Re^3: Any security holes?

> simplify and DRY out the code a bit,

simpler and DRYer with loop-aliasing ... ;)

use strict;
use warnings;
use HTML::Entities;

# init
my ($nick, $pic, $say, $likes, $fav, $car, $age, $town, $drink, $wpage
+)=
  ("<html>") x10;

# escape
for my $alias ($nick, $pic, $say, $likes, $fav, $car, $age, $town, $dr
+ink, $wpage) {
    encode_entities($alias);
}

# out
print "$nick ... $wpage";
[download]

<html> ... <html>

edit

or just

encode_entities($_)
   for $nick, $pic, $say, $likes, $fav, $car, $age, $town, $drink, $wp
+age;
[download]

Cheers Rolf
_{(addicted to the Perl Programming Language :)

Wikisyntax for the Monastery}

Comment on Re^3: Any security holes? Select or Download Code

Replies are listed 'Best First'.
Re^4: Any security holes? by Limbomusic (Acolyte) on Jun 27, 2022 at 20:42 UTC
Your last suggestion worked well - now my script is: #!C:\Perl64\site\bin\perl.exe use strict; use warnings; use HTML::Entities; use CGI; my $cgi = CGI->new(); my $nick = $cgi->param('nick'); my $pic = $cgi->param('pic'); my $say = $cgi->param('say'); my $likes = $cgi->param('likes'); my $fav = $cgi->param('fav'); my $car = $cgi->param('car'); my $age = $cgi->param('age'); my $town = $cgi->param('town'); my $drink = $cgi->param('drink'); my $wpage = $cgi->param('wpage'); encode_entities($_) for $nick, $pic, $say, $likes, $fav, $car, $age, $town, $drink, $wp +age; open(my $fh, '>>', 'drivers.html'); print "Content-type:text/html\r\n\r\n"; print $fh "<b>$nick</b><br><img src='$pic' width='250' height='auto' b +order='2'><br><br>Says <b>$say</b><br>Likes <b>$likes</b><br>Favorite + vehicle <b>$fav</b><br> Real life car/vehicle <b>$car</b><br>Age <b> +$age</b><br>Hometown <b>$town</b><br>Favorite drink <b>$drink</b><br> +<b><a href='$wpage'>$wpage</a></b><HR color=#008000 SIZE=2>\n"; print "<html><head><meta http-equiv = 'refresh' content = '0; url = dr +ivers.html' /></head>"; close $fh; [download] Looking way better now eh? Will read/learn more on links provided. Thanx everyone.	[reply] [d/l]

Replies are listed 'Best First'.

Re^4: Any security holes?
by Limbomusic (Acolyte) on Jun 27, 2022 at 20:42 UTC

#!C:\Perl64\site\bin\perl.exe
use strict;
use warnings;
use HTML::Entities;
use CGI;

my $cgi = CGI->new();

my $nick = $cgi->param('nick');
my $pic = $cgi->param('pic');
my $say = $cgi->param('say');
my $likes = $cgi->param('likes');
my $fav = $cgi->param('fav');
my $car = $cgi->param('car');
my $age = $cgi->param('age');
my $town = $cgi->param('town');
my $drink = $cgi->param('drink');
my $wpage = $cgi->param('wpage');

encode_entities($_)
   for $nick, $pic, $say, $likes, $fav, $car, $age, $town, $drink, $wp
+age;

open(my $fh, '>>', 'drivers.html');
print "Content-type:text/html\r\n\r\n";
print $fh "<b>$nick</b><br><img src='$pic' width='250' height='auto' b
+order='2'><br><br>Says <b>$say</b><br>Likes <b>$likes</b><br>Favorite
+ vehicle <b>$fav</b><br> Real life car/vehicle <b>$car</b><br>Age <b>
+$age</b><br>Hometown <b>$town</b><br>Favorite drink <b>$drink</b><br>
+<b><a href='$wpage'>$wpage</a></b><HR color=#008000 SIZE=2>\n";
print "<html><head><meta http-equiv = 'refresh' content = '0; url = dr
+ivers.html' /></head>";
close $fh;
[download]

[reply]
[d/l]