I'm having issues in a CGI::Application app i've written (where the bulk of code is in a .pm file, and an instance script uses it). in the application, i grab a username and password from a cookie, then run an external command (a C program) to authenticate the user/pass, like so: 
sub do_auth_check
{
  # get self object and CGI query object
  my $self = shift;
  my $q = $self->query();
  
  # get user info from cookies
  my($uname,$pwd) = ( $q->cookie('username'), $q->cookie('password') )
+;
  warn($uname.':'.$pwd); # DEBUG use only
  
  # build command
  my $com = 'env QUERY_STRING=username='.$uname.'\;password='.$pwd.' /
+usr/bin/custom_auth_tool';
  warn('running command "'.$com.'"'); # DEBUG use only
  
  # run command through a pipe
  open(WEBOS,"$com|");
  $com = join('', <WEBOS>);
  close(WEBOS);
  
  # remove newlines (should also take care of tainting, IIRC)
  $com =~ s/\x0D?\x0A//g;
  
  warn('ran command "'.$com.'"'); # DEBUG use only
  return $com;
}

[download]
authentication doesnt work, however, and in the error log, i get this: 
evan:password at AppTest.pm line 554.
running command "env QUERY_STRING=username=evan\;password=password /us
+r/bin/custom_auth_tool" at AppTest.pm line 561.
ran command: "" at AppTest.pm line 566.

[download]
 so, the command seems to output a blank string, which i would normally attribute to permissions, but if I run the following script: 
#!perl

use strict;
use CGI;

my $q = new CGI;

my $uname = $q->cookie('username');
my $pwd = $q->cookie('password');

my $com = 'env QUERY_STRING=username='.$uname.'\;password='.$pwd.' /us
+r/bin/custom_auth_tool';

print "Content-Type: text/plain\n\n",
      "Command:\n$com\n\n";

open(WEBOS,"$com|");
$com = join('', <WEBOS>);
close(WEBOS);

print "Result:\n$com\n\n";

[download]
 this works, and i get the following: 
Command:
env QUERY_STRING=username=evan\;password=password /usr/bin/custom_auth
+_tool

Result:
user evan authenticated

[download]
 i thought perhaps it was because the test script above had executable permissions, whereas AppTest.pm (where the do_auth sub is) didnt, it was just being used by an instance script. so, i chmodded AppTest.pm, but to no avail...i'm stumped, can anyone see anything i've missed?

EDIT: escaped semicolons in the commands per Fletch's suggestion. the original problem still persists...thanks for the suggestion though!

__________
Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life.
- Terry Pratchett

In reply to blank string returned from piped command by EvanK

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.