topic

Pearl PERL: power C ++ and simplicity Basic

Introduction

Language Pearl has been created in 1986 as the tool for administration and konfigurirovanija system resources in a network consisting of Unix-computers. Gradually Pearl (the abbreviation is deciphered as " language for practical extraction of texts and generation of reports " - Practical Extraction and Reporting Language, or - it is gentle and tender - as " language for patologicheski eclectic listings of nonsense " - Pathologically Eclectic Rubbish Listing) ehvoljucioniroval in interplatform language and appeared in the center of attention of prospering cybernetic community. (you can ask, why "Perl", instead of "Pearl", that is "pearl"? It has turned out because graphic language with name Pearl by the moment of creation Pearl already existed. To tell the truth, the full abbreviation of word-combination Practical Extraction and Reporting Language sounds as Pearl.)

The tremendous number of people has devoted impressing quantity{amount} a free time to job about Pearl, to his perfection and universal distribution. For example, when you look in the world the Internet, Pearl is literally everywhere.

Pearl is interpretive language (though Pearls - compilers too exist) which is intended for scanning text files, extraction from them the information and a conclusion on the basis of the given text reports received thus. Thus he is wonderfully joined to databases and the servers, working on technology Windows OLE Automation, with other processes, etc.

The some people are surprised popularity of Pearl, the language focused on text input and output, started of the command line, in the world of graphic interfaces such as Windows.

Popularity of Pearl continues to grow for some reasons:

? Many operational systems, having the advanced graphic shells, remain ZAJQ1Xguided{ZAJQ1Xfocused}.

? Pearl is interplatform language, is maximum identical supported in different operational systems, differing only in several inevitable details (such, as number bajtov, used for performance of the long whole).

? Actually Pearl possesses the certain graphic opportunities at the expense of interaction with popular module Tk.pm. This module allows to use standard graphic interface elements (widgets - vidzhety) with the help of auxiliary means - libraries Tk of language Tcl. By means of Pearl it is possible to display windows with buttons, the menu and other objects.

? However, from the point of view of the obvious majority of the programmers, the current popularity of Pearl podpityvaetsja an opportunity of programming in the environment of gateway Common Gateway Interface (CGI-programming) used for operations on interaction a client / server in Web environment. When the question is creation of web-pages, text orientirovannost` language ceases to be lack as they too are only text objects. CGI-programming on Pearl represents very powerful tool.

Version 5 became brilliant realization of opportunities of language Pearl, allowing to apply set of additional newest technologies of programming is and blocks BEGIN and END for packages, and compatibility with operational systems of class POSIX, and the object-oriented programming, any way enclosed structures of the data, lexical areas of the visibility, the expanded opportunities on use of modules, and also many other things. All examples resulted further, use the interpreter of language Pearl versions 5.005.

Internet - resources and the help information on Pearl

To the interpreter of Pearl the extensive and useful documentation is applied. In systems such as Windows this documentation is represented as hypertext HTML-pages. For the multiuser systems you, as a rule, get access to this documentation with the help of system commands (similarly to man command of operational system Unix).

For programmers on Pearl there is also a number{line} of network conferences (newsgroups Usenet):

? comp.lang.perl.announce - group with a low stream of messages;

? comp.lang.perl.misc - group with an intensive stream of messages (here, in particular, it is dispatched the FAQ-file across Pearl);

? comp.lang.perl.modules - all concerning creation of modules and repeatedly used code;

? comp.lang.perl.tk - about communication{connection} between Pearl and okonno-graphic library Tk of the interpreter of language Tcl. Library Tk supports a plenty of visual interface elements (the button, the menu, etc.). You can use them in language Pearl, and such use becomes rather popular;

? comp.infosystems.www.authoring.cgi - this group does not contain a pattern perl in the name, however this good place for discussion with other developers of features of CGI-programming on Pearl.

