Re^2: Any security holes?

my $nick = $cgi->param('nick'); ... my $wpage = $cgi->param('wpage'); my $nick = encode_entities($nick, '<>&"'); ... my $wpage = encode_entities($wpage, '<>&"');
[download]

Not to address any security hole but just to simplify and DRY out the code a bit, you might try one of these untested approaches.

my ($nick, $pic, $say, $likes, $fav, $car, $age, $town, $drink, $wpage
+)
= map { encode_entities($cgi->param($_), '<>&"') }
qw ( nick   pic   say   likes   fav   car   age   town   drink   wpage
+);
[download]

Or else (and better IMHO):

use constant CGI_PARAMS => qw(
    nick pic say likes fav car age town drink wpage
    );

my %param =
    map { $_ => encode_entities($_, '<>&"') }
    map { $cgi->param($_) }
    CGI_PARAMS
    ;

...

print $fh <<"EOHTML";
<b>$param{'nick'}</b><br>
<img src='$param{'pic'}' width='250' height='auto' border='2'><br>
<br>
Says <b>$param{'say'}</b><br>
Likes <b>$param{'likes'}</b><br>
Favorite vehicle <b>$param{'fav'}</b><br>
Real life car/vehicle <b>$param{'car'}</b><br>
Age <b>$param{'age'}</b><br>
Hometown <b>$param{'town'}</b><br>
Favorite drink <b>$param{'drink'}</b><br>
<b><a href='$param{'wpage'}'>$param{'wpage'}</a></b>
<HR color=#008000 SIZE=2>
EOHTML
[download]

Give a man a fish: <%-{-{-{-<

Comment on Re^2: Any security holes? Select or Download Code

Replies are listed 'Best First'.
Re^3: Any security holes? by LanX (Saint) on Jun 27, 2022 at 14:21 UTC
> simplify and DRY out the code a bit, simpler and DRYer with loop-aliasing ... ;) `use strict; use warnings; use HTML::Entities; # init my ($nick, $pic, $say, $likes, $fav, $car, $age, $town, $drink, $wpage +)= ("<html>") x10; # escape for my $alias ($nick, $pic, $say, $likes, $fav, $car, $age, $town, $dr +ink, $wpage) { encode_entities($alias); } # out print "$nick ... $wpage";` [download] `<html> ... <html>` edit or just `encode_entities($_) for $nick, $pic, $say, $likes, $fav, $car, $age, $town, $drink, $wp +age;` [download] Cheers Rolf _{(addicted to the Perl Programming Language :) Wikisyntax for the Monastery}	[reply] [d/l] [select]
Re^4: Any security holes? by Limbomusic (Acolyte) on Jun 27, 2022 at 20:42 UTC
Your last suggestion worked well - now my script is: #!C:\Perl64\site\bin\perl.exe use strict; use warnings; use HTML::Entities; use CGI; my $cgi = CGI->new(); my $nick = $cgi->param('nick'); my $pic = $cgi->param('pic'); my $say = $cgi->param('say'); my $likes = $cgi->param('likes'); my $fav = $cgi->param('fav'); my $car = $cgi->param('car'); my $age = $cgi->param('age'); my $town = $cgi->param('town'); my $drink = $cgi->param('drink'); my $wpage = $cgi->param('wpage'); encode_entities($_) for $nick, $pic, $say, $likes, $fav, $car, $age, $town, $drink, $wp +age; open(my $fh, '>>', 'drivers.html'); print "Content-type:text/html\r\n\r\n"; print $fh "<b>$nick</b><br><img src='$pic' width='250' height='auto' b +order='2'><br><br>Says <b>$say</b><br>Likes <b>$likes</b><br>Favorite + vehicle <b>$fav</b><br> Real life car/vehicle <b>$car</b><br>Age <b> +$age</b><br>Hometown <b>$town</b><br>Favorite drink <b>$drink</b><br> +<b><a href='$wpage'>$wpage</a></b><HR color=#008000 SIZE=2>\n"; print "<html><head><meta http-equiv = 'refresh' content = '0; url = dr +ivers.html' /></head>"; close $fh; [download] Looking way better now eh? Will read/learn more on links provided. Thanx everyone.	[reply] [d/l]

edit