuff is not stuff you could simply re-implement
    > > in Perl.

    >
    > Yes -- examples are very simplified. I have pipe combined of several
    > tools that use sed (script.ed), bash (script.sh) and perl (script.pl).


    BTW: Perl comes with a tool s2p to convert sed script into Perl.

    > > Since you are discarding the result of the backticks you could simply
    > > open the subrocesses using a pipe open

    >
    > Does pipe open have ARG_MAX limit?


    Yes, but this is irrelevant if you are piping the input not passing it
    as arguments.

    > Isn't that strange to use pipe open instead of backtics?


    Actually using pipe open (in -| mode) as an alternative backticks is
    quite normal.

    But I'm not proposing that you use pipe open instead of backticks.

    I'm proposing that you use pipe open (in |- mode) instead of
    system("echo '$stuff' | comand"). I'm guessing that you really should
    have been using system() and not backticks in the first place but I
    can't be sure since you refused to answer the question.

    > PS. I will never start threads here....sorry.


    Thanks, I look forward to seeing you in comp.lang.perl.misc.
     
    , May 12, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Charlie Zhang
    Replies:
    5
    Views:
    6,555
    Qu├ębec
    Jun 19, 2004
  2. Replies:
    2
    Views:
    106
    Brian McCauley
    Jul 21, 2004
  3. Random Task
    Replies:
    12
    Views:
    704
    Joe Smith
    Dec 4, 2005
  4. backtick and system command

    , Jan 14, 2007, in forum: Perl Misc
    Replies:
    7
    Views:
    151
    Josef Moellers
    Jan 16, 2007
  5. Kuhl
    Replies:
    1
    Views:
    297
    Tad J McClellan
    Dec 22, 2008
Loading...

Share This Page