Mailing unescaped CGI parameters

jlongino has asked for the wisdom of the Perl Monks concerning the following question:

I apologize for this post, but I was unable to find anything relevant using Super Search, The Perl CD Bookshelf, Version 2.0 (actually I have version 1.0, but O'Reilly didn't have a link to it that I could find) or perldoc CGI. (Sidenote, the isbn://xxxxxxxxxx is rerouting to Barnes & Noble sans return of the desired content)

I have a Web application that has been in production for 3 years now but have a cosmetic enduser request that I haven't gotten around to. The application allows the enduser to submit a calendar event via mail but, by default, sends the CGI parameters escaped. The endusers want a unescaped layout. Here are the relevant code snippets:

# ...
open (MAIL, "|/usr/lib/sendmail -oi -t") or die "Can't fork sendmail: 
+$!";
print MAIL <<EOF;
From: requestor@from.foo.net
To: Receiver@to.foo.net
Subject: Requested Calendar Event

EOF
CGI::save_parameters(*MAIL);
close (MAIL) or die "can't close sendmail: $!";
# ...
[download]

What I'm hoping for is a simple method similar to save_parameters() to handle this. The more I think about it, perhaps it would be better to write a snippet that manually includes only the parms I want (so that spoofed parms don't appear as well). What do you think? TIA.

--Jim

Comment on Mailing unescaped CGI parameters Download Code

Replies are listed 'Best First'.
•Re: Mailing unescaped CGI parameters by merlyn (Sage) on Apr 11, 2002 at 18:09 UTC
What does it mean to send them "unescaped"? You'll have to delimit the values somehow, or else you might as well just send `join "", map param($_), param;` [download] as all rammed together. {grin} One clean choice would be to send them using Data::Denter: `use Data::Denter; use CGI qw(param); my %params; for (param) { my @values = param($_); $params{$_} = @values == 1 ? $values[0] : \@values; } print Denter \%params;` [download] The output is both human and machine readable. -- Randal L. Schwartz, Perl hacker	[reply] [d/l] [select]
Re: Mailing unescaped CGI parameters by perlplexer (Hermit) on Apr 11, 2002 at 18:14 UTC
Take a look at URI::Escape. --perlplexer	[reply]
Re: Mailing unescaped CGI parameters by erikharrison (Deacon) on Apr 11, 2002 at 18:19 UTC
Alright, since you are using the function oriented interface, you need to import the :cgi-lib set of function calls, to use the Vars() function, which will return the params as a hash, multivalued fields being delimited by a "\0" (null) character. `use CGI qw(:cgi-lib); %params = Vars(); foreach $member (key %params) { print "$member = "; @values = split /\0/, $params{$member}; print "@values\n"; }` [download] Cheers, Erik	[reply] [d/l]
Re: Mailing unescaped CGI parameters by jlongino (Parson) on Apr 11, 2002 at 20:25 UTC
Apparently I wasn't able to communicate my original problem very well. Either that, or I woke up on a different planet this morning. Using the snippet of code in my original post generates output like so: Subject: Mailed Campus Calendar Event Date: Thu, 11 Apr 2002 14:11:16 -0500 (CDT) From: Requestor@from.foo.net To: Receiver@to.foo.net ShDesc=This%20is%20the%20event%20field BegMon=04 BegDay=20 BegYear=2002 BegHour=10 BegMin=00 BegAmPm=am EventType=MISC EndMon=04 EndDay=20 EndYear=2002 EndHour=02 EndMin=00 EndAmPm=pm Prefix= Loc=Anywhere Sponsor=Anyone Contact=Anywho ConTel1=111 ConTel2=222 ConTel3=3333 ConEmail=foo%40bar.com URL=http%3A%2F%2Fwhatdoyouknow.com LongDesc=This%20is%20a%20field%20for%20details%20about%20the%20event. = [download] The question was whether or not there was a function similar to CGI::save_parameters() that generates the "unescaped" data as follows: Subject: Mailed Campus Calendar Event Date: Thu, 11 Apr 2002 14:11:16 -0500 (CDT) From: Requestor@from.foo.net To: Receiver@to.foo.net ShDesc=This is the event field BegMon=04 BegDay=20 BegYear=2002 BegHour=10 BegMin=00 BegAmPm=am EventType=MISC EndMon=04 EndDay=20 EndYear=2002 EndHour=02 EndMin=00 EndAmPm=pm Prefix= Loc=Anywhere Sponsor=Anyone Contact=Anywho ConTel1=111 ConTel2=222 ConTel3=3333 ConEmail=foo@bar.com URL=http://whatdoyouknow.com LongDesc=This is a field for details about the event. = [download] or would it be a better idea to simply write a snippet to do it? I'll assume from the responses that a snippet is the way to go. BTW, I don't need help writing it, I was apparently mistaken that I had read a post within the last 7 months that pointed to a one-line substitution for CGI::save_parameters(). Thanks anyhow. --Jim Update: I accomplished what I need with a one-liner: `open (MAIL, "\|/usr/lib/sendmail -oi -t") or die "Can't fork sendmail: +$!"; print MAIL <<EOF; From: Requestor@from.foo.net To: Receiver@to.foo.net Subject: Mailed Campus Calendar Event EOF ### Note: All params are single-instance scalars. print MAIL "$_: ", $query->param($_), "\n" foreach $query->param; close (MAIL) or die "can't close sendmail: $!";` [download]	[reply] [d/l] [select]