Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re^3: Why is my PM package failing?

by Marshall (Canon)
on Feb 17, 2022 at 03:20 UTC ( [id://11141438]=note: print w/replies, xml ) Need Help??


in reply to Re^2: Why is my PM package failing?
in thread Why is my PM package failing?

Please give a runnable code example of your problem, if you can. Well I guess, upload.pl works if you run it stand-alone, but fails as a CGI script?

Replies are listed 'Best First'.
Re^4: Why is my PM package failing?
by SergioQ (Beadle) on Feb 17, 2022 at 03:37 UTC
    SOLVED!

    After more searching, and printing our @INC, I added the line:

    use lib '/var/www/cgi-bin';

    just before calling my module.

    I guess I'll have to do some searching about modifying @INC permanently.

    p.s. Although I don't use Perl regularly enough, last I used it, on the same server...I don't recall having any issues like this before. Guessing in some upgrade something got changed? I thought I saw something about @INC being rebuilt, or restored, every time a new script was run? Something of that nature.

      I think it was perl 5.16 where they removed current-dir from @INC. It was less about CGI scripts and more about commandline scripts installed in PATH, where someone could run that command from any directory and get a module pulled in from the current directory by accident (or malice).

      As others have mentioned, you set yourself up for security problems when you put modules alongside your cgi scripts. By default, apache will serve up the contents of your .pm files and let the world look at your code. Even if you add apache configs to block serving your modules, Apache also makes it easy to accidentally reconfigure things in a subdirectory so that suddenly they are visible again. You need to either be really careful with your apache config (now, and in the future), or move your perl modules (and config files and any resource data files) to a different directory that is not being served by apache.

      Also beware of serving your .git/ directory by accident, if you are doing all your work in the cgi-bin dir.

      Also, since you're not following Perl, I'll mention that the latest releases of Perl don't include the CGI module by default anymore, because it has other foot-guns that cause security problems, like calling ->params(...) in list context. If you upgrade your server in the future you might need to install it (either via OS package manager, or via cpanm) The current recommended practices are to use web frameworks like Mojo or Catalyst, but that would be overkill if you just have a few simple scripts you want to keep working. There are also minimalist launched-from-apache replacements like CGI::Tiny or Plack::Handler::CGI + Web::Simple

        > the latest releases of Perl don't include the CGI module by default anymore, because it has other foot-guns that cause security problems.

        could you give an example, please?

        Cheers Rolf
        (addicted to the Perl Programming Language :)
        Wikisyntax for the Monastery

        I thank you for your advice, really. Right now, am in the alpha stage. If I ever get to beta, I will have to look into the proper setup, or pay someone to do this. as I said, right now it's all alpha, development, so everything is password protected. Well, at least th e webpages that go to cgi-bin are.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11141438]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having an uproarious good time at the Monastery: (6)
As of 2024-03-28 14:52 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found