Re: Extracting Cookies

Replies are listed 'Best First'.
RE: Re: Extracting Cookies by toadi (Chaplain) on Aug 18, 2000 at 12:16 UTC
People just don't want to learn. Most of the time when I look at scripts which I download from the web they use things like this: $buffer = ""; read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); @pairs=split(/&/,$buffer); foreach $pair (@pairs) { @a = split(/=/,$pair); $name=$a[0]; $value=$a[1]; $value =~ s/\+/ /g; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1 +))/eg; $value =~ s/~!/ ~!/g; $value =~ s/\</\&lt\;/g; # html tag removal (remove t +hese lines to enable HTML tags in messages) $value =~ s/\>/\&gt\;/g; # html tag removal (remove t +hese lines to enable HTML tags in messages) $value =~ s/[\r\n]//g; if ($name eq "username") { $value =~ s/\s*$//g; } push (@data,$name); push (@data,$value); } %form=@data; %form; [download] Well I just gave up, there are even guys who develop websites and think I'm a idiot because I read the whole perldoc CGI! I must admit the first time I worked with it I was a bit slower, but now it's rewarding because I code as fast as them but my code is a lot better/safer then the copy&paste from the my fellow coders. But this is going to change because next month I will write app's for our admin's.They wanted a perl-coder because they know writing safe perl-code is so cool :-) -- My opinions may have changed, but not the fact that I am right	[reply] [d/l]
Perfect example of why to use CGI.pm by merlyn (Sage) on Aug 18, 2000 at 19:29 UTC
So it's cool that you're using `CGI.pm` (at least if I read it right from my early morning brain here), but just in case the home audience doesn't see what's so wrong from this oft-repeated "cargo cult" junk: it doesn't handle a GET request instead of a POST an evil guy can give a huge content-length and overflow your system it doesn't handle the recommend ";" separator instead of "&" it mangles `~!` in the content for some unknown reason while it fixes less-than and greater-than for HTML reasons, it doesn't patch up ampersand it folds possibly significant whitespace it removes trailing whitespace from a special field named `username` using a poor regex it creates the key/value pairs for a hash in separate arrays, rather than just assigning a new element directly it doesn't allow for `SELECT MULTIPLE` selection boxes or multiple fields with the same name, because the second value overwrites the first instead of adding to it it doesn't easily allow for file upload even to be grafted on the side it doesn't handle some of the recent CERT warnings about broken character set interpretations all of which are handled properly by `CGI.pm`. And here's the problem. Whoever wrote this probably copied most of it from someone else (or worse, one of those awful books out there), and now the next guy who comes along says "hey, do you have anything that handles the CGI stuff?" will probably steal this code for his own. Without realizing any of the brokenness. That's why we say so adamantly: use CGI.pm! It's just too much work to keep pointing out these major errors over and over and over again. -- Randal L. Schwartz, Perl hacker	[reply]
(Guildenstern) REx3: Extracting Cookies by Guildenstern (Deacon) on Aug 19, 2000 at 01:04 UTC
that code looks eerily similar to what we learned in the 1st edition of "CGI Programming with Perl". i see that there's a second edition out now, so i hope they've updated it. i remember writing lots of code with a sub that looked like that. of course, this was for a class and we tended to get marked down for using modules and not writing anything of our own. shudders yeck.	[reply]