Re: Web Interface to the at Command

Replies are listed 'Best First'.
Re: Re: Web Interface to the at Command by kingman (Scribe) on Aug 09, 2001 at 18:02 UTC
Can't argue with that! Here's a more secure version. #!/usr/bin/perl -wT use strict; # debug mode BEGIN { # use CGI::Carp qw(carpout fatalsToBrowser); # &carpout (\*STDOUT); } # declare global vars our ($hour, $minute, $day, $meridiem); use CGI; my $q = new CGI; print $q->header(); print "<center>\n"; &print_at_form; &create_at_job if $q->param('Submit'); ### Subroutines ### sub print_at_form { print $q->startform(); print "Hour"; print $q->popup_menu(-name=>'hour', -values=>[1..12]); print "Minutes"; print $q->popup_menu(-name=>'minute', -values=>[qw/00 05 10 15 20 +25 30 35 40 45 50 55/]); print "Day"; print $q->popup_menu(-name=>'day', -values=>[qw/Today Mon Tue Wed +Thu Fri Sat Sun/]); print $q->radio_group(-name=>'meridiem', -values=>[qw/am pm/]); print $q->submit(-name=>'Submit'); print $q->endform(); } sub _untaint { $ENV{"PATH"} = ""; if ($q->param('hour') =~ /^(1\|2\|3\|4\|5\|6\|7\|8\|9\|10\|11\|12)$/) { $hour + = $1; } else { die "Can't untaint 'hour'"} if ($q->param('minute') =~ /^(00\|05\|10\|15\|20\|25\|30\|35\|40\|45\|50\|55) +$/) { $minute = $1; } else { die "Can't untaint 'minute'"} if ($q->param('day') =~ /^(Today\|Mon\|Tue\|Wed\|Thu\|Fri\|Sat\|Sun\|)$/) +{ $day = $1; } else { die "Can't untaint 'day'"} if ($q->param('meridiem') =~ /^(am\|pm)$/) { $meridiem = $1; } else + { die "Can't untaint 'meridiem'"} } sub create_at_job { _untaint; my $string = "/usr/bin/at $hour:$minute $meridiem $day"; my $pid = open(ATJOB, "\| $string") or die "Couldn't fork: $!\n"; print ATJOB "touch /foo/bar/some_file\n"; close(ATJOB); print "Your job has been scheduled for <b>$hour:$minute $meridiem +$day</b>"; } [download]	[reply] [d/l]

Replies are listed 'Best First'.

Re: Re: Web Interface to the at Command
by kingman (Scribe) on Aug 09, 2001 at 18:02 UTC

#!/usr/bin/perl -wT
 
use strict;
 
# debug mode
BEGIN {
#   use CGI::Carp qw(carpout fatalsToBrowser);
#   &carpout (\*STDOUT);
}
 
# declare global vars
our ($hour, $minute, $day, $meridiem);
 
use CGI;
my $q = new CGI;
print $q->header();
print "<center>\n";
&print_at_form;
&create_at_job if $q->param('Submit');
 
### Subroutines ###
sub print_at_form {
    print $q->startform();
    print "Hour";
    print $q->popup_menu(-name=>'hour', -values=>[1..12]);
    print "Minutes";
    print $q->popup_menu(-name=>'minute', -values=>[qw/00 05 10 15 20 
+25 30 35 40 45 50 55/]);
    print "Day";
    print $q->popup_menu(-name=>'day', -values=>[qw/Today Mon Tue Wed 
+Thu Fri Sat Sun/]);
    print $q->radio_group(-name=>'meridiem', -values=>[qw/am pm/]);
    print $q->submit(-name=>'Submit');
    print $q->endform();
}
 
sub _untaint {
    $ENV{"PATH"} = "";
    if ($q->param('hour') =~ /^(1|2|3|4|5|6|7|8|9|10|11|12)$/) { $hour
+ = $1; } else { die "Can't untaint 'hour'"}
    if ($q->param('minute') =~ /^(00|05|10|15|20|25|30|35|40|45|50|55)
+$/) { $minute = $1; } else { die "Can't untaint 'minute'"}
    if ($q->param('day') =~ /^(Today|Mon|Tue|Wed|Thu|Fri|Sat|Sun|)$/) 
+{ $day = $1; } else { die "Can't untaint 'day'"}
    if ($q->param('meridiem') =~ /^(am|pm)$/) { $meridiem = $1; } else
+ { die "Can't untaint 'meridiem'"}
}
 
sub create_at_job {
    _untaint;
    my $string = "/usr/bin/at $hour:$minute $meridiem $day";
    my $pid = open(ATJOB, "| $string") or die "Couldn't fork: $!\n";
    print ATJOB "touch /foo/bar/some_file\n";
    close(ATJOB);
    print "Your job has been scheduled for <b>$hour:$minute $meridiem 
+$day</b>";
}
[download]

[reply]
[d/l]