PDA

View Full Version : So simple a perl question i'm almost embarrassed to ask. (Print text to TOP of file).



sarah_anne
07-16-2002, 01:21 PM
OK, to append it's something like:


$mystuff= $formdata{'mine'};
$inputstuff = $formdata{'inputtext'};
open (LOG, ">>stuff.txt") || &ErrorMessage;

and to wipe clean and overwrite it's

$mystuff= $formdata{'mine'};
$inputstuff = $formdata{'inputtext'};
open (LOG, ">stuff.txt") || &ErrorMessage;

but.... how do i make it so that input from a simple form goes to the TOP of my text file whilst keeping everything else that's there? Is there something simple to write instead? or does it involve harder work than it sounds? It seems as if it should be something I already know, but unfortunatly it's either too simple to document on the internet that i've searched so far or no one else ever needs to do this?? :S

Sarah.

chrisvmarle
07-16-2002, 02:27 PM
Here's what I use for problems like this:


$mystuff= $formdata{'mine'};
$inputstuff = $formdata{'inputtext'};
open (LOG, "stuff.txt") || &ErrorMessage;
@data = <LOG>;
close (LOG);

open (LOG, ">stuff.txt") || &ErrorMessage;
print LOG "String or whatever to write to the top of the file";
foreach (@data) {
print LOG $_;
}
close(LOG);

Mzzl, Chris

sarah_anne
07-16-2002, 02:36 PM
aaah, i see how you're doing it... taking it all out of the file, writing the stuff i need to put at the top and then rewriting everything that was already there afterwards. guess they never make it simple, eh?

Anyway, thanks! :)

chrisvmarle
07-16-2002, 04:22 PM
I was told lately why there things like this in Perl; the idea is, they give you everything you need and the rest is up to you.

(They give you the ability to write to files, but you have to make it write to the top of the file ;))

Mzzl, Chris

ThrowSomething
09-25-2013, 01:28 AM
I know I'm replying to an 11 year old thread, but I use this to achieve printing to the top of a file.
"open (LOG, '+>comments.html');"

It works fine.

FishMonger
09-25-2013, 02:27 PM
If by "It works fine" you mean that it wipes out the current contents of the file before adding the new data, then I would agree. However, if you want to achive the results that the OP was wanting, then it certainly would not work.

ThrowSomething
09-26-2013, 01:40 PM
Of course I didn't mention the need to read the file first...I thought that was a 'given'....sheesh.
Here...
"open(MYINPUTFILE, "+<comments.html");
my(@lines) = <MYINPUTFILE>;
@lines = sort(@lines);
my($line);
foreach $line (@lines)
{
open (LOG, '+>comments.html');"

That's for all you people who need their hand held.

FishMonger
09-26-2013, 02:39 PM
Your first open call is the "correct" way to open a filehandle in read/write mode, but opening it in that mode is unnecessary based on the rest of your code. Additionally, it has the following 3 issues.

1) You should be using a lexical var instead of a bareword filehandle. I'll assume that you used the bareword because that's what the OP used.

2) You should use the 3 arg form of open.

3) You should ALWAYS check the return code of an open call and take proper action if it had failed.

Slurping the file into an array is fine, but why sort the array? That is not what the OP was wanting.

Declaring $line prior to the loop is unnecessary and in most cases unwanted. It should be declared in the loop initialization.

Opening the filehandle inside the loop is NOT what you should be doing, especially the way you're doing it. Refer back to my other post for the reason and read the perldoc on open to get more details why you're opening it in the wrong mode.

Tying those points together, here's a proper solution to the OP's question.

my $inputstuff = $formdata{'inputtext'};

# The OP never stated this,
# but I'll assume that ErrorMessage includes a die statement
open my $log_fh, '<', 'stuff.txt' or ErrorMessage();
my @log_data = <$log_fh>;
close $log_fh;

open $log_fh, '>', 'stuff.txt' or ErrorMessage();
print $log_fh "$inputstuff\n", @log_data;
close $log_fh;


Here's another shorter/cleaner solution.

use Tie::File;

my $inputstuff = $formdata{'inputtext'};

tie my @log_data, 'Tie::File', 'stuff.txt' or ErrorMessage();
unshift @log_data, $inputstuff;
untie @log_data

ThrowSomething
09-26-2013, 04:45 PM
FishMonger, you are so accurate...but as an example, I left out the pertinents of the script that calls other functions. Thank you for pointing this out to us.... BTW, the script I posted was just a bit of info the OP could build upon...given his/her lack of knowledge using PERL. Maybe in the future, I should include reasons, explanations, tutes, and/or shortcuts for the way things "work"....Damn, who'd ever think an 11 year old thread would draw us close like this has?

ThrowSomething
09-26-2013, 10:22 PM
>Apparently, (I'm assuming), you have skills beyond my hobby (and it's just
> that...a hobby).
>
> I just do what works for me and my Apache server...never had a problem,
> and next time I browse the Archive and think my solution works across the
> board, I'll realize my way, being trial and error, doesn't apply in all
> situations.
>
> In the Archive, that was post # 56 from the start of CF.... I won't reply
> to anymore posts since you have it under control.

