Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Very simple commenting system

by Zecho (Hermit)
on Nov 18, 2001 at 23:37 UTC ( #126158=perlquestion: print w/replies, xml ) Need Help??

Zecho has asked for the wisdom of the Perl Monks concerning the following question:

This produces a txt file with html formatting to be included via SSI
    What I would like to do is:
  • Keep the script as simple as possible
  • Improve security
  • Keep the txt file this produces as small as possible
  • Avoid whitespace as a username
  • Gather Ideas that have not occurred to me as yet
I do know that using -T will do some security checking, but is there anything else I should add?
I have been given suggestions in the CB, but it's sometimes difficult for me to follow all of them, change and test code and get back to the CB to catch the rest of the comments.

The CGI script: #!/usr/bin/perl -Tw use strict; use CGI; use CGI::Carp 'fatalsToBrowser'; use Fcntl ':flock'; use POSIX qw(strftime); my $now = strftime "%b %e", localtime; my $q = new CGI; my $user = length $q->param('user') ? $q->param('user') : "Anonymous"; $user = $q->escapeHTML($user); my $message = $q->param('comment'); if ($message){ # Avoid posting blank messages open FH, "+</var/www/html/comment.txt" or die "Oops: $!"; flock (FH,LOCK_EX) or die "Couldn't flock: $!"; my @comments = <FH>; seek (FH ,0,0); truncate (FH,0) or die "No can do: $!"; print FH "<br><b>On $now, $user added this bit o' wisdom:</b><br>$me +ssage<br><hr>\n"; print FH @comments; close FH; } print $q->redirect('http://server.com/index.shtml');
This produces a comment like

On Nov 17, Zecho added this bit o' wisdom:
Here's my comment, yes it's a little boring, but it's a comment.


Oh, and on a side note <coed> tags do not work. :)

Replies are listed 'Best First'.
Re: Very simple commenting system
by Zaxo (Archbishop) on Nov 19, 2001 at 03:23 UTC

    Hi Zecho,
    You can prevent both empty and whitespace names by matching one word character:

    my $user = ( $q->param('user') =~ /\w/ ) ? $q->param('user') : "Anonym +ous";
    but it would also be well to apply escapeHTML to $message and s/[^\x00-\x1f\x7f]//g for ($user,$message); as well. That will knock off unprintable nasties.

    A minor point, you probably should use '<br/>' for xhtml correctness.

    Update: changed break tag comment per blackmateria's reply, Thanks!

    After Compline,
    Zaxo

      Actually, he should use <br /> (in lowercase) for xhtml correctness. :)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://126158]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (3)
As of 2020-12-05 09:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    How often do you use taint mode?





    Results (63 votes). Check out past polls.

    Notices?