The web in a box - a next generation web framework for the Perl programming language

IRC log for #mojo, 2015-02-02

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
02:10 hshong joined #mojo
02:10 klapperl joined #mojo
02:53 oalders joined #mojo
03:04 inokenty-w joined #mojo
03:20 oalders joined #mojo
03:29 oalders joined #mojo
03:31 noganex_ joined #mojo
03:40 s1037989 http://www.mojoconf.org/mojo2015 = 404!  D:
03:42 asarch joined #mojo
04:13 dotandimet joined #mojo
05:32 rem_lex|pivo joined #mojo
05:53 oalders joined #mojo
06:00 dod joined #mojo
06:05 dod joined #mojo
06:21 mtths joined #mojo
06:39 basiliscos joined #mojo
06:42 rem_lex| joined #mojo
06:43 ovnimancer joined #mojo
07:29 reneeb joined #mojo
07:58 McA joined #mojo
08:01 reneeb joined #mojo
08:12 trone joined #mojo
08:14 eseyman joined #mojo
08:19 odc joined #mojo
08:20 Vandal joined #mojo
08:33 dod joined #mojo
08:39 kwa joined #mojo
08:47 AndrewIsh joined #mojo
08:50 Dandre left #mojo
08:53 marcusr hey
08:56 AndrewIsh joined #mojo
09:02 rem_lex joined #mojo
09:18 nicomen how do I not let the new date helper interfere with my TT date module?
09:40 Eke- joined #mojo
09:55 marty joined #mojo
10:25 * sri wonders why safari has problems with the mojolicious site
10:26 sri the menubar sometimes flickers a little
10:37 odc WARN> Use of uninitialized value $IO::Socket::Socks::ISA[1] in constant array element at /usr/local/share/perl/5.18.2/IO/Socket/Socks.pm line 1913
10:37 odc did someone else got that?
10:43 amon joined #mojo
10:57 mib_j806as joined #mojo
11:00 Dandre joined #mojo
12:08 dod1 joined #mojo
12:20 dod joined #mojo
12:26 marmez joined #mojo
12:37 fhelmber_ joined #mojo
12:46 neilhwatson joined #mojo
12:49 good_news_everyon joined #mojo
12:49 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/bvKJ
12:49 good_news_everyon mojo/master 5cbcb3b Sebastian Riedel: slightly smoother scrolling
12:49 good_news_everyon left #mojo
12:51 sri no idea why it's flickering in safari
12:51 sri chrome and firefox are fine
12:53 sri trying to make a sticky menubar with css transitions might be fun, to get hardware acceleration :)
13:00 human39_ joined #mojo
13:20 muraiki_ joined #mojo
13:27 asarch joined #mojo
13:39 sri oooh
13:39 sri hardware accelerated transformations are soooo smooooth
13:40 ryozi joined #mojo
13:41 sri that's funny, they even show up on the translucent window border in safari
13:48 good_news_everyon joined #mojo
13:48 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/bvNH
13:48 good_news_everyon mojo/master 313dfbb Sebastian Riedel: use hardware-accelerated transformations for menu bar
13:48 good_news_everyon left #mojo
13:48 sri http://mojolicio.us/ # ridiculously smooth transitions
13:49 odc indeed o_o
13:51 ignacio_ joined #mojo
14:09 good_news_everyon joined #mojo
14:09 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/bffh
14:09 good_news_everyon mojo/master 0cc15ac Sebastian Riedel: slightly slower transitions
14:09 good_news_everyon left #mojo
14:09 sri hardware acceleration for sticky menu bars... i like the future :)
14:10 marcusr wiggle wiggle wiggle
14:11 marcusr sri: have you heard any updates about mojoconf 2015?
14:11 sri nope
14:16 jberger I should email riche
14:30 gryphon joined #mojo
14:31 marcusr jberger: you should.
14:33 bwf joined #mojo
14:47 marty joined #mojo
14:52 jberger I have twitter DMed him
14:54 marcusr \o/
14:59 dotan preaction: A nit about the styling here: http://preaction.github.io/Statocles/pod/Statocles/App/Blog.html - you are nesting <p> tags in <li> tags, so the text shows up on a line below the bullet.
15:00 dotan He's not here anymore, is he?
