Perl code can be directly embedded in MiniVend pages. The code is specified as:
[perl]
$name = $Values->{name};
$browser = $Session->{browser};
return "Hi, $name! How do you like your $browser?";
[/perl]
ASP syntax can be used with:
[mvasp]
<%
$name = $Values->{name};
$browser = $Session->{browser};
%>
Hi, <%= $name %>!
<%
HTML "How do you like your $browser?";
%>
[/perl]
The two snippets above are essentially equivalent.
The [perl] tag enforces Safe.pm checking, and many standard Perl operators are not available. This is a good thing, as you would not want users having access to all files and programs
on the system with the MiniVend daemon's permissions! See GlobalSub and UserTag
for ways to make external files and programs available to MiniVend.
named attributes:
[perl tables="tables-to-open"* subs=1 global=1* no_return=1*]
Required attributes: none
Attribute information:
1, and when the catalog is allowed to use global permissions via the minivend.cfg directive AllowGlobal, Safe.pm checking is turned off. In this case, the embedded Perl code can do anything that the user
ID running it can! This is not recommended when the same MiniVend server runs for different companies/user ids. Be careful! Security is your responsiblity and should be your concern.
1, any GlobalSub routines can be accessed by name.
When running under Safe, some database operations are restricted due to inability to create objects. For
SQL there is nothing that can be done -- you must have
global access to use data from
SQL tables. But for MiniVend databases, you can access
them as long as you pre-open them by using an item first.
Example:
[perl tables="products pricing"]
$key = $Values->{sku};
$title = $Tag->data('products', 'title', $key):
return "You looked up the title $title";
[/perl]
If the tables=products> was not specified, there would be a syntax error
trap from Safe.pm.
Any MiniVend tag (except ones using
SQL) can be accessed via the $Tag object. If you need to use
SQL queries inside a Perl element, you will have to have
AllowGlobal permissions and set the global=1 parameter.
Examples:
# If the item might contain a single quote
[perl]
$comments = $Value->{comments};
[/perl]
IMPORTANT NOTE: Global subroutines are not subject to the stringent security checking of the Safe module, so almost anything goes there. The subroutine will be able to modify any variable in MiniVend, and will be able to write to read and write any file that the MiniVend daemon has permission to write. Though this gives great power, it should be used with caution. Careful! They are defined in the main minivend.cfg file, so should be safe from individual users in a multi-catalog system.
Global subroutines are defined in minivend.cfg with the GlobalSub directive, or in user catalogs which have been enabled via AllowGlobal. Global subroutines are much faster than the others as they are pre-compiled. (Faster still are UserTag definitions.)
Catalog subroutines are defined in catalog.cfg, with the Sub directive. They are subject to the stringent Safe.pm security restrictions that are controlled by SafeUntrap.
The code can be as complex as desired, but cannot use any operators that modify the file system or use ``unsafe'' operations like ``system'', ``exec'', or backticks. These constraints are enforced with the default permissions of the standard Perl module Safe -- operations may be untrapped on a system-wide basis with the SafeUntrap directive.
The result of the tag will be the result of the last expression evaluated, just as in a subroutine. If there is a syntax error or other problem with the code, there will be no output.
Here is a simple one which does the equivalent of the classic hello.pl program:
[perl] my $tmp = "Hello, world!"; $tmp; [/perl]
Of course you wouldn't need to set the variable -- it is just there to show the capability.
To echo the user's browser, but within some HTML tags:
[perl]
my $html = '<H5>';
$html .= $Session->{'browser'};
$html .= '</H5>';
$html;
[/perl]
To show the user their name, and the current time:
[perl arg=values]
my $string = "Hi, " . $Values->{'name'} ". The time is now ";
$string .= $Tag->mvtime();
$string;
[/perl]