In the Network there are also the numerous web-pages devoted to Pearl (casual search on the World wide web returns more than 1527903 pages on which Pearl is mentioned):

? A home page of Pearl - www.perl.com. Here you can find an initial code of the interpreter of Pearl and ready programs under various operational systems, the documentation, modules, error messages, and also FAQ - the list of answers to often asked questions (he is on www.perl.com/perl/faq).

? To download Pearl, his modules, expansions and tons of other things concerning it , have a look in archive CPAN (Comprehensive Perl Archive Network) on www.cpan.org or www.perl.com/CPAN-local/CPEN.html. It - a huge source uniting together a little bit{some} sites almost everything, that concerns Pearl. If you will take a walk on archive CPAN, that, certainly, will find there the code necessary to you. All - from expansions of language Pearl before processing images, from modules for job in the Internet up to interfaces to databases.

? The institute of Pearl on www.perl.com is a noncommercial organization, whose purpose is, by its{her} own words, " support of Pearl accessible, efficient and free-of-charge for all ". The institute, having collected under the wing color of commonwealth of fans{amateurs} of Pearl, provides serious support of information interchange between programmers on Pearl.

? The page devoted to the language Pearl, is on www.perl.com/perl (here you will be resulted with the link language.perl.com). Here there are reviews, news, lists of resources, the software. Here the catalogue of mailing lists (mailing lists), devoted to language Pearl is located.

? Many sites specializing on such questions as maintenance of privacy, CGI-programming, etc., is contained with the sections concerning to Pearl, - if not be afraid to sink in a stream of the similar information, simply lead{carry out} web-search.

? Also four times one year the printed (paper) variant of magazine on language Pearl is issued. To learn{find out} about him more is possible on a page orwant.www.media.mit.edu/the_perl_journal.

How to copy and establish Pearl

Pearl is freely distributed software product. Everything, that you should make, is to load it from the Internet and to establish on the computer. If you work in the multiuser system, in her Pearl can be already established. To check up it, try to execute perl-v command which will give out the version of your Pearl - interpreter on the screen.

You also will need the tool for creation of Pearls - scripts (these are simply text files, it is usual with expansion *.pl, containing commands and descriptions of language Pearl). To create the script for Pearl, the text editor which saves edited files in a format of a plain text is necessary for you. You will not need deep knowledge of operational system Unix for which this language was initially created. Pearl far was beyond operational system Unix, and time that managements{manuals} on language Pearl have admitted this fact has come.

If Pearl is not established on your computer, you can find it on www.perl.com or www.cpan.org (CPAN - Coprehensice Perl Archive Network - the most full electronic archive of the materials concerning language Pearl). On these sites you can find and load all that is necessary for you.

Has no special sense to describe processes of installation, which need to be executed for different operational systems to establish Pearl. First, these procedures are carefully detailed and described on the specified sites (for example, a management{manual} on installation of Pearl for Unix on www.perl.com/CPAN-local/doc/relinfo/INSTALL.html). Second, they are subject to spontaneous changes.

The latest version of Pearl can be received if to choose the link " Get the latest version of Perl " on a site www.perl.com. This link will lead you to to a page on which versions of Pearl for the most popular operational systems (for example, ActiveState Perl for Win32) are listed. Be convinced, that you have received version 5.005 or later as earlier versions of Pearl for Win32 are not quite compatible with Pearl for Unix and his modules.

How to write the script for Pearl

The program in language Pearl will consist of commands and descriptions. Descriptions specify to Pearl as you are going to to use the certain program designs before it will take place actually. Descriptions are necessary only for formats and subroutines though it is possible to describe also and other elements such as variables.

