Overloaded "echo" command in perl within system (backtick, exec) call

[Leszek Dubiel]

I have made system of cgi scripts that allow user do some well-defined
operations on files. The problem is that I very often use command
"echo" to pass data to pipes. For example in perl program I have

`(echo '$comment' | sed 's/^/# /'; echo '$content' | ./format.ed) |
sum.pl`.

This command fails if $comment or $content extend system ARG_MAX
variable.

How do you (more experienced programmers) would solve that problem? I
think increasing ARG_MAX is a bad idea. Also if I prepare function
save(string, toFile), which dumps string to file, I could write:

save($comment, $tmp1), save($content, tmp2), `(cat tmp1 | sed 's/^/#
/'; cat tmp2 | ./format.ed) | sum.pl`,

but that looks very bad.

Thank you for your help in advance.

 

[nobull]

I have made system of cgi scripts that allow user do some well-defined
operations on files.

Are you sure? Interpolating user input unlaundered into strings that
are then passed to the Unix shell is actually allowing the user to do
anything thety damn well please.

The problem is that I very often use command
"echo" to pass data to pipes. For example in perl program I have

`(echo '$comment' | sed 's/^/# /'; echo '$content' | ./format.ed) |
sum.pl`.

This command fails if $comment or $content extend system ARG_MAX
variable.

How do you (more experienced programmers) would solve that problem? I
think increasing ARG_MAX is a bad idea. Also if I prepare function
save(string, toFile), which dumps string to file, I could write:

save($comment, $tmp1), save($content, tmp2), `(cat tmp1 | sed 's/^/#
/'; cat tmp2 | ./format.ed) | sum.pl`,

but that looks very bad.

An experienced Perl programmer would probably do the whole lot in
Perl.

However it is possible that the commands you cite are simplified
examples and the real stuff is not stuff you could simply re-implement
in Perl.

An experienced Perl programmer (or indeed any one familar with the
FAQ) would not use backticks in a void context (see FAQ).

Since you are discarding the result of the backticks you could simply
open the subrocesses using a pipe open (see documentation of the Perl
open() function).

This newsgroup does not exist (see FAQ). Please do not start threads
here.

 

[Leszek Dubiel]

I have made system of cgi scripts that allow user do some well-defined

Are you sure? Interpolating user input into strings that ...

Yes -- those strings are treated as normal texts -- they are passed to
sed (as input not program), some scripts to sort, compute sums, they
are saved to text files.

An experienced Perl programmer would probably do the whole lot in
Perl.

I will try to do as much as I can in perl. But how can I pass huge
string to sed editor? Do I really have to save it to file and then use
backtics? (Acutally I use ssed...)

However it is possible that the commands you cite are simplified
examples and the real stuff is not stuff you could simply re-implement
in Perl.

Yes -- examples are very simplified. I have pipe combined of several
tools that use sed (script.ed), bash (script.sh) and perl (script.pl).

Since you are discarding the result of the backticks you could simply
open the subrocesses using a pipe open

Does pipe open have ARG_MAX limit? Isn't that strange to use pipe open
instead of backtics?

Leszek Dubiel

PS. I will never start threads here....sorry.

 

[nobull]

Yes -- those strings are treated as normal texts -- they are passed to
sed (as input not program),

You may be _sure_, but you are not _correct_.

You said somthing like:

`echo '$content' | ./format.ed) | sum.pl`

There $content is passed to /bin/sh as part of shell script (i.e. as
program).

Suppose:

$content="Now I kill all your files'; rm -rf / 2>/dev/null; echo 'Ha
ha!";

But how can I pass huge string to sed editor?

Use a pipe or a temporary file. Note there are tricks you can do to
allow you to have an unnamed temporary file.

http://groups.google.com/[email protected]

Do I really have to save it to file and then use
backtics? (Acutally I use ssed...)

Why are you using backticks? As I asked before, are you actually
using the captured STDOUT from the sub-process? It is very important
that you do not igonre this question again or I will stop trying to
help you.

BTW: If the answer is "yes" then your question is FAQ: "How can I open
a pipe both to and from a command?" Be aware that many of the Perl
questions you come up with will be the same ones that everyone else
comes up with and so you should consult the FAQ.

I will try to do as much as I can in perl.


Yes -- examples are very simplified. I have pipe combined of several
tools that use sed (script.ed), bash (script.sh) and perl (script.pl).

BTW: Perl comes with a tool s2p to convert sed script into Perl.

Does pipe open have ARG_MAX limit?

Yes, but this is irrelevant if you are piping the input not passing it
as arguments.

Isn't that strange to use pipe open instead of backtics?

Actually using pipe open (in -| mode) as an alternative backticks is
quite normal.

But I'm not proposing that you use pipe open instead of backticks.

I'm proposing that you use pipe open (in |- mode) instead of
system("echo '$stuff' | comand"). I'm guessing that you really should
have been using system() and not backticks in the first place but I
can't be sure since you refused to answer the question.

PS. I will never start threads here....sorry.

Thanks, I look forward to seeing you in comp.lang.perl.misc.