Discussion:
[htmltmpl] FW: Error using html::template
Sanjeewa Fernando
2009-06-04 01:01:24 UTC
Permalink
Hi,

I have tried to use html::template for the first time and tried to run the script shown in the synopsis of cpan documentation.

#!/usr/bin/perl -w
use HTML::Template;

# open the html template
my $template = HTML::Template->new(filename => 'test.tmpl');

# fill in some parameters
$template->param(HOME => $ENV{HOME});
$template->param(PATH => $ENV{PATH});

# send the obligatory Content-Type and print the template output
print "Content-Type: text/html\n\n", $template->output;


The following error is logged in to error log,
failed to open log file
fopen: Permission denied
[Wed Jun 3 12:38:13 2009] [error] [client 218.215.16.114]
Premature end of script headers: /cgi-bin/bpo/test.cgi

When I checked with the hosting server admin their reply is they have
restricted the use of FOPEN function and to use WGET or CURL.
Not sure how to resolve this error could someone please help?

Regards,
Sanjeewa.



_________________________________________________________________
Looking for a new car this winter? Let us help with car news, reviews and more
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide%2Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2Fai%5F859641&_t=762955845&_r=tig_OCT07&_m=EXT
Mathew Robertson
2009-06-09 01:11:48 UTC
Permalink
Post by Sanjeewa Fernando
I have tried to use html::template for the first time and tried to run
the script shown in the synopsis of cpan documentation.
#!/usr/bin/perl -w
use HTML::Template;
# open the html template
my $template = HTML::Template->new(filename => 'test.tmpl');
# fill in some parameters
$template->param(HOME => $ENV{HOME});
$template->param(PATH => $ENV{PATH});
# send the obligatory Content-Type and print the template output
print "Content-Type: text/html\n\n", $template->output;
The following error is logged in to error log,
failed to open log file
fopen: Permission denied
[Wed Jun 3 12:38:13 2009] [error] [client 218.215.16.114]
Premature end of script headers: /cgi-bin/bpo/test.cgi
When I checked with the hosting server admin their reply is they have
restricted the use of FOPEN function and to use WGET or CURL.
Not sure how to resolve this error could someone please help?
wget/curl is not a replacement for the fopen() function call.
Presumably your sys-admin has the idea that locking down a specific
function call, will help reduce their likelyhood of being 'owned'.

Additionally, fopen() is used in lots of programs that reads/writes
local files, so this restriction would break a huge amount of code.

H::T uses the perl function "open()" to read the file, which
(presumably) is calling the underlying system call "fopen()". One
possible solution might be to use the LD_PRELOAD environmental variable,
to intercept fopen(), then redirect it to wget... (good luck with that... :)

Other than that, I'd suggest you ask your sys-admin to fix their
security policy....

cheers,
Mathew Robertson
Mark Fuller
2009-06-09 16:54:48 UTC
Permalink
On Mon, Jun 8, 2009 at 6:11 PM, Mathew Robertson
Post by Mathew Robertson
Other than that, I'd suggest you ask your sys-admin to fix their
security policy....
What about using wget or curl to read the file, and then use the
feature of H::T's "new" method to load a template from a variable?
(scalarref => $ref_to_template_text).

I agree that disallowing opening files on a system seems obsessive.

Mark
Mathew Robertson
2009-06-09 22:56:19 UTC
Permalink
Post by Mark Fuller
Post by Mathew Robertson
Other than that, I'd suggest you ask your sys-admin to fix their
security policy....
What about using wget or curl to read the file, and then use the
feature of H::T's "new" method to load a template from a variable?
(scalarref => $ref_to_template_text).
I agree that disallowing opening files on a system seems obsessive.
An "strace wget file:///home/..." shows that wget uses the open() system
call. I'd suspect that wget would also fail for the same reason.

For wget to succeed (in this conext), I suspect that it would need make
a request to a http-daemon, which itself serves the file.

cheers,
Mathew Robertson
Sanjeewa Fernando
2009-06-10 08:05:00 UTC
Permalink
Hi Mark and Mathew,



Thanks for both your suggestions.



I think I would try using the (scalarref => $ref_to_template_text) method.



I now have to experiment with figuring out how to use wget within a perl script.





Regards,

Sanjeewa




Date: Wed, 10 Jun 2009 08:56:19 +1000
From: ***@netratings.com.au
To: html-template-***@lists.sourceforge.net
Subject: Re: [htmltmpl] FW: Error using html::template




Other than that, I'd suggest you ask your sys-admin to fix their
security policy....
What about using wget or curl to read the file, and then use the
feature of H::T's "new" method to load a template from a variable?
(scalarref => $ref_to_template_text).

I agree that disallowing opening files on a system seems obsessive.
An "strace wget file:///home/..." shows that wget uses the open() system call. I'd suspect that wget would also fail for the same reason.

For wget to succeed (in this conext), I suspect that it would need make a request to a http-daemon, which itself serves the file.

cheers,
Mathew Robertson

_________________________________________________________________
Looking for a new car this winter? Let us help with car news, reviews and more
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fsecure%2Dau%2Eimrworldwide%2Ecom%2Fcgi%2Dbin%2Fa%2Fci%5F450304%2Fet%5F2%2Fcg%5F801459%2Fpi%5F1004813%2Fai%5F859641&_t=762955845&_r=tig_OCT07&_m=EXT
Roger Burton West
2009-06-10 08:23:17 UTC
Permalink
Post by Sanjeewa Fernando
I think I would try using the (scalarref => $ref_to_template_text) method.
I now have to experiment with figuring out how to use wget within a perl script.
While this may well work, I think that getting some proper hosting will
cause you vastly less grief in the long term.

Roger

Loading...