Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re: Re: Modules that get along with use lib

by amelinda (Friar)
on Oct 24, 2001 at 21:57 UTC ( [id://121213]=note: print w/replies, xml ) Need Help??


in reply to Re: Modules that get along with use lib
in thread Modules that get along with use lib

That won't, sadly, answer this monk's enquiry, since said monk specifically mentioned that he is limited to FTP access. I ran into this myself just the other day (:twitch: CGI.pm is at version 2.36 there).

On the other hand, the idea of writing a CGI script to do it, could work... insane, twisted, wrong, but it could work.

Replies are listed 'Best First'.
Re: Re: Re: Modules that get along with use lib
by chipmunk (Parson) on Oct 24, 2001 at 22:19 UTC
    I noticed that the monk said only FTP access was allowed. That is specifically why I said it could be done through a CGI script. Here's an example of what I meant.
    #!/usr/local/bin/perl use CGI; my $cgi = new CGI; print $cgi->header('text/plain'); my $source_dir = "/home/me/source"; my $lib_dir = "/home/me/lib"; my $module = $cgi->param('module'); chdir($source_dir) or die "Can't chdir to $source_dir: $!\n"; system("/bin/gunzip $module.tar.gz") and die "Can't gunzip $module.tar +.gz\n"; system("/bin/tar xf $module.tar") and die "Can't untar $module.tar\n"; chdir("$source_dir/$module") or die "Can't chdir to $source_dir/$modul +e: $!\n"; system("/usr/local/bin/perl Makefile.PL PREFIX=$lib_dir") and die "Error running Makefile.PL\n"; system("/usr/bin/make") and die "Error executing make\n"; system("/usr/bin/make test") and die "Error executing make test\n"; system("/usr/bin/make install") and die "Error executing make install. +\n";
    So, all one has to do is upload this script, upload the .tar.gz file to the source directory, and hit the script from the browser with the name of the module in the module parameter. All possible simply with FTP and CGI.

    Obviously, the script needs better error checking and reporting, and it should capture STDERR from the system calls and send it to the browser along with STDOUT. (Calling a single shell script to handle all the unpacking and building might be an improvement.) I've just written this as a quick hack to get the general idea across.

    Update: Please see DrManhattan's important addendum below; using this script as is would be a huge security risk! An improved script would use taint-checking and restrict the module name to a limited set of characters.

      I wouldn't recommend using that script verbatim. Feeding user input to system() is a bad thing, and feeding it in scalar context is extra bad. Using system() with a scalar rather than an array argument sends the command to the system shell (usually /bin/sh) for processing, so metacharacters like ';' and '`' get interpreted. Anyone who finds the script can run arbitrary commands as you simply by putting them in the 'module' parameter. E.g. if someone loads http://someisp.com/~you/compile.cgi?module=;rm%20-rf%20*;, that script would happily run
      system("/bin/gunzip ;rm -rf *;.tar.gz")

      -Matt

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://121213]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others sharing their wisdom with the Monastery: (11)
As of 2024-03-28 09:37 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found