I also like to point out that when you die like you're doing now, the user will get a 500 error, possibly embarrasing whoever decides to use this (user has no idea that's what it's supposed to do when it can't read) ;D. A friendly error message might be in order (see CGI::Carp).
One more thing, you store under $header = "text/html", which is not neccessary when you use &CGI::header, because that is the default, and there really is no need to keep it in a "separate" variable (you prolly just got a little carried away with the configurating ;D)
Also, you might wanna add files that begin with . to the list of stuff not ok to see, as well as the actual script that's displaying the directory structure (unless you want it to show up if its there)
And, you also ought to look into the other parameters for the header method (you might wanna specify an expiration time, like print header(-type=>'text/html', -expires => '+5m');
And, look into Ovids cgi intro course, and look into
cause you never know, somebody might decide to mess with you ;D$CGI::DISABLE_UPLOADS = 1;# Disable uploads $CGI::POST_MAX =-1;# Maximum number of bytes per post
Also, since you're going to be using CGI to generate the html, you might as well generate "valid" html, check http://validator.w3.org/ to see about errors, a good starting point is specifying '-dtd' => "-//W3C//DTD HTML 4.0 Transitional//EN" in start_html.
I think that's plenty to ponder, but I suggest you go and check out perlsec first, cause it's the most important.
___crazyinsomniac_______________________________________
Disclaimer: Don't blame. It came from inside the void
perl -e "$q=$_;map({chr unpack qq;H*;,$_}split(q;;,q*H*));print;$q/$q;"
In reply to (crazyinsomniac) Re: Dir Structure Print out
by crazyinsomniac
in thread Dir Structure Print out
by jclovs
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |