| home / programming / perl / mod_perl / chap6 / 2 |    [previous] [next] |
|
|
|
There are three ways to enable warnings:
PerlWarn On
You can then fine-tune your code, turning warnings off and on by setting the
$^W variable in your scripts.
#!/usr/bin/perl -w
will turn warnings on for the scope of the script. You can turn them off and
on in the script by setting the $^W variable,
as noted above.
This turns warnings off:{local $^W = 1;# some code}# $^W assumes its previous value here
If{local $^W = 0;# some code}# $^W assumes its previous value here
$^W isn't properly localized, this code will
affect the current request and all subsequent requests processed by this child.
Thus:
$^W = 0;
will turn the warnings off, no matter what.
If you want to turn warnings on for the scope of the whole file, as in the previous item, you can do this by adding:
local $^W = 1;
at the beginning of the file. Since a file is effectively a block, file scope
behaves like a block's curly braces ({ }), and
local $^W at the start of the file will be effective
for the whole file.While having warnings mode turned on is essential for a development server, you should turn it globally off on a production server. Having warnings enabled introduces a non-negligible performance penalty. Also, if every request served generates one warning, and your server processes millions of requests per day, the error_log file will eat up all your disk space and the system won't be able to function normally anymore.
Perl 5.6.x introduced the warnings
pragma, which allows very flexible control over warnings. This pragma allows
you to enable and disable groups of warnings. For example, to enable only the
syntax warnings, you can use:
use warnings 'syntax';
Later in the code, if you want to disable syntax warnings and enable signal-related warnings, you can use:
no warnings 'syntax';use warnings 'signal';
But usually you just want to use:
use warnings;
which is the equivalent of:
use warnings 'all';
If you want your code to be really clean and consider all warnings as errors, Perl will help you to do that. With the following code, any warning in the lexical scope of the definition will trigger a fatal error:
use warnings FATAL => 'all';
Of course, you can fine-tune the groups of warnings and make only certain groups of warnings fatal. For example, to make only closure problems fatal, you can use:
use warnings FATAL => 'closure';
Using the warnings pragma, you can
also disable warnings locally:
{no warnings;# some code that would normally emit warnings}
In this way, you can avoid some warnings that you are aware of but can't do anything about.
For more information about the warnings
pragma, refer to the perllexwarn manpage.
Perl's -T switch enables taint
mode. In taint mode, Perl performs some checks on how your program is using
the data passed to it. For example, taint checks prevent your program from passing
some external data to a system call without this data being explicitly checked
for nastiness, thus avoiding a fairly large number of common security holes.
If you don't force all your scripts and handlers to run under taint mode, it's
more likely that you'll leave some holes to be exploited by malicious users.
(See Chapter 23 and the perlsec manpage for more information.
Also read the re pragma's manpage.)
Since the -T switch can't be turned
on from within Perl (this is because when Perl is running, it's already too
late to mark all external data as tainted), mod_perl
provides the PerlTaintCheck directive to turn on
taint checks globally. Enable this mode with:
PerlTaintCheck On
anywhere in httpd.conf (though it's better to place it as early as possible for clarity).
For more information on taint checks and how to untaint data, refer to the perlsec manpage.
| home / programming / perl / mod_perl / chap6 / 2 | [previous] [next] |
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 
Created: March 27 2003
Revised: July 23, 2003
URL: http://webreference.com/programming/perl/mod_perl/chap6/2
