1. (Problem 12.

1) Using Wikipedia or some other reference (there is a book in Ha

rding¡‾s library and the Perl handout for Operating Systems is an adequate reference
), find regular expressions that match the following text:
a. A single word consisting of 1 or more alphanumeric characters plus the underl
ine character ¡°_¡±.
/w+
b. A number consisting of 5 digits.
\d{5}
c. A social security number (with dashes) in the format: 999-99-9999
\d\d\d-\d\d-\d\d\d
d. A phone number (with parentheses & dash) in the format: (501)279-4000
(\d\d\d)\d\d\d-\d\d\d\d
2. (12.2) Find a list of all metacharacters used by the Linux/Unix Bourne shell,
which is commonly used by scripts running other commands on such systems. Compa
re this list to that used by BASH and CSH.
+-----------------------------------------------------------------------
+
| List of C Chell Meta-Characters
|
+-----------------------------------------------------------------------
+
|Meta-character Meaning
|
+-----------------------------------------------------------------------
+
|newline End of command
|
|space End of word
|
|tab End of word
|
|! History
|
|# Comment
|
|$ Variable
|
|& End of command arguments, launch in background
|
|( Start sub-shell
|
|) End sub-shell
|
|{ Start in-line expansion
|
|} End in-line expansion
|
|| End of command arguments, Pipe into next command
|
|< Input Redirection
|
 |> Output Redirection
|
|* Multi-character Filename expansion (a.k.a. globbing)
|
|? Single-character Filename expansion (a.k.a. globbing)
|
|[ Character Set Filename expansion (a.k.a. globbing)
|
|] Character Set Filename expansion (a.k.a. globbing)
|
|; End of command
|
|' Strong quoting
|
|" Weak quoting
|
|` Command substitution
|
| Sometimes Special
|
+-----------------------------------------------------------------------
+
BASH
Operator Effect
. Matches any single character.
? The preceding item is optional and will be match
ed, at most, once.
* The preceding item will be matched zero or more
times.
+ The preceding item will be matched one or more t
imes.
{N} The preceding item is matched exactly N times.
{N,} The preceding item is matched N or more times.
{N,M} The preceding item is matched at least N times, but not
more than M times.
- represents the range if it's not first or last i
n a list or the ending point of a range in a list.
^ Matches the empty string at the beginning of a l
ine; also represents the characters not in the range of a list.
$ Matches the empty string at the end of a line.
\b Matches the empty string at the edge of a word.
\B Matches the empty string provided it's not at th
e edge of a word.
\< Match the empty string at the beginning of word.
\> Match the empty string at the end of word.

3. (12.3) Rewrite the Perl finger CGI script shown in Figure 12.2 (see below) to
include both appropriate input validation and more informative error messages,
as suggested by footnote 3 in Section 12.2. Extend the input validation to also
permit any of the characters: -+% in the middle of $user value, but not at eithe
r the start or end of this value.
#!/usr/bin/perl
# finger.cgi ¨C finger CGI script using Perl?s CGI module
use CGI;
use CGI::Carp qw(fatalsToBrowser);
$q = new CGI; # create query object
# display HTML headers
print $q->header,
$q->start_html(?Finger User?),
$q->hl(?Finger User?);
print ¡°<pre>¡±;

# get name of user and display their finger details

$user = $q->param(¡°user¡±);
die "The specified user contais illegal characters!" unless ($user=~/^\w+$/)

print `/usr/bin/finger ¨Cs $user`;

# display HTML footer
print ¡°</pre>¡±;
print $q->end_html;
4. (12.4) Improve the security of the CGI handler script used to send comments t
o the webmaster of your server. The current script in use is shown in Figure 12.
10a (see below), with the associated form shown in Figure 12.10b (see below). Id
entify some security deficiencies present in this script. Detail what steps are
needed to correct them, and design an improved version of this script.
Figure 12.10a
#!/usr/bin/perl
# comment.cgi - send comment to webmaster
# specify recipient of comment email
$to = "webmaster";
use CGI;
use CGI::Carp qw(fatalsToBrowser);
$q = new CGI; # create query object
# display HTML header
print $q->header,
$q->start_html('Comment Sent'),
$q->h1('Comment Sent');
# retrieve form field values and send comment to webmaster
$subject = $q->param("subject");
$from = $q->param("from");
$body = $q->param("body");
# generate and send comment email
system("export REPLYTO=\"$from\"; echo \"$body\" | mail -s \"$subject\" $to");
# indicate to user that email was sent
print "Thankyou for your comment on $subject.";
print "This has been sent to $to.";
# display HTML footer
print $q->end_html;
Figure 12.10b
<html><head><title>Send a Comment</title></head><body>
<h1> Send a Comment </h1>
<form method=post action="comment.cgi">
<b>Subject of this comment</b>: <input type=text name=subject value="">
<b>Your Email Address</b>: <input type=text name=from value="">
<p>Please enter comments here:
<p><textarea name="body" rows=15 cols=50></textarea>
<p><input type=submit value="Send Comment">
<input type="reset" value="Clear Form">
</form></body></html>