Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

CGI + safeguards

by Anonymous Monk
on Feb 20, 2003 at 12:49 UTC ( #237061=perlquestion: print w/ replies, xml ) Need Help??
Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi monks, I am busying myself with cgi-fun and thought it sensible to add in a few safe-guards so that if nothing is entered into the form, the user gets a polite message, not an internal server error. Anyway, I thought this simple reg-exp would work (below). Can anyone suggest why is might be going wrong. Many thanks.
# snippet from script 1 print qq(<FORM METHOD="post" ACTION="http://localhost/~sm125/cgi-bin/f +rontpage.cgi"><h3>Enter: </h3><INPUT TYPE="TEXT" NAME="box" SIZE="10" +><h3>Enter: </h3><INPUT TYPE="text" NAME="value" SIZE="10"><INPUT TYP +E="SUBMIT" value="go"></FORM>);
second script
# snippet from frontpage.cgi #!/biol/programs/perl/bin/perl -w use strict; use CGI qw(:standard); my $cgi; $cgi = new CGI; use CGI::Carp qw(fatalsToBrowser); my $box = $cgi->param('box'); my $value = $cgi->param('value'); if (($box !~ /\w+/) && ($value !~ /\w+/)) { print "You haven't entered anything on the form"; print STDOUT $cgi->end_html; exit (0); }

Comment on CGI + safeguards
Select or Download Code
Replies are listed 'Best First'.
Re: CGI + safeguards
by valdez (Monsignor) on Feb 20, 2003 at 13:02 UTC

    You are testing values of both parameters, just change && with or.

    Ciao, Valerio

Re: CGI + safeguards
by Tomte (Priest) on Feb 20, 2003 at 13:04 UTC

    Talking about safe-guards: you might want to check the -t and -T switches.

    To the regexp:

    • The check-logic is wrong, you want to bail out safely if either of the values is undefined, not both
    • One \w character in the input is enough ATM to match, so but you want to check that the whole value matches only \w-characters
    • that leads to something like
      ($box !~ /^[my allowed characters in a handy class]+$/ || $value !~ /^[my allowed characters in a handy class]+$/

    hth,
    regards,
    tomte


Re: CGI + safeguards
by Joost (Canon) on Feb 20, 2003 at 13:13 UTC
    Can anyone suggest why is might be going wrong.

    if (($box !~ /\w+/) && ($value !~ /\w+/)) { print "You haven't entered anything on the form"; print STDOUT $cgi->end_html; exit (0); }
    Some things are seem strange to me:
    • Your code will complain when someone doesn't enter a 'word' character (that is, [a-zA-Z0-9_] or something similar, depending on locale).

      For instance, when someone enters a "#" character, your code will complain.

      Probably you'll want to change either the message, or the regex, depending on what kind of values are allowed.

    • Your regex will give undefined values warnings when there is no data submitted to the form.

    • print STDOUT $something is equivalent to print $something here.

    • You do not print a HTTP-header, or start the HTML document in the error message: use print $cgi->header, $cgi->start_html("CGI Error"); or something similar.

    • I would put the use CGI::Carp line to the top of the script, so the error handler would be installed ASAP.
    -- Joost downtime n. The period during which a system is error-free and immune from user input.
Re: (nrd) CGI + safeguards
by newrisedesigns (Curate) on Feb 20, 2003 at 13:02 UTC

    It doesn't look like you are printing out headers. Are you?

    John J Reiser
    newrisedesigns.com

Re: CGI + safeguards
by jacques (Priest) on Feb 20, 2003 at 13:59 UTC

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://237061]
Approved by newrisedesigns
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (14)
As of 2015-07-31 19:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (280 votes), past polls