You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Michael <mi...@bizsystems.com> on 2000/09/15 21:56:27 UTC
I'm missing something in Apache::Cookie
Hmmmm.....
When I retrieve a cookie
%cookies = Apache::Cookie->fetch;
I get a hash that contains the name of the cookie as the key and a
scalar reference as the value.
Apache::Cookie=SCALAR(0xblah...)
Can't seem to unravel it to get at the
value. Using
%xx = Apache::Cookie->parse($val);
gives an apparently empty hash, yet retrieving the headers via
Apache::Table yields the correct results
Cookie=foo=bar
cook name val
foo bar
So what am I doing wrong with Apache::Cookie that keeps me from
returning the cookie value.
Michael
Re: Security of PerlHandler directives
Posted by Matt Sergeant <ma...@sergeant.org>.
On Tue, 19 Sep 2000, Richard Goerwitz wrote:
> I can certainly understand why someone would want to keep Registry
> or Embperl-enabled scripts in directories reserved for trusted sys-
> tems people.
>
> But it shouldn't be a tremendously big deal to allow people to use
> pre-written modules using directives like 'PerlHandler', right?
>
> Trouble is that people can install malicious handlers:
>
> PerlAuthenHandler "sub { system('Do something bad'); return OK; }"
>
> Is there a way to block this sort of thing without totally eliminat-
> ing the ability to do useful things like:
>
> PerlAuthenHandler Apache::Some::Local::Auth::Module
This is one of the things that mod_perl 2 has planned.
--
<Matt/>
Fastnet Software Ltd. High Performance Web Specialists
Providing mod_perl, XML, Sybase and Oracle solutions
Email for training and consultancy availability.
http://sergeant.org | AxKit: http://axkit.org
Security of PerlHandler directives
Posted by Richard Goerwitz <ri...@goon.stg.brown.edu>.
I can certainly understand why someone would want to keep Registry
or Embperl-enabled scripts in directories reserved for trusted sys-
tems people.
But it shouldn't be a tremendously big deal to allow people to use
pre-written modules using directives like 'PerlHandler', right?
Trouble is that people can install malicious handlers:
PerlAuthenHandler "sub { system('Do something bad'); return OK; }"
Is there a way to block this sort of thing without totally eliminat-
ing the ability to do useful things like:
PerlAuthenHandler Apache::Some::Local::Auth::Module
(I don't want to have to create <Directory> blocks for everyone who
wants to use a local auth module.)
Or is there at least a way to log what's going on in such a way
that if something bad does happen, it's easy enough to figure out
who the culprit was?
--
Richard Goerwitz
PGP key fingerprint: C1 3E F4 23 7C 33 51 8D 3B 88 53 57 56 0D 38 A0
For more info (mail, phone, fax no.): finger richard@goon.stg.brown.edu
Re: I'm missing something in Apache::Cookie
Posted by darren chamberlain <da...@boston.com>.
Michael (michael@bizsystems.com) said something to this effect:
> Hmmmm.....
>
> When I retrieve a cookie
>
> %cookies = Apache::Cookie->fetch;
>
> I get a hash that contains the name of the cookie as the key and a
> scalar reference as the value.
> Apache::Cookie=SCALAR(0xblah...)
> Can't seem to unravel it to get at the
> value. Using
>
> %xx = Apache::Cookie->parse($val);
> gives an apparently empty hash, yet retrieving the headers via
> Apache::Table yields the correct results
>
> Cookie=foo=bar
>
> cook name val
> foo bar
>
>
> So what am I doing wrong with Apache::Cookie that keeps me from
> returning the cookie value.
This should do it:
my $ac = Apache::Cookie->new($r);
my $cookies = $ac->fetch;
my %cookies = ();
for (keys %{$cookies}) {
$cookies{$_} = $cookies->{$_}->value;
}
However, I always find it easier to fetch cookies like this:
my $cookies = { map { $1 => $2 if (/([^=]+)=(.*)/) }
grep !/^$/, split /;\s*/, $r->header_in('cookie') };
$r->pnotes('cookies', $cookies);
No messing with objects or any of that stuff. Putting it into pnotes makes
the hashref accessible to other phases or subroutines easily (you only have
to pass $r). (That's why I use a hashref and not a hash, so I can just put
it directly into pnotes.)
(darren)
--
If you wish to drown, do not torture yourself with shallow water.
Re: I'm missing something in Apache::Cookie
Posted by Chris Winters <cw...@intes.net>.
* Michael (michael@bizsystems.com) [000915 17:29]:
> Hmmmm.....
>
> When I retrieve a cookie
>
> %cookies = Apache::Cookie->fetch;
>
> I get a hash that contains the name of the cookie as the key and a
> scalar reference as the value.
> Apache::Cookie=SCALAR(0xblah...)
> Can't seem to unravel it to get at the
> value. Using
>
> %xx = Apache::Cookie->parse($val);
> gives an apparently empty hash, yet retrieving the headers via
> Apache::Table yields the correct results
>
> Cookie=foo=bar
>
> cook name val
> foo bar
>
>
> So what am I doing wrong with Apache::Cookie that keeps me from
> returning the cookie value.
>
> Michael
The following seems to work for me in nabbing all the cookies sent and
putting them into a hashref $cookies
my $cookies = {};
my $cookie_info = Apache::Cookie->fetch;
foreach my $name ( keys %{ $cookie_info } ) {
$cookies->{ $name } = $cookie_info->{ $name }->value;
}
HTH
Chris
--
Chris Winters
Senior Internet Developer intes.net
cwinters@intes.net http://www.intes.net/
Integrated hardware/software solutions to make the Internet work for you.