This is my basic perl cgi:
#!/usr/bin/perl -w
# tims cgi ver 3.50
$|=1; # set to unbuffered output
#look at what the user set to us in the URL
$query=$ENV{QUERY_STRING};
#POST data over writes what came in on the URL
read(STDIN, $query, $ENV{'CONTENT_LENGTH'}) if ($ENV{'CONTENT_LENGTH'} > 0);
@q=split(/&/,$query);
foreach (sort(@q)) {
($name, $value) = split(/=/, $_);
$name =~ tr/+/ /; # a space used to be encoded as a plus
$value =~ tr/+/ /;
# get rid of the hex we were sent
$name =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/gie;
$value =~ s/%([A-F0-9][A-F0-9])/pack("C", hex($1))/gie;
$cgi_{$name}=$value; # $cgi_ has xss unfriendly values
# the following are to to stop cross site scripting but
# they make it hard to check for & < > ( or ) in values
$value =~ s/&/&/gi;
$value =~ s/>/>/gi;
$value =~ s/</</gi;
$value =~ s/\(/(/gi;
$value =~ s/\)/)/gi;
$cgi{$name}=$value;
#print "$name = $value \n";
}
#if cookies are going to be used
if($ENV{HTTP_COOKIE}) {
#HTTP_COOKIE=var=val; var2=val2
my(@x)=split(/;/,$ENV{HTTP_COOKIE});
foreach(@x) {
my($var,$val)=split(/=/);
$cookie{$var}=$val;
#print "$name = $value<br>\n";
}
}
#if path info is used
#$path_info=$ENV{'PATH_INFO'};
print "Content-type: text/html\n\n";
foreach(sort(keys(%cgi))) {
print "$_=$cgi{$_}<br>\n";
}
foreach(sort(keys(%cookie))) {
print "$_=$cookie{$_}<br>\n";
}
All single letter variables can be optimized out but I tend to useit
this way as its easier for others to understand.
The PATH_INFO allows you to put info in the url handed to the cgi such
as
http://server/cgi-bin/script/argument/somevalue.
Version 3.47 Sep 16 2006 was to reduce cross site scripting issues.
| Back to Tim's Homepage | Back to current subject | Related Links | thogard@abnormal.com |
| This page was last updated Tuesday, 28-Jun-2011 06:57:11 UTC | Copyright 2000-2013 | thogard™ is a trademark of Tim Hogard | |