Commands meet in two forms: simple and compound. The simple command is an expression which carries out some concrete action. In the program simple commands come to an end a semicolon (;), as it occurs in the following example where function print is used for a conclusion to the screen of line Hello!, finished by a symbol of translation of a line n:

print " Hello! n ";

Compound commands will consist of expressions and blocks. Blocks in language Pearl are limited to braces {and} and can contain some simple commands. They also have the areas of visibility (the area of visibility of elements such as variables is a segment of the program in which it is possible to use this variable). After a closing brace it is not necessary to finish (an example of a simple cycle):

for ($loop_index = 1; $loop_index <= 5; $loop_index ++)

{

print " Hello! ";

}

For a conclusion of the text it is possible to use function print but how to enter the text? You can read from standard entrance stream STDIN, using angular brackets <>. In the following example we use a cycle while to read out a line behind a line the text entered by the user, to remember it in a variable $temp and then to print on the screen of the display:

while ($temp = <STDIN>) {

print $temp;

}

If you start this script and will enter from the keyboard a word "Hello", the script will repeat this word on the screen:

Hello!

At creation of complex scripts it is necessary to add comments, original reminders to itself what exactly is done{made} by the given code. It does{makes} structure of the script of more transparent and facilitates job with it . Thus comments are ignored by Pearl. Comments of Pearl begin with a symbol *. Pearl ignores the text going after a symbol * up to the end of a line.

The true test, naturally, will be in, whether can read Pearl and prointerpretirovat` your script.

Performance of scripts of Pearl

Let's assume, that there is a file hello.pl with the following script on Pearl:

*!/usr/local/bin/perl5-w (without blanks) * Use Perl5 with warnings

print "hellon";

Cuhhestvuet two basic ways of performance of Pearls - scripts. First, you can execute it , having started the interpreter of Pearl in an obvious kind from the command line:

%perl hello.pl

This way basically is used at debugging scripts for what in the description of the interpreter it is possible to find tens rather useful specialized options.

It is possible to adjust also system so that the script itself has started the interpreter of Pearl. In this case the script is carried out by the command of type

%hello.pl

As your script itself can find Pearl

If your script can start the interpreter of Pearl independently, it is easy for you to execute it . For Unix'b it means, that as the first line there is a text of type *!/usr/local/perl5-w (without blanks). Besides the script should be made a carried out file. It is carried out with the help of the command

chmod +x hello.pl

Also it is necessary to be convinced, that the script is located in one of ways of search. After that start the script on performance, having entered in the command line the command of type

%hello.pl

In operational systems Windows or Macintosh to start the script, it is necessary to click twice on his name. Be convinced, that in case Windows the file has expansion .pl as package ActiveState Perl uses this expansion for associirovanija files of scripts with the interpreter of Pearl.

If you work in operational system MS DOS, that, having transformed with the help of the utility pl2bat.bat package ActiveState Perl the Pearl - script to the form command, simply start this file from the command line:

C:>hello.bat

CGI-programming

CGI-programming (Common Gateway Interface) - application of language very popular among programmers Pearl (and, in opinion of the some people, the unique reason of existence of this language). CGI-programming is based on CGI-scripts which, from the point of view of language, are usual programs on Pearl, but with expansion .cgi. You will install scripts at your provider, and it allows to recover your web-pages the buttons scrolled by lists, pop up menus and many other elements of management. With help CGI the user can cooperate with your web-pages, getting access to databases, starting programs, playing games and even making out through them orders. For hundreds thousand programmers Pearl - the return party of interactive web-pages.

It is supposed, that you have the provider giving access in the Internet, the section on the server, and also an opportunity to place on him own pages. (you can Usually do{make} it or with the help of the program using report FTP, or with the help of special page on the server of your provider, giving to you an opportunity zakachivat` files.) Also the sanction of the provider to start of CGI-scripts (the matter is that sometimes with the purpose of protection of the information such opportunity is forbidden) will be necessary for you. Assuming, that not only you can start CGI-scripts, do not overlook to establish also corresponding access rights for these files - remember protection of the files and systems as a whole. For reception of more full information on process of accommodation of your pages it is meaningful to address to your provider.

Recently other convenient gateway - PHP which use allows to include the whole blocks and programs in language Pearl directly in the text of HTML-pages of the user is distributed also, that solves set of problems of protection and division of access for ISP, but detailed consideration of this novelty is beyond given clause{article}.

