Re: pass cgi object?

You are not passing a CGI object all. You're counting on the $cgi variable being a package variable in package main. This won't work when someone uses a lexical $cgi variable, or just any other variable name.

Since you're obviously worrying about security, I wonder if you're using the $:: prefix to circumvent the strict pragma (and if so, why?). Please be careful.

Also, if I understand the docs correcty, $cgi->https