15:00 Grinnz joined #mojo
15:14 jberger dotan: I see preaction in my list
15:14 jberger btw, riche just replied to me, he has staff assigned to MojoConf prep!
15:14 jberger I have a contact to email
15:16 marcusr jberger: that is awes.
15:16 marcusr btw, Barcelona.pm would be interested in hosting a mojoconf at some point as well. I would quite like to go there :)
15:16 jberger that would be AWESOME!
15:17 jberger next year we will have some formal selection process
15:17 marcusr +1 for that
15:17 jberger I know that Copenhagen has offered a few times and I would like to give them top priority if they want it, but the sooner we can get away from this kind of uncertainty, the better
15:18 * ssm has renewed the mojoconf.org domain, by the way…
15:20 marcusr ssm: thanks. Guess you would like it if someone took it over? :)
15:21 marcusr I'm not sure if it makes sense passing it from organizer to organizer tho.
15:21 sh4 joined #mojo
15:23 sri did someone just disclose a serious security issue without advance warning?
15:23 sri https://github.com/kraih/mojo/issues/738
15:23 ssm Passing it around will most likely lead to trouble one day :)
15:24 sri any windows user can confirm the problem?
15:24 marcusr sri: looks like it :S
15:24 sri is ... special on windows?
15:25 ssm *sigh* responsible disclosure…
15:25 * jberger recommends https://metacpan.org/pod/File::Spec#no_upwards
15:26 marcusr sri: can we delete the ticket? or pointless?
15:26 pink_mist sri: each additional dot is one more parent directory
15:26 sri it's out there now
15:26 crab no point deleting, i think.
15:27 genio yea, there's no point in deleting it now.  :/
15:27 pink_mist so "cd .." is the same as on *nix, the parent directory ... "cd ..." is like "cd ../.."
15:27 sri well, shit
15:27 genio ugh. Windows
15:27 purl ugh. Windows is killing nothingmuch's laptop. feels like VNC though aq 14.4 modem =(
15:27 sri so the proposed fix does not work
15:28 marcusr wtf, windows. :-/
15:28 marcusr sri: no, because it still doesn't stop '....'
15:29 sri does File::Spec::no_upwards fix it?
15:29 sri looks like this is pretty bad
15:30 pink_mist hmm, actually, I may be wrong :/ I remember it worked like this on MS-DOS and windows 3.x/9x ... but I cannot reproduce it now on windows 7 :/
15:30 odc why not just use a regex to block anything with more than one dot?
15:31 jberger https://metacpan.org/source/SMUELLER/PathTools-3.47/lib/File/Spec/Unix.pm#L231
15:31 jberger https://metacpan.org/source/SMUELLER/PathTools-3.47/lib/File/Spec/Win32.pm#L11
15:31 jberger looks like we should file a security bug too
15:31 sri please no throwing around guesses now
15:31 jberger :/
15:31 sri facts only
15:31 sri jberger: eeep
15:32 sri i'm going to link the code responsible, for anyone who wants to look into it
15:32 marcusr btw, remember that this channel is logged in public
15:32 sri the tests https://github.com/kraih/mojo/blob/master/t/mojo/path.t#L59
15:33 sri canicalization https://github.com/kraih/mojo/blob/master/lib/Mojo/Path.pm#L13
15:33 * marcusr heads to subway.
15:33 sri and the check for '..' https://github.com/kraih/mojo/blob/master/lib/Mojolicious/Static.pm#L36
15:34 sri it works by canonicalizing the path based on . and .. path elements, and then checking the first path element for '..'
15:34 sri first we need confirmation
15:35 sri can someone on windows do "mojo generate app; morbo my_app/script/my_app" and somehow get the server to expose files?
15:36 sri like http://127.0.0.1:3000/.../.../whatever.txt
15:36 mst wouldn't a better approach be to canonicalize to a final absolute path, then double check it exists underneath an allowed directory?
15:36 sri or even like http://127.0.0.1:3000/.../lib/MyApp.pm
15:36 pink_mist mst: what if you've added symlinks to things outside the app that you'd like to serve?
15:38 odc allright, i have a win2008 vm
15:38 mst pink_mist: one can canonicalize without resolving symlinks in the parts
15:39 pink_mist mst: one can, but most standard solutions don't
15:40 mst yeah, but this is #mojo wherein the correct response to "the standard solutions don't" is to reinvent the wheel except actually round this time
15:40 sri so, there is no actual solution on cpan yet?