That's an unfortunate decision. This site could always use more
contributors.

> Thank you for illiciting a response from me, posting a reply, but without
> actually posting the needed info.
>
> That makes it personal and NOT of the flavor of this forum.
>
> Next time, just add the required info and step back from the ususal "I'm
> better than you" attitude your reply implies.

In hind sight I see that my first post might have been a little terse. I
apologize for that.

If you feel that you need to drop out the first time your feelings get
hurt based on your perceived impression that I (or anyone) has an "I'm
better than you" attitude, then you may want to reflect on what that says
about you. No insult intended in that statement.

When you were writing your first post there was a warning indicating that
your post might get deleted. When I saw the post I almost deleted it
because of 1) age of the original thread, 2) neither of the original users
have been back since 2005/2006, and 3) your solution did not work.
However, I choose to keep it and point out a problem with it but neglected
to expand on it and show the correction until the later post.


> I just joined this forum, and since you've been here for a long time
> doesn't mean your word/script is the end all, be all of PERL.

I never said or believe that to be true.


> Another thing to consider....as you read this message.....did it ever
> occur to you to do a scan for "less than obtrusive" coding or
> timestamped/IP/hidden vulnerabilities associated with this and MANY
> forums?
>
> XSS is one major hole here, but keep coding as such....you're safe.
>
> I hope you are up to date with what's available through simple vectors.
>
> That's one forum I want to post in.....can you compete?

This is not a competition. I have no desire or intention to compete with
you in any realm. I would prefer to have a reasonable dialog where we can
learn from each other.

> Will I be banned from CF for posting it's holes?

What makes you think I or any other mod would ban you for pointing out
possible security holes?

> Maybe I should consult YOU before I post an exploit?
>
> That should shake this community!!
>
> Seriously.....I await your reply to my ammended reply to YOUR reply
> stating the obvious.....
> I never knew I needed to spell it all out......Get a clue,
> dude/woman/whatever....11 years and you're current...wow
>
> Funny how you didn't know the answer back then.


Take note that I'm providing my true contact info and not hiding behind a
throw away email address. Would you like to do the same?

[I]--

My feelings aren't hurt, but knowing this forum has someone to point out and argue over symantic issues makes me wonder if I'm dealing with someone who barely shaves, has acne, and still lives with Mommy.
You could do yourself a favor and bite your "I ALMOST DELETED YOUR POST" tongue and learn from folks like me who are probably the BEST in the field.
I again proclaim PERL as a hobby, as I do Amateur Radio, Chemistry, Astronomy, Aviation, Scripting, Penetration Testing, and the soon to be pilot of my second WWI replica of full scale, flyable Warbirds....this time it's a DR-1, you probably know it as "The Red Baron"...yeah, a triplane.

You script on, FishMonger.
I hope someday your life is filled with other 'more enjoyable' aspects that aren't keyboard related.
Have you tried fishing yet?
Is this post going to be deleted because YOUR feelings were hurt?

[/B]

FishMonger
09-26-2013, 10:56 PM
Please, lets be civil and not go into the insults and name calling.

As you can see, I have not deleted your post, but will if you can't be civil.

A person that is "the BEST in the field" would not have posted the code you say "works fine".

ThrowSomething
09-27-2013, 12:03 AM
FishMonger, you have my full respect, here and elsewhere. You're only doing your job, and I respect that.
I've crafted a script that allows directory traversal of any site regardless of the .htaccess or index.html file parsed.
This has opened the web in ways layfolks can't imagine.
Remember the "/%3f" exploit back in the 90's? This brings it all back WITH extras...lol.
If you do a CD?/../ (Change Directory) in the URL, it works as if you actually have root from a command prompt...on ANY site.
My son knows about this exploit, and he, being the gamer he is, will probably let it slip. He owns a major Gamer Website.
If you have <title> in any webpage, it works simply in the address bar...Protected directories have such, but not as we would script.
This is the flaw....The server will show the name of the directory, but this takes it well beyond that.
The DOM is somewhat in play here....Most browsers look for a certain criteria in the header, but this PERL script, which uses LWP, does an added unthought of query.
Cached requests are the propriorty of any site, and thereby there is a certain window of oppertunity.
Hence, the flaw.
My obviously misguided, poorly scripted experiments brought this (OOPS) flaw to surface. I've tried it across the main browsers, but Chrome doesn't parse-out like the rest do. Maybe the big folks know about this?
Dave

FishMonger
09-27-2013, 12:31 AM
What does any of that have to do with the subject of this thread and the code you posted?


If you do a CD?/../ (Change Directory) in the URL, it works as if you actually have root from a command prompt...on ANY site.
If that is true, then prove it by accessing my home directory on my company's web server or email server, both of which were provided to you in my email to you.

ThrowSomething
09-27-2013, 05:35 AM
LOL...you are, just like anyone else, ready to view the logfiles to show the actual commands...Gimme a break! Let's do this in email, fool....
From your past responses, I'd bet you tried that just now in your address bar!...Ha....Want to be shown what's vulnerable? I've got the perfect solution. Again, emails......
Regards, Detlef.