Tim Hogard's Quick and Dirty Perl CGI

Tim Hogard's Quick and Dirty Perl CGI

I write a quite a few simple web cgi programs and I tend to write them in Perl. The common way that most books and web examples make use of a few typical Perl modules but they are overkill for most projects and if you need speed, you don't have time to load the modules.

This is my basic perl cgi:

#!/usr/bin/perl -w
# tims cgi ver 3.50
$|=1; # set to unbuffered output
#look at what the user set to us in the URL
$query=$ENV{QUERY_STRING};
#POST data over writes what came in on the URL
read(STDIN, $query, $ENV{'CONTENT_LENGTH'}) if ($ENV{'CONTENT_LENGTH'} > 0);
@q=split(/&/,$query);

foreach (sort(@q)) {
        ($name, $value) = split(/=/, $_);

        $name  =~ tr/+/ /;      # a space used to be encoded as a plus
        $value =~ tr/+/ /;
        # get rid of the hex we were sent
        $name  =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/gie;
        $value =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/gie;	
        $cgi_{$name}=$value;	# $cgi_ has xss unfriendly values
	# the following are to to stop cross site scripting but
	# they make it hard to check for & < > ( or ) in values
	$value =~ s/&/&amp;/gi;
	$value =~ s/>/&gt;/gi;
	$value =~ s/</&lt;/gi;
        $value =~ s/\(/&#40;/gi;
        $value =~ s/\)/&#41;/gi;
        $cgi{$name}=$value;
        #print "$name = $value \n";
}

#if cookies are going to be used
if($ENV{HTTP_COOKIE}) {
        #HTTP_COOKIE=var=val; var2=val2
        my(@x)=split(/;/,$ENV{HTTP_COOKIE});
        foreach(@x) {
                my($var,$val)=split(/=/);
		$cookie{$var}=$val;
		#print "$name = $value<br>\n";
	}
}

#if path info is used 
#$path_info=$ENV{'PATH_INFO'};

print "Content-type: text/html\n\n";

foreach(sort(keys(%cgi))) {
	print "$_=$cgi{$_}<br>\n";
}
foreach(sort(keys(%cookie))) {
	print "$_=$cookie{$_}<br>\n";
}

All single letter variables can be optimized out but I tend to useit this way as its easier for others to understand.

The PATH_INFO allows you to put info in the url handed to the cgi such as
http://server/cgi-bin/script/argument/somevalue.

Version 3.47 Sep 16 2006 was to reduce cross site scripting issues.



Back to Tim's Homepage Back to current subject Related Links thogard@abnormal.com
 This page was last updated Tuesday, 28-Jun-2011 06:57:11 UTC Copyright 2000-2016 thogard™ is a trademark of Tim Hogard