in reply to CGI script creating a user shell environment

First, you aren't checking the response code of the program. You don't know if it failed to run. Also, there should be some error ouptut if it fails. Where is that going? Things to check are different permissions and environment variables between the apache and shell user.

Also, I don't like using the backtick operators in void context. If you aren't capturing the output in a variable, it is better to use the system function. One advantage is that the output isn't stored in a possibly huge variable; it is sent straight back to the web server. Another is that the return value can be checked. Finally, the array form of system can be used to bypass the shell.

  • Comment on Re: CGI script creating a user shell environment

Replies are listed 'Best First'.
Re: Re: CGI script creating a user shell environment
by ambrus (Abbot) on Feb 23, 2004 at 15:12 UTC

    You are right about not using qx in void context.

    However the return status of the command you run with qx can be checked by $?>>8. Also qx bypasses the shell if it is given only one word with no special characters.

[reply]
[d/l]

In Section Seekers of Perl Wisdom