Re: [Nms-cgi-devel] Further Updates to countdown.pl

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Tue, 13 Nov 2001, ryan.311 wrote:

> Hey guys, sorry I haven't been responding in a while; I've been busy.
> Anyways, here are some thoughts:
>
>  >You also changed the shebang line to #!perl -wT. We need to agree on a
>  >standard for shebang lines, but it'll probably be #!/usr/bin/perl -wT
>
> Well, I was under NT when I was running it... I changed it when I uploaded
> it this time.  Apologies!
>

You don't need to change the Shebang for IIS - of course you might do if
you are running these with Apache on windows which fakes up the Unix
execvp behaviour but uses the path.

I am going to do up the FAQ about running this stuff nicely on Windows - I
am having an enforced refamilarisation with it right now :)

>
>  >I don't agree with having use CGI::Carpi qw(fatalsToBrowser) in production
>  >code. It gives too much information to anyone trying to crack the site. The
>  >standard CGI error message is vague for a good reason. The full error
>  >messsage is written to the server error log where the webmaster can read
>  >it. By all means add it to the code - but comment it out in released
>  >versions.
>
> I thought Jonathan's idea of using CGI::Carp's set_message function was an
> excellent idea.
> However, the code snippet he provided didn't work ;)  I changed it to this:
>
> BEGIN{set_message(sub{print"[Error]"})if!$DEBUGGING;}
>

Bloody did! ;-}

I have tested this code:

#!/usr/bin/perl -w

use strict;

use CGI;
use CGI::Carp qw(fatalsToBrowser set_message);
use vars qw($DEBUGGING);

#
# $DEBUGGING must be set in a BEGIN block in order to have it be set before
# the program is fully compiled.
# This should almost certainly be set to 0 when the program is 'live'
#

BEGIN
{
   $DEBUGGING = 0;
}

BEGIN
{
   my $error_message = sub {
                             my ($message ) = @_;
                             print "<h1>It's all gone horribly wrong</h1>";
                             print $message if $DEBUGGING;
                            };

  set_message($error_message);
}

die "Wahay!\n";

Which is the boilerplate for what I have placed in all the programs and
some stuff to make it work and it works fine for me with perl 5.6.1.

It might be that some construct I am using doesnt extend back all the way
to 5.004.04 here  but the only diff I can see between what you are doing
and I am doing is the anonymous subroutine and I can't believe that that
hasnt been around since we we have had references (in 5.001m ?)

This code is basically shorthand for a larger nicer error message that is
fit to be presented to the punters - I am waiting for someone who can be
arsed with making nice HTML to do that.

Obviously if one was in control of the server itself one would configure
it so that the '500' status page was nice enough that you could just let
programs die.

> That will output "[Error]" whenever there is an error in the script when
> $DEBUGGING is set to 0.
> However, if there is an error earlier in the BEGIN statement, CGI::Carp
> will output errors regardless
> of what $DEBUGGING is set to.
>

Well yes, there is almost certainly nothing we could do to prevent error
leakage at some point - we just need to endeavour to reduce the
possibility of that ... unfortunately the configuration of the server is
going to cause the program to fail before compilation.  Thats the shit ;-}

<snip>

>
> Ugh... Fine.  I added support for both ways, however:
>

Er.. I'll start a new thread ;-}

>
> Secondly, I am not sure how to upload on sourceforge.  For the time being,
> I re-uploaded to jcwren's server (http://jryan.perlmonk.org/nms/countdown.txt).
>

You need to be able to access the CVS - we can discuss working with CVS if
you are unfamiliar with this.

> Thirdly, I have two midterms coming up over the next two days, so my time
> for NMS will be limited until my midterms are over.  I should be able to
> thoroughly look over another script during that time, however, so
> suggestions for the next script to pick apart are welcome.
>

Hey, I have to give annual reviews to two of my little helpers and ensure
that the four projects we are working on are on track, integrate two
billing systems that exist in our German operation and propose the
architecture for the european rollout of two software systems ;-}

And that is this week ;-}

This is volunteer stuff matey don't worry ...

/J\
-- 
Jonathan Stowe                      |
<http://www.gellyfish.com>          |      This space for rent
                                    |