15:40 mst does no_upwards not handle ... ?
15:40 sri mst: please be constructive
15:41 genio trying to get my windows machine into shape so I can test
15:41 mst oh, you're in one of those moods. I'll leave you to it then.
15:41 mst was kicked by sri: not the time
15:42 bobkare isn't canonpath in File::Spec that kind of canonicalization? The doc indicates it handles ... on Win32
15:42 odc sri, 127.0.0.1:3000/.../lib/MyApp.pm gives me a 404
15:43 sri odc: good!
15:43 sri no wait
15:43 sri 127.0.0.1:3000/.../my_app/lib/MyApp.pm
15:43 sri it's equivalent to ../../
15:44 odc oh lol
15:44 odc it displays the file
15:44 sri :(((
15:44 odc pretty neat
15:44 sri odc: can you confirm ..../ too?
15:44 odc i'm gonna try the win.ini now
15:44 odc what does 4 dots mean?
15:44 sri ../../../
15:45 sri -.-
15:45 odc ok
15:45 genio Windows is strange
15:45 sri (and add the parent dir to the path too)
15:45 punter joined #mojo
15:46 sri i have a feeling *a lot* of projects are affected by this
15:46 odc hmm i can't make it work with 4 dots
15:46 sri that is good
15:46 sri odc: please double check the dir names are right
15:46 sri 127.0.0.1:3000/..../PARENT_DIR/my_app/lib/MyApp.pm
15:47 odc yup, parent_dir in my case is Desktop
15:47 odc it doesn't work
15:47 purl It's a Y2K error!  Panic!  Sue!
15:48 sri odc++
15:48 odc and 404 with 5 dots
15:49 odc good thing that i work from home today ;)
15:49 pink_mist odc: think you could install App::SimpleHTTPServer and try the multiple periods with that?
15:49 genio 4 dots doesn't work in PowerShell or cmd.exe
15:49 odc i'm gonna try (i use active state here)
15:50 genio nor does 3.  really odd
15:50 Grinnz genio, with backslashes?
15:51 genio "cd ..."
15:51 genio nothing
15:51 genio same with "cd ...\..." or any combination I can think of
15:51 genio Windows Server 2008 R2
15:51 odc oh god
15:51 odc sri, i was using mojo 4.78
15:52 genio I'm still waiting on Mojo 5.75 to finish testing and installing
15:52 odc should i test again with 5.75?
15:52 ryozi_ joined #mojo
15:52 sri odc: shouldn't make much of a difference in this case
15:52 sri odc: but just to be sure it would be nice
15:52 odc k
15:53 sri i do have a quick fix, if we need it
15:53 genio oh, the screen was just hung, it seems.  Windows--
15:54 sri https://gist.github.com/anonymous/1bb83b20ff53966e3eab
15:54 sri although the backslash stuff scares me
15:54 odc sri, ok, same results with 5.75
15:55 sri perhaps canonicalize() should get rid of dot strings with more than two dots
15:55 odc pink_mist, how do you suggest i test SimpleHTTPServer?
15:55 genio http://127.0.0.1:3000/.../my_app/lib/MyApp.pm indeed shows the MyApp.pm file
15:56 sri genio: and the .... variant?
15:56 Grinnz http://cwe.mitre.org/data/definitions/32.html
15:56 pink_mist odc: just: serve_dir in some dir, and then open the webpage 127.0.0.1:8000
15:56 pink_mist odc: and add ..../ at the end
15:56 odc k
15:57 genio sri: I can't get the .... variant to work
15:57 genio 404
15:57 sri genio++
15:57 sri odc++
15:58 pink_mist odc++
15:59 pink_mist genio: what about the .../.../.../ version?
15:59 odc pink_mist, ok, i can show the parent directory with 3 dots
15:59 odc but with 4 dots, i get an error
15:59 pink_mist odc: ok, and what about .../.../.../?
