in reply to "CGI::param called in list context" confusion

Somewhere in your code, something calls $cgi->param('foo'), but allows it to return more than one parameter. The line could look like:

my @foos= $cgi->param('foo');

[download]

or

print_results( foo => $cgi->param('foo'), is_admin => 0 );

[download]

The second form is the problematic form, because $cgi->param('foo') could return more than one item but nothing in your code expects that. The most likely fix is to change that line to:

print_results( foo => scalar($cgi->param('foo')), is_admin => 0 );

[download]

Replies are listed 'Best First'.
Re^2: "CGI::param called in list context" confusion
by Anonymous Monk on Mar 19, 2015 at 09:26 UTC
    Thanks! Can you explain how this could be exploited, is there a quick way to test? I would better understand how this could be exploited so we can change the code. Thanks
[reply]

      Look again at the example I gave in my above code. Submitting more than one value for foo allows you to swap keys and values in the call to the function or to insert additional keys into the call.

      For example if your code is

      #!perl -w
use strict;
use CGI;
use Data::Dumper;

sub do_foo {
    my( %params )= @_;
    print Dumper \%params;
    if( $params{ is_admin }) {
        print "Is admin\n";
    } else {
        print "No admin\n";
    };
};

my $q= CGI->new();
do_foo( is_admin => 0, foo => $q->param('foo') );

      [download]

      ... then you can test various incantations from the command line:

      perl -w test.pl foo=1
perl -w test.pl foo=bar
perl -w test.pl foo=0&foo=is_admin&foo=yeah&foo=another_parameter&foo=
+yippieh

      [download]
[reply]
[d/l]
[select]
[reply]

In Section Seekers of Perl Wisdom