All the Perl that's Practical to Extract and Report

TPC6, Day 5, Part 2

merlyn on 2002-07-27T00:26:32

I sat in a Perl Script Security talk, noting that /^[a-z]+$/ on the slides would erroneously match foo\n, and that you can't use the open FOO, "< $bar\0" trick unless you've also preprocessed $bar with an initial ./ if it needs it. Ugh. People need to read perlsec, please.

Then it was the arrest that never happened. Bruce Perens talked about freedoms erroding, and what we could do.

Finally, during the town meeting, we were all chatting on IRC together. When Rael at the front "couch" also got online, I started sending comments to make him chuckle on stage.

It was cool that someone wanted to institutionalize the Stonehenge party. How can I be a rebel when I've been so readily accepted into the fold? Oh well.

It's over. Yeay. Another year to plan and implement the next conference.

POSIX character class?

djberg96 on 2002-07-27T01:15:59

I sat in a Perl Script Security talk, noting that /^[a-z]+$/ on the slides would erroneously match foo\n

Is using [:lower:] the appropriate approach? Just curious.

Re:POSIX character class?

gav on 2002-07-27T01:54:55

The correct thing is to use \z:
$_ = "blah\n";
print "dollar\n" if /^[a-z]+$/;
print "z\n" if /^[a-z]+\z/;
__END__
dollar
I don't quite like the \a or \z modifiers. They seem a bit funky to me.

I tend to solve this problem by getting rid of leading and trailing whitespace with something like:

my %params = map { $_ => trim($cgi->param($_)) } qw(var_a var_b var_c);

sub trim {
  my $str = shift;
  if ($str) {
     $str =~ s/^\s+//;
     $str =~ s/\s+$//;
  }
  $str;
}
This also means the user doesn't get tripped up by an extra space at the end of their username etc.

Re:POSIX character class?

TorgoX on 2002-07-27T02:00:33

\a is alarm. You mean \A. Yet another problem with the whole mess!

s/Stonehenge/OSCON LAN Party/

cwest on 2002-07-28T19:33:17

It just wouldn't be the Open Source way to take all the thunder when you produce such little lightning.

IOW, it was not the Stonehenge Party. This year, my party swallowed the Stonehenge Party. I'm glad people liked it enough to see it next year, I suppose I'll just have to do it again.

Re:s/Stonehenge/OSCON LAN Party/

merlyn on 2002-07-29T02:28:24

I said:
It was cool that someone wanted to institutionalize the Stonehenge party.
That's not a dig at the party that actually happened. I was merely quoting what I heard in the room. I know it was our party.

3 argument open

bart on 2002-08-06T13:25:53

you can't use the open FOO, "< $bar\0" trick unless you've also preprocessed $bar with an initial ./ if it needs it. Ugh.
The proper thing to do is of course to use the three argument open(), which was new in 5.6. No parsing of the file name there. sysopen() would work too, but is much clumsier.