15:59 odc "cannot read on an undefined value
16:00 odc it works! i can access my C:/
16:00 pink_mist >_<
16:01 genio ... works in SimpleHTTPServer
16:01 odc this is great i can see any config file i want
16:01 pink_mist heh
16:01 AndrewIsh Anyone got any recommendations for debugging Mojo apps that are providing an API? I'm making AJAX requests to my Mojo app and, within the app I render 404 unless various conditions are met. I'm getting a 404 when I request it, but I'm not sure what's triggering it. Ordinarily I'd be 'print'ing at various points to see where I was getting to but I don't think that's possible in this case. How would others go about debugging this kind of thing?
16:01 genio I can't get .... to work in any way
16:02 genio SimpleHTTPServer works with /.../.../
16:02 odc i wonder if i can get the same results in cygwin...
16:03 pink_mist I've got cygwin myself, and there it doesn't work
16:03 odc oh ok
16:03 genio Let me find a deeper path to try .../.../...
16:04 jberger AndrewIsh: might try with MOJO_DAEMON_DEBUG to see what the request actually looks like, sometimes that helps
16:04 jberger it can be a lot of output though
16:04 AndrewIsh jberger: Thanks, I'll take a look at that, not come across it before :)
16:04 genio I can .../.../... no problem with morbo
16:05 genio same in SimpleHTTPServer
16:05 genio always a 404 with 4 dots though
16:06 pink_mist wonder what the guys sending the error did to make >3 dots work like that
16:07 pink_mist genio++
16:07 pink_mist thanks both of you
16:09 odc i hope this trick exists in many other servers ;)
16:09 sri marcusr, jberger, tempire, jberger, batman: my official proposal https://gist.github.com/anonymous/e21fb15f19898eff71b7
16:10 pink_mist s/everybody/everybody on windows/
16:12 pink_mist odc, genio: both of you on activestate? or did you try strawberry and/or dwimperl?
16:12 genio I'm on strawberry
16:12 odc activestate here
16:12 genio 5.20.1 64-bit
16:12 jberger sri, any reason not to do three or greater dots as .?
16:12 pink_mist alright, so it's probably on dwim too then
16:14 jberger $parts->[$i] =~ /\A\.{3,}\z/
16:15 sri jberger: why?
16:16 sri jberger: any reason to do it?
16:16 jberger reading the original report, it looks like it might exist
16:16 sri jberger: see backlog
16:16 sri testing has been done
16:16 jberger on a few variants of a strange platform
16:17 odc paranoia is good~
16:17 jberger naming a directory ........ is a bad idea anyway, lets just nuke em all
16:17 jberger I see the backlog as a confirmation that ... is a problem, that combined with the original report leads me to lean towards caution
16:18 sri marcusr, jberger, tempire, jberger, batman: ccan we get a vote on that?
16:19 jberger a quick rxrx likes my regex
16:19 marcusr +1 on nuking from orbit
16:22 sri it's gonna cost a lot of performance
16:24 bobkare what about comparing the first 2 or 3 characters with substr? presumably not as fast as eq but faster than firing up the regex engine (Disclaimer: I haven't benchmarked that in a while)
16:28 jberger bobkare is likely correct
16:28 jberger then again, it means that we would be path segments like ...somepath which is probably ok, but more restrictive
16:29 odc my 2 cents: sri's patch is enough for now, but mmulder99 has to give us more info
16:30 pink_mist I would keep it as a regex until it's actually determined that using a regex is a bottleneck. my guess would be that it isn't
16:32 jberger sri: any idea what the performance knock is?
16:33 nicomen bobkare: 2-3 char substr wouldn't work on /foo/bar/../../.../lib/MyApp.pm
16:36 sri jberger: 1003 rps vs 1033 rps for something as trivial as examples/hello.pl
16:36 sri i've tried to fold the first whole check to $parts->[$i] =~ /^(?:\.||\.{3,})$/
16:37 sri to cover '.', '' and '...+'
16:38 genio That seems...