Use CGI.pm

So, how you create the CGI-script? Theoretically it is very simple: your CGI-program, as well as any other program on Pearl, carries out usual commands of Pearl, when she vyzvaetsja a browser (that is when in quality URL your CGI-script is set to a browser). Everything, that you direct to a standard conclusion, is passed a browser. So, if your CGI-script carries out the command, for example print " Hello! ", this text will be returned to a browser and on page the inscription " Hello will appear! ". But it is an archaic way. What to do{make}, if you need to read what the user has entered by means of the elements of management located on your page? Or if you want to create these elements of management from your script? These and not only these problems are solved with use of package CGI.pm applied to Pearl.

So, the interpreter of Pearl contains, among other modules, standard module CGI.pm. Therefore, if in your system Pearl you should have file CGI.pm is established. Since the fifth version of Pearl, CGI.pm became object-oriented though the interface simplified functionally - guided still exists. Creating with help CGI.pm objects CGI, it is possible then to cause various methods of this object. There are the methods corresponding practically to all basic tegam HTML, and by their call is created necessary teg HTML with the specified attributes. All of them can receive the called parameters (except for the methods demanding only one argument). It means, that you specify not only value of attribute HTML, but also his name. An example in which object CGI for creation of web-page with the help of methods of this object for creation tegov HTML is used:

*!/usr/local/bin/perl (without blanks)

use CGI;

$co = new CGI;

print $co-> header,

$co-> start_html (-title =>'CGI Example '),

$co-> center ($co-> hl (' Welcome to CGI! ')),

$co-> textarea (

-name => ' textarea ',

-default => ' No opinion ',

-rows => 10,

-columns => 60

$co-> end_html;

If opportunities of the object-oriented interface are not necessary for you, package CGI.pm also supports idle time functionally - guided the interface. An example which uses functionally - guided the interface - he deduces a text field with the offer to the user to enter it . When the user follows this offer and presses button Submit, the data of this field are sent back to the same CGI-script which uses a method param to deduce{remove} the name entered by the user in the bottom part of web-page:

*!/usr/local/bin/perl (without blanks)

use CGI qw/:standart/;

print header,

start_html (' CGI Functions Example '),

h1 (' CGI Functions Example '),

start_form,

" Please enter your name: ", textfield (' text '), p,

submit, reset,

end_form,

hr;

if (param ()) {

print " Your name is: ", em (param (' text ')), hr;

}

print end_html;

There is one more package which has got the big popularity among programmers, - cgi-lib.pl (cgi-lib.stanford.edu/cgi-lib). Very much many CGI-scripts on Pearl are written with his use. You do not have need to know technics{technical equipment} of installation - you simply take a copy cgi-lib.pl, save her in the same catalogue, as the CGI-script, and with the help of require command connect her to the scripts:

require ' cgi-lib.pl ';

Almost everything, that is necessary for you, is already written

With the help of CGI-scripts in language Pearl it is possible to write the most different interactive web-interfaces: counters of visiting, guest books, systems of sending of email (for example, automatic acknowledgement{confirmation} of the accepted order), rooms for conversations (chat rooms), shadow parcels{sendings} (cookies), interactive games, systems of service of orders (filling of forms) in electronic shops, systems of questioning and voting, etc.

The huge quantity{amount} of CGI-scripts in language Pearl (practically for all occasions) is already accessible in the Internet and ready to use. Having met with the user's guide, examples of programs and minimally having practised in a spelling of scripts in language Pearl, you can process these ready scripts under the needs. The list from several useful sources from them URL (certainly, check each such script on security, and also on presence of any other problems):

? Archive Jasona (Jason's Perl Archive) - www.aquapal.co.uk/perl/perl.html;

? Archive of scripts Mehtta (Matt's Script Archive) - www.worldwidemart.com/scripts;

? Archive of firm Yahooo! (Yahoo Perl Scripts) - dir.yahoo.com/Computers_And_Internet/ProgrammingLanguages

/Perl/Scripts;

? Page of links and scripts on Pearl, belonging to Dale Bjuli (Dale Bewley's Perl Scripts and Links) - www.bewley.net/perl;

? A page on www.perl.com, devoted CGI - reference.perl.com/query.cgi?cgi;

? Archive of scripts www.script.ru.

