Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re^2: Unwanted parameter when executing CGI scripts

by Nocturnus (Beadle)
on Jan 04, 2013 at 19:07 UTC ( #1011704=note: print w/replies, xml ) Need Help??


in reply to Re: Unwanted parameter when executing CGI scripts
in thread [SOLVED] Unwanted parameter when executing CGI scripts

Of course, you are right, and I have already implemented such checks at different levels of the application architecture.

Nevertheless, there is one situation where script A just should "pass" all parameters to another script B. To be precise, A generates HTML code with <a href> to B, where the href's URI contains all parameters which had been included in the call of A. Generating this link is done by generic code which is in a module which is used by several of the scripts; thus, when generating the link, the parameters are not checked. This is no security problem since B will check it's parameters for correctness when called.

In nearly all browsers, when moving the mouse to the generated link, the complete destination URI of the link, including the parameters, is visible (e.g. in the status bar). Now, if script A is called WITHOUT parameters (which is perfectly acceptable), the generated link to script B contained a query string ("?keywords=") where no query string should be.

This worries users, makes debugging more complicated, and is ugly, so I would like to change that.

I will do it the way which has been proposed above, but I was hoping that we could "configure" CGI.pm somehow to disable that behavour, or that there is another more elegant way.

Regards,

Nocturnus

  • Comment on Re^2: Unwanted parameter when executing CGI scripts

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1011704]
help
Chatterbox?
[Corion]: Also, London is always a nice visit, as I got to meet a friend there, and spent some time offline, working on "minor" features of the shadertoy thing ;)
[marto]: maybe next year when the kids are a little older I'll have time to attend perl events in Europe
[Corion]: marto: Yeah - there isn't a Perl Day-Care at Perl events - we thought about it for YAPC::Europe 2012 but it's a gigantic effort to organize that
[marto]: Corion yeah, it'd be too costly for me to bring them both :P

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (6)
As of 2016-12-07 09:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    On a regular basis, I'm most likely to spy upon:













    Results (125 votes). Check out past polls.