Tags:
create new tag
view all tags

SID-00600: Could we run private external perl scripts in our topics

Status: Answered Answered TWiki version: 4.3.0 Perl version: 5.10
Category: CategoryAutomation Server OS: Fedora 11 Last update: 16 years ago

Could we run private external perl scripts in our topics? These scripts are independant from TWiki.

I would like something equivalent to html langage for (perl script ): 

<script language="javascript">
   function !MaFunction(){
      ...
      }
   ...
</script>

Thanks Thierry

-- TWikiGuest - 2009-10-29

Discussion and Answer

Javascript runs on the client, but Perl typically runs on the server. Do you want that embedded code to run on the server? I have to say that this is dangerous to do. You would be giving your users access to do just about anything to the server.

BUT, if you REALLY trust your users:

  1. You could use AttachContentPlugin to extract the perl script from your topic and make it into an attachment. Every time the page is updated, it updates the attachment.
  2. You would then have to modify the Apache conf to make the /pub directory executable like the /bin directory (which is why this is so dangerous). Only files with a .pl extension should be given to the CGI handler, so that you can still use the /pub directory for other attachments.
  3. Then to run the, use VarINCLUDE to do a server-side include (also see IncludeFilesAsURL).

-- SeanCMorgan - 2009-10-29

I strongly advise not to allow Perl scripts to be uploaded and executed, it is way to dangerous from a security perspective.

You can add a secure layer in between. There are some options.

1. Let your Perl scripts output text files or HTML files, and place them in a html enabled directory on the server. Include those text files. See IncludeFilesAsURL.

2. Run your Perl scripts as CGI (your script need to output the proper header) and include the result in your TWiki pages. Assuming your script is at example.com/cgi-bin/log and takes a date parameter you can do this to show the logs of the current month: %INCLUDE{http://example.com/cgi-bin/log?date=%SERVERTIME{$year$mo}%}%

3. Create TWikiPlugins that call your Perl scripts. For example, assuming you have a logaccess script, create a LogAccessPlugin that expands a %LOGACCESS{ date="200910" }% variable.

-- PeterThoeny - 2009-10-29

Thanks, I will try your solution.

Is it the same problem with shell and php scripts ?

-- TWikiGuest - 2009-10-30

Yes, any language that has full access to file system.

-- PeterThoeny - 2009-10-30

      Change status to:
ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
SupportForm
Status Answered
Title Could we run private external perl scripts in our topics
SupportCategory CategoryAutomation
TWiki version 4.3.0
Server OS Fedora 11
Web server Apache 2
Perl version 5.10
Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2009-10-30 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.