16:39 crab oh
16:40 genio I really want to move \.{3,} to the front of that group.  I haven't tested, but I always like to have the longest possibility first
16:43 sri hmmm
16:43 sri actually ignore those numbers
16:43 sri i've tried digging deeper, and now i can't measure much of a difference anymore
16:44 sri now benchmarking with a more scientific perl -Ilib -Mojo -E 'my $path = Mojo::Path->new("/"); n { $path->canonicalize } 1000000'
16:47 marty joined #mojo
16:48 marty joined #mojo
16:48 good_news_everyon joined #mojo
16:48 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/bJBu
16:48 good_news_everyon mojo/master 9ffa38f Sebastian Riedel: fix Windows path traversal bug (closes #738)
16:48 good_news_everyon left #mojo
16:48 sri anyway, committing so we have a fix out
16:54 jberger sri++
16:55 jberger if there is a performance hit, and maybe even if not, it would be nice to know where more than three dots is actually a problem
16:55 jberger but good to be on the safe side
16:56 sri perl -Ilib -Mojo -E 'my $path = Mojo::Path->new("/foo/bar"); $path->parts; n { $path->canonicalize } 100000'
16:57 sri in case someone wants to try making it faster
16:58 sri interesting, looks like specifically File::Spec::no_upwards is vulnerable
16:59 sri canonpath specifically handles ...
17:01 sri that is reassuring! https://metacpan.org/source/SMUELLER/PathTools-3.47/lib/File/Spec/Win32.pm#L407
17:04 * sri gives #plack a heads up
17:05 fhelmber_ joined #mojo
17:06 jberger hmmmm, so HTML::Mason::Exception doesn't seem to overload stringification
17:07 jberger and that causes a very unhelpful 500 page
17:07 jberger :-/
17:08 jberger Modification of non-creatable array value attempted, subscript -1 at /usr/local/lib/perl5/site_perl/Mojo/Exception.pm line 97, &lt;DATA&gt; line 272.
17:09 jberger I can fix it on my end, and perhaps there is nothing we can do about it, but I thought I would mention
17:10 sri jberger: make a test case
17:17 jberger hmmmmm, and of course, my one-liner work without issue :/
17:18 Grinnz life would be so much simpler if people just didn't try to run code on win32
17:19 jberger sri: nevermind, I cannot come up with a small example
17:19 jberger which must mean that it is some of the hoops I'm jumping through for porting and not a real issue
17:19 jberger sorry for the noise
17:25 dod joined #mojo
17:49 dod joined #mojo
17:50 * sri sets jberger on fire
17:51 * jberger burns
17:52 marc joined #mojo
17:53 marc is it possible to create <a href="#">test</a> with link_to?
17:55 marc link_to test => '#' did not work
17:58 sri someone should really open a ticket for File::Spec::no_upwards
18:11 reneeb joined #mojo
18:12 nicomen with 61 open tickets, and one even with a patch from 2005....
18:12 nicomen maybe it's time to be able to flag modules as dangerous
18:14 nicomen eh? https://rt.cpan.org/Public/Bug/Display.html?id=90636
18:15 sri lol
18:15 Grinnz lol
18:16 nicomen it's not really that funny?
18:16 Grinnz it's funny in a kind of sad and kind of scary way
18:17 nicomen here I tell everyone to use File:: modules instead of rolling their own...
18:17 tempire Seems fine to me. I would have been surprised if there was any real performance difference.
18:17 * tempire didn't even know about ...
18:20 hahainternet so that's a windows thing is it?
18:20 hahainternet i haven't had a chance to read all the scrollback
18:21 sri nicomen: definitely funny in the tragic kind of way
18:22 sri odd comments seem to suggest vms and symbian might have similar issues
18:23 sri word of warning
18:23 sri if you're a happy user of File:: modules, DO NOT LOOK AT THE CODE!!!1
18:25 hahainternet that's the case for half the binaries i use i expect :(
18:30 nicomen hahainternet: true, but since I knew perl is so thoroughly tested and has a test philosophy at least I have been trusting crappy old code
18:31 nicomen apparently no_upward had no tests according to that ticket
18:32 * sri can't stop playing with the new smooth menu bar on http://mojolicio.us :)
18:35 hahainternet fine fine hold on i'll click :p
18:35 hahainternet without javascript it's all terrible! (it looks fine)
18:35 hahainternet do you mean the nice smooth header sri?
18:35 hahainternet or the autohide bar?
18:36 sri i mean the smooth transitions
18:36 sri they are now hardware accelerated
18:36 hahainternet the transitions between what?
18:36 sri autohide
18:36 hahainternet oh ok, how are they hardware accelerated but were not before?
