Re: Unexpected "text/plain" output with cgi


Clear questions and runnable code get the best and fastest answer
	PerlMonks

Re: Unexpected "text/plain" output with cgi

by enoch (Chaplain)

on Nov 13, 2002 at 17:48 UTC ( #212645=note: print w/ replies, xml )

Need Help??

in reply to Unexpected "text/plain" output with cgi

Since no one has pointed it out, yet, you really really, really do not want to do:

if ($page) { &$page; }
[download]

What if someone (and, don't do this) passed in the URL http://www.robotskull.com/cgi-bin/index.cgi?page=kittens;`rm -rf /etc` (or worse). A better way would be to:

if($page)
{
    SWITCH:
    {
        &kitten, last SWITCH if($page eq 'kitten');
        &foo, last SWITCH if($page eq 'foo');
        &bar, last SWITCH if($page eq 'bar');
        .
        .
        .
        print STDERR "invalid CGI parameter", last SWITCH;
    }
        
}
[download]

Enoch

Comment on Re: Unexpected "text/plain" output with cgi Select or Download Code

In Section Seekers of Perl Wisdom

Node Status^?

node history
Node Type: note [id://212645]
help

Chatterbox^?

How do I use this? | Other CB clients

Other Users^?

Others surveying the Monastery: (24)
As of 2013-05-22 13:36 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

The best material for plates (tableware) is:

Results (461 votes), past polls