Re: Unexpected "text/plain" output with cgi

Since no one has pointed it out, yet, you really really, really do not want to do:

if ($page) { &$page; }
[download]

What if someone (and, don't do this) passed in the URL http://www.robotskull.com/cgi-bin/index.cgi?page=kittens;`rm -rf /etc` (or worse). A better way would be to:

if($page)
{
    SWITCH:
    {
        &kitten, last SWITCH if($page eq 'kitten');
        &foo, last SWITCH if($page eq 'foo');
        &bar, last SWITCH if($page eq 'bar');
        .
        .
        .
        print STDERR "invalid CGI parameter", last SWITCH;
    }
        
}
[download]

Enoch

Comment on Re: Unexpected "text/plain" output with cgi Select or Download Code

In Section Seekers of Perl Wisdom