18:36 sri it used to flicker
18:37 hahainternet i can't say i ever noticed it, but as usual good job :D
18:37 Grinnz web 2.0 is fun :P
18:37 sri https://github.com/kraih/mojo/commit/313dfbbb71fabf8f1a693842ab829f8132a60b1c
18:37 sri css 2d transformations
18:37 hahainternet ah i see
18:37 hahainternet i do not envy you
18:38 sri i love that you can do that now
18:38 hahainternet to me it's just another added nightmare, i'm trying to find time to write a webgl game
18:39 hahainternet and while webgl is a little finnicky
18:39 hahainternet any time i have to go near html/css i just shrink away and pretend it doesn't exist
18:39 hahainternet so i have a lot of respect for people who can use it well, but i also think they're a little bit insane
18:39 hahainternet kinda like a snakecharmer for example
18:40 hahainternet yeah it's very impressive, but how did you avoid getting bitten for so long? the answer is of course that you get bitten constantly but you learn to deal with it
18:40 hahainternet anyhow sri i think i've managed to get mojo as a candidate for my next contract thing
18:40 hahainternet so i'm extremely happy about that
18:40 hahainternet and maybe i can actually contribute something back for once
18:42 * sri just started learning about css animations
18:42 sri really impressive stuff, and mostly hardware accelerated
18:43 hahainternet the website does look nice, but i think perhaps the demos could be more impactful, i don't know
18:43 hahainternet i don't want to say that it should be bolder or use more marketing speak
18:43 odin22 joined #mojo
18:44 hahainternet in fact you know i think my only real criticism is that the demos are below the feature list
18:44 hahainternet and i'd probably swap them about
18:46 riche joined #mojo
18:46 sri that reminds me of the user quote project... i guess that marketing project failed :/ https://github.com/kraih/mojo/wiki/User-quotes
18:47 riche hey there ... running hypnotoad in a clean env and got a missing dependency File::Stat ... anything else I should be aware of?
18:47 riche wait a sec...
18:47 purl is riche one of those answer bots?
18:47 riche ugh I am running on empty my bad nevermind
18:47 hahainternet sri: the problem is that everyone can produce quotes like that and mojo's real joy comes from using it
18:48 hahainternet weren't there some screencasts on the website at some point?
18:48 hahainternet i swore i used those originally
18:49 sri http://mojocasts.com/
18:49 sri they are outdated now though
18:49 hahainternet ah a different site
18:49 hahainternet i think those were the best marketing you've ever had
18:49 hahainternet that's what convinced me originally
18:50 pink_mist last I tried the mojocasts, they wouldn't play :/
18:50 sri yea, i wish someone would continue those
18:50 pink_mist seems they work fine now though =)
18:50 hahainternet yeah works for me even with js disabled
18:50 hahainternet which is a rare pleasure
18:51 Adura mojo daemon script\my_app Gave me "Your Mojo is working!" instead of printing out the file as morbo did.
18:54 Adura If that was already mentioned, oops.
18:58 nicomen is the \ because you are on windows?
18:58 Adura Yep, just seeing the extent of the security issue.
18:58 nicomen aha
18:59 Adura The creator of the ticket didn't mention what server was used.
19:03 dotandimet joined #mojo
19:24 jberger sri: I will have a user quote soon too I believe
19:25 jberger riche: o/
19:28 sri it would be nice to at least be able to show a few company logos on the frontpage
19:29 jberger I would guess that my new company would be as glad to have their logo out there as they would be to show support
19:29 riche well just wow'ed another customer with Mojolicious.  Original scope 3d, implemented in 1d. Just badass.
19:30 jberger riche++
19:30 sri \o/
19:30 sri ember.js has such a pretty website http://emberjs.com/
19:32 riche okay gotta go mini-celebrate with a coffee and some sunlight... take care and thanks once again for the awesome framework.