When you will start to write programs which do{make} more, than unpretentious scripts of two previous examples, the problem of protection becomes actual.

Protection CGI

The safety always was a serious problem. Today it is even more actual, as in process of growth of operational systems all becomes more complex and more complex{difficult and more complex;complex and more d} to stop up all dyrki in protection.

For this purpose on UNIX-systems CGI-scripts are started including under the identifier of the user corresponding "nobody" (anybody). It means, that the started process has a few{a little;little bit} privileges. It was done{made} recognizing that, having smaller privileges, process will bring less harm. However and to this day there can be problems - in particular, because of carelessness in CGI-scripts. It is possible to show how to bypass some most probable troubles.

Some web-pages, devoted to protection CGI in language Pearl which are rather useful for esteeming before you will start to create for wide use something more seriously the elementary CGI-scripts:

? The page of consortium WWW devoted to protection CGI (The World Wide Web Consortium's CGI security page) - www.w3.org/Security/Faq/www-security-faq.html;

? A part of the collection of questions and answers (FAQ) on CGI-programming on Pearl, devoted to problems of protection, - www.perl.com/CPAN-local/doc/FAQs/cgi/perl-cgi-faq.html;

? Page Seleny Sol (Selena Sol), devoted to risk at installation of the scripts written not by you, - Stars.com/Authoring/Scripting/Sequrity;

? Questions and answers (FAQ) Fields Filipsa (Paul Philips) - www.go2net.com/people/paulp/cgi-sequrity/safe-cgi.txt (mean, that though this page and has a good set of links, she was not updated since 1995).

CGI-scripts can have set of potential holes in protection. As a limiting case we shall consider the script, which itself starts programs which names you pass as argument: http://www.yourserver.com/user/perl.exe?script.pl.

If the hacker will see, that you use the unprotected technics{technical equipment} like this, it will be very simple to him to send own line of arguments. It allows a hacker to carry out all commands of Pearl what will like on your server, that hardly you will please. This example specifies one of the biggest holes in the CGI-scripts written on Pearl, - calls of external programs without check of the code transmitted by last.

In Pearl you can cause external programs in many ways. For example, with the help of the line made in return apostrophes (backtics), it is possible to open the conveyor, or the channel of transfer of the data (pipe), to other program and to use calls system or exec. Even operators eval demand the cautious reference{manipulation} with themselves. It is very important, that you have adjusted the CGI so that it was impossible to make easily anything dangerous. Hackers have known inside out use of this class dyrok in protection and on application of your CGI-scripts that the last carried out the code necessary to a hacker.

Actually, in Pearl there is the full protective mechanism intended for management by this type dyrok. When you resolve tracking the data, Pearl does not allow you to pass the data which have come from the party , to functions system, exec and to them{him;it} similar. It is the so-called mechanism of the marked data (tainted data).

Idle time a rule, allowing to stop up holes in protection, - never to pass unchecked given to the external program and always to try to find ways which will allow you to do without start of the command shell. When, in very rare cases, to you to not avoid job with the command interpreter, it is necessary to check always the arguments transmitted by you, for presence in them of metasymbols of the command shell and, at least, their removals{distances}. Metasymbols of command UNIX shell shell:

; " " *? ` <> ^ () {} $nr

One more important remark: do not allow anothers to rewrite your scripts or files of the data, is unimportant - casually or intentionally. In other words, be especially close{attentive} how you establish access rights to files so that they could not be replaced new.

And, certainly, usual restrictions on privacy: do not send passwords on email, do not type{collect} them at use of widely accessible utilities like ytalk operational system Unix. Do not leave your admission to system (account) for long time unused - hackers watch{keep up} such channels of access to receive the control over them. Do not allow your CGI-scripts to receive too much the system information. And so on, and so forth - the majority of hackers will squeeze there where you and did not think.