Programming Web Graphics with Perl and GNU Software 
Author Message
 Programming Web Graphics with Perl and GNU Software

Thanks David Staff for replying to my message. I didn't mean to offend
anyone by saying that I don't have time to sort through 30,000 news posts. I
have great respect and admiration for the people that read these posts
everyday and help endless amounts of newbies with their problems. Perhaps
one day I too will be come a perl guru, and spend my time helping others.
However, until that day, I will probably post many messages asking for help.
So please, accept my personal apology. I was at the time really frustrated
with this program and I shouldn't have taken it out in my post.

I am still having problems with this program though...

Let me give you some more background. I've tried this script (counter.pl) on
both a RH5.2 Linux box with perl v5.004_05 and a Sun System V 4.0 with perl
5.005_03. It's a web counter program that's called with the <IMG
SRC="cgi-bin/counter.pl?countfile=countfile.txt&style=default"> tag from an
html document. The two variables passed to it is the countfile, (which is a
plain text file with the first line holds the current count, and the second
lists the allowed hosts that have access to this script), and the style
variable. It tells the script which folder to look in for the images,
"default" is the default style for the counter, so I put the images in a
folder called default. There are 10 images 0.gif through 9.gif in this
folder. The source can be found on the author's page here:

http://www.*-*-*.com/

(The first example is the BrokenImage.pm Module, this is needed for
counter.pl which follows immediately after. Ignore the examples after
counter.pl, they have no relevance.)

First off, if I leave the second line out of the countfile.txt (allowed
hosts), perl gives me this error:
(If I run it at a command line: $ ./counter.pl countfile=countfile.txt
style=default > output.txt)

"Use of uninitiated value at ./counter.pl line 69, <COUNT> chunk 1."
"Use of uninitiated value at ./counter.pl line 73, <COUNT> chunk 1."
"Use of uninitiated value at ./counter.pl line 88, <COUNT> chunk 1."
"Segmentation Fault"

If I try calling it from a html document all I get is a broken Image.

However if I do put my server as a host on the second line in the
countfile.txt I get the black_box() "You do not have privileges to access
this counter" which is called from the BrokenImage.pm Module. This shouldn't
happen because my computer is an allowed host. However, I still get the
segmentation fault if I run it from the command prompt.

If someone else could please look at this code and maybe email me with what
I am doing wrong. I would be very grateful.

Thanks again,

-Jeremy-

Visit my home page at http://www.*-*-*.com/ ~jeremy/



Sat, 10 Nov 2001 03:00:00 GMT  
 Programming Web Graphics with Perl and GNU Software

Quote:
Jeremy Fowler writes:

 > http://www.as220.org/shawn/pwgexamples/10ex.htm

Looks like it's actually

      http://www.as220.org/shawn/pwgexamples/10ex.html

 > First off, if I leave the second line out of the countfile.txt

Don't do that.  Follow the interface specified.

To figure out better what's going on here, you can try inserting the
following before line 51 of the unmodified example script (right after
the comment "requisite referrer, send back an error"):

open TEST, '>test.txt' or die "can't open a new file";
print TEST "referrer: $referrer\n";
print TEST "script wants: http://$users\n";
close TEST

If this works, then the next time you run it, you should have created
a file called test.txt that will contain both the referrer, and the
URL that the script is comparing the referrer against.  This should
give you some clues.

 > "Segmentation Fault"

It's possible this is coming from GD.  Hopefully fixing the first
problem will solve the second.

Good luck,

     David Saff
     TVisions



Sun, 11 Nov 2001 03:00:00 GMT  
 Programming Web Graphics with Perl and GNU Software


Quote:
> The source can be found on the author's page here:

> http://www.as220.org/shawn/pwgexamples/10ex.htm

Actually it's 10ex.html, but no matter.

Now you can all weep with me. This code claims to be "secure", yet it
accepts
an ARBITRARY filename for the counter file from the calling HTML. Oh
goodie.
How many people are running this code "as is"? Especially as it's trivial
to
fudge a Referer field anyway. Fun, fun, fun. Sigh. Whimper.

