porting a script from cgi_handlers.pl to CGI.pm (was : use CGI.pm)

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.

•Re: use CGI.pm
by merlyn (Sage) on Mar 28, 2002 at 19:13 UTC

What part(s) of the code is incompatible with CGI.pm?

Perhaps your real question is "what would that script look like if it had been written using CGI.pm rather than Yet Another Broken Handrolled Parser?" In that case, the answer is, "totally different". There are more things wrong with that script than right. For example, for the right string in the email parameter, I could execute an arbitrary command on that box.

-- Randal L. Schwartz, Perl hacker

[reply]

Re: use CGI.pm
by grep (Monsignor) on Mar 28, 2002 at 20:15 UTC

OK... Here's some suggestions.

#!/usr/local/bin/perl

#!/usr/local/bin/perl -wT
use strict;
[download]

for your header you can use the CGI.pm

&html_header("It's been sent");

use CGI;
my $q = new CGI;
print $q->header;
[download]

Not that it matters much in a script this small, but I would point you to Template Toolkit to seperate you markup from your code. Then you can replace all these print statments.

    print "<H2 ALIGN=center>It's been sent!</H2>; 
        print "<HR ALIGN=center>";
    print "<IMG SRC=\"http://www.iupui.edu/~webtrain/Graphics/Photos/b
+ora_bora.jpg\>";
        ...
[download]

Here it looks like you're getting the query string. You can use CGI's param method.

@pairs =  &url_decode(split(/[&]/, $request));
while ($pairs[$r]) {
    ($a,$b) = split(/[=]/,$pairs[$r++]);
    ($name = $b) if ($a eq 'name');
        ($email = $b) if ($a eq 'email');
        ...
[download]

$q->param('name')
$q->param('email')
...
[download]

And as merlyn pointed out this is really bad

open (MAIL, "| mailx -s \"Web mail from $email!\" cholling\@iupui.edu");

but when you turn on Taint checking this will not be allowed. This does not mean Taint checking is the be all, end all, you can unsafely untaint data. I would highly recommend Ovid Web programming with Perl course.

grep
grep> cd /pub grep> more beer

[reply]
[d/l]
[select]

Re: porting a script from cgi_handlers.pl to CGI.pm (was : use CGI.pm)
by gellyfish (Monsignor) on Mar 29, 2002 at 11:46 UTC

Hey, it's a holiday - this is a semi-mechanical conversion to CGI.pm :

#!/usr/local/bin/perl -wT

use strict;

use CGI qw(:standard);
use CGI::Carp qw(fatalsToBrowser);

print header(),
      start_html( -title => "It's been sent");
print <<EOHTML;
<H2 ALIGN=center>It's been sent!</H2>
<HR ALIGN=center>
<IMG SRC="http://www.iupui.edu/~webtrain/Graphics/Photos/bora_bora.jpg
+">
<HR ALIGN=center>
<H2 ALIGN=center>Thanks!</H2>
<A HREF="http://www.iupui.edu/~webtrain/home.html">Back to Cindy's hom
+e page
</A>
EOHTML


my $name = param('name');
my $email = param('email');
my $status = param('status');
my $entry = param('entry');
my $cindy = param('cindy');
my $talk = param('talk');
my $surf = param('surf');
my $url = param('url');
my $whaturl = param('whaturl');
my $suggestion = param('suggestion');
my $explain = param('explain');

open (MAIL, qq%|  mailx -s "Web mail!" cholling\@iupui.edu%)
    || die "Couldn't send mail - $!\n";

print MAIL <<EOMAIL;
Sender: $name
Email address: $email
Status: $status, $explain
Type of Message: $entry
How Did You Find Me: $cindy $talk $surf $url
If URL, what URL? $whaturl
Message:
$suggestion
EOMAIL

print end_html();
[download]

Update: Removed $email from the subject line passed to mailx as this is a security risk.

/J\

[reply]
[d/l]