in reply to Problem that I can't find
Here are some thoughts on the code. Use the taint switch -T!!! It's trivial for a user to alter the form and resubmit with data that can wreak havoc on your site. When you untaint data, make sure that your allowed information is restricted as TIGHTLY AS POSSIBLE!!! For example, when you are testing $q{'command'}, try the following:
That's pretty bulletproof. $command can only equal 'search' or spaces. No malicious code can sneak in. I included the possibility of spaces because you were also testing for an empty string, which appeared to be acceptable. Any Monks know how to make that match 'search' or undef? Hmm, you could just match for search and use this:$q{'command'} =~ /^(search|\s*)$/; $command = $1; # $command is now untainted.
defined $command && $command eq 'search' ? &search : &main; # gosh, I +love the trinary operator :)
Possible problem: is there any chance that $q{'first'} can have a non-numeric value? It's used to assign to $firstDis. This is later found in:
Since '<' is a numeric comparison, this will cause a problem. I think it's a longshot, but it's all I can tell without seeing your data.while ($firstDisp < $lastDis) {...}
Have you tried running the script from the command line with a debugger? If you do that, step through the code and print out the value of variables in trouble spots. You'll likely find the problem.
Also, use CGI.pm. It's much more robust than the code you have above. All of the code you have to get the form values can be substituted with the following:
Then, to access a particular form value, such as $command, use the following:use CGI; my $q = new CGI;
It doesn't matter if method is get or post. You can read about it here.$q->param('command') =~ /^(search|\s*)$/; # untaint 'command' my $command = $1; # $command is now untainted.
Good luck!
|
|---|