Quote:
> First off, if I leave the second line out of the countfile.txt (allowed
> hosts), perl gives me this error:
> (If I run it at a command line: $ ./counter.pl countfile=countfile.txt
> style=default > output.txt)

> "Use of uninitiated value at ./counter.pl line 69, <COUNT> chunk 1."
> "Use of uninitiated value at ./counter.pl line 73, <COUNT> chunk 1."
> "Use of uninitiated value at ./counter.pl line 88, <COUNT> chunk 1."
> "Segmentation Fault"

Doubly strange, because (a) in the tarball I've just downloaded, it's
counter.cgi, and (b) on the lines you mention I've not got any assignments
that could cause these errors. Perhaps you've an older version?

Quote:
> If I try calling it from a html document all I get is a broken Image.

OK. Let's start with the following.

1. Replace the "-w" flag on the first line with "-T"  :-)

2. Change the assignment of $countfile (line 17) to be a hard-coded value.
UNDER NO CIRCUMSTANCES should this assignment be from a field obtained
from
the user's form. Here's an example,

        my $countfile = '/tmp/countfile_for_JFowler';

3. Change the test for a referer (lines 51 et seq) to be this,

        unless ($referer eq '' or $referer =~ /http:\/\/($users)(.*)/) {
            exit $error->black_box('You do not have privileges' .
                        ' to access this counter.');
        }

Notice the new test for the referer being empty.

Quote:
> However, I still get the segmentation fault if I run it from the command
> prompt.

I can't help with the segfault. Perhaps your GD libraries have been
compiled
for a different system...?

Regards,
Chris
--
FLARE Solutions Ltd, LEEDS, UK



Sun, 11 Nov 2001 03:00:00 GMT  
 Programming Web Graphics with Perl and GNU Software
Quote:
Chris Davies writes:

 > 3. Change the test for a referer (lines 51 et seq) to be this,
 >
 >         unless ($referer eq '' or $referer =~ /http:\/\/($users)(.*)/) {
 >             exit $error->black_box('You do not have privileges' .
 >                         ' to access this counter.');
 >         }

Forgive me, but what are we accomplishing here?  Admittedly, a referer
can be easily fudged, but why make it easy on the fudger by accepting
a null referer?  I'm just not clear on the goal here.  Thanks,

  David Saff



Mon, 12 Nov 2001 03:00:00 GMT  
 Programming Web Graphics with Perl and GNU Software

Quote:

> Chris Davies writes:
>  > 3. Change the test for a referer (lines 51 et seq) to be this,

>  >         unless ($referer eq '' or $referer =~
> > /http:\/\/($users)(.*)/) {
>  >             exit $error->black_box('You do not have privileges' .
>  >                         ' to access this counter.');
>  >         }

> Forgive me, but what are we accomplishing here?  Admittedly, a referer
> can be easily fudged, but why make it easy on the fudger by accepting
> a null referer?  I'm just not clear on the goal here.  Thanks,

Agreed. However, if you look at the original code, you'll see a line that
sets the referrer to '' if it's not defined. I'm following through with
what I understand is the original programmer's ideas.

Note that it's not necessarily how I'd have approached the problem were I
to have coded it from scratch.

I like your suggestion of determining what the browser sends as its
referer. However, what about browsers that don't send referer information?
Given it's easy to fudge, we're not really going to save anything on
security (just convenience if someone tries to use the script from other
pages), so I don't see why we shouldn't simply accept an empty referer
value.

To the original poster: has either of the suggestions helped you, or are
we off on the wrong track(s)?

Regards,
Chris
--
FLARE Solutions Limited, Leeds, UK



Tue, 13 Nov 2001 03:00:00 GMT  
 
 [ 5 post ] 

 Relevant Pages 

1. Programming Web Graphics with Perl and GNU Software

2. Tom Christiansen attacks the free software community (was: Re: GNU attacks on the open software community)

3. Custom software programming, web-design

4. GNU attacks on the open software community

5. GNU attacks on the open software community.

6. Possible? graphic Tool for Software Engineering

7. Generating Web graphics files using PERL?

8. GNU cksum program ported to Perl

9. Printing graphics in actual size on a web page

10. Creating graphics on the fly for web pages

11. Need nifty code for displaying Web Graphics

12. redirecting web-pages without graphics

 

 
Powered by phpBB® Forum Software