19:33 dotandimet joined #mojo
19:34 good_news_everyon joined #mojo
19:34 good_news_everyon [mojo] kraih tagged v5.76 at cd500c6: http://git.io/bUAZ
19:34 good_news_everyon left #mojo
19:36 good_news_everyon joined #mojo
19:36 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/bUxt
19:36 good_news_everyon mojo/master ef2f651 Sebastian Riedel: bump version
19:36 good_news_everyon left #mojo
19:36 cpan_mojo Mojolicious 5.76 by Sebastian Riedel - http://metacpan.org/release/SRI/Mojolicious-5.76
19:39 hernan604 \o/
19:39 hernan604 thanksss
20:00 odin22 joined #mojo
20:06 sri so, Plack::App::File is vulnerable too? https://metacpan.org/source/MIYAGAWA/Plack-1.0033/lib/Plack/App/File.pm#L54
20:06 Grinnz fun
20:07 sri Catalyst::Plugin::Static::Simple uses File::Spec::no_upwards and is culnerable
20:07 sri s/c/v/
20:32 sri some of that dancer code is... wild... and very vulnerable https://metacpan.org/source/XSAWYERX/Dancer2-0.158000/lib/Dancer2/FileUtils.pm#L78
20:33 sri slowly running out of ideas for modules to look at :)
20:33 Grinnz heh
20:33 sri bottom line: everything is vulnerable
20:33 Grinnz are all of these runnable on win32?
20:39 kaare_ joined #mojo
20:49 Grinnz plack update is released
20:55 Adura Wonder how many hoops you have to jump through with OSX...
20:58 AndrewIsh joined #mojo
21:06 jberger http://imgur.com/k5flwj2
21:06 Grinnz indeed
21:23 Nemix I have an IOLoop recurring timer I want to have execute immediately and then every N seconds.  What is the mojo way of doing this?  In POE app I am replacing I would kick things off once and in the call back set a timer for N
21:34 odc Nemix, you could use next_tick() to launch it at startup
21:34 Nemix and then chain in callback?
21:35 odc Nemix, as you wish, but you could just call next_tick() and recurring() at startup
21:37 odc i don't think there is one "best" method, it depends on so many things
21:37 Nemix got it
21:40 sri lol
21:40 sri it looks like there might not be a windows bug after all!
21:41 sri but a File::Spec bug instead, where it expands ... to ..\..
21:41 odc o_O
21:41 dod joined #mojo
21:44 Grinnz sri, windows no longer honors ... in cd at least, but i saw claims that it used to
21:45 sri muahahaha... windows appears not to have special ... handling back to XP
21:45 sri "But File::Spec keeps DOS alive!"
21:45 jberger ;O
21:46 Adura ‌cd \... works.
21:46 Adura No, I misinterpreted that, hah.
21:50 sri i wonder what that means for us now
21:51 sri File::Spec::Win32 might get fixed
21:52 odc i surely hope so considering the number of packages depending on it. Then again, it has 61 unresolved bugs...
21:53 sri jberger: so handling more than three dots was useless after all :o
21:53 jberger I'm still wondering how the OP had his/her problem with .............
21:54 nicomen sri: are you talking to someone that will fix File::Spec?
21:54 sri in #p5p
21:54 nicomen aha
22:03 good_news_everyon joined #mojo
22:03 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/bkJn
22:03 good_news_everyon mojo/master d6af83d Sebastian Riedel: better description for canonicalize
22:03 good_news_everyon left #mojo
22:03 trone joined #mojo
22:03 sri jberger, marcusr, tempire, batman: so, are we just leaving it like that?
22:06 jberger I'm ok with backing it down to just eq '...' now I suppose
22:07 jberger though I still wish we could get more info on the original ticket
22:12 sri as it turns out ..... is a valid filename on windows
22:12 sri cygwin can create it apparently
22:13 sri and so can i on os x
22:15 good_news_everyon joined #mojo
22:15 good_news_everyon [mojo] kraih pushed 1 new commit to master: http://git.io/bkt3
22:15 good_news_everyon mojo/master 28652ad Sebastian Riedel: fixed canonicalize in Mojo::Path to not remove parts with more than three dots
22:15 good_news_everyon left #mojo
22:17 marcusr ok with me.
22:19 sri https://github.com/ingydotnet/dotdotdot
22:24 alnewkirk joined #mojo
22:25 disputin joined #mojo
22:34 marcusr according to my node friends, this might be a problem on other platforms too :)
22:35 marcusr windows: just don't
22:42 KindOne joined #mojo
22:53 Grinnz lol
22:58 Averna joined #mojo
23:19 * sri wonders if he should animate the mojolicious logo a little
23:38 punter joined #mojo
23:39 Grinnz all i have to say about File::Spec now... https://www.youtube.com/watch?v=0yKqKg6DfTY#t=1m50s (nsfw language)
23:54 disputin joined #mojo
23:55 disputin1 joined #mojo
23:57 disputin1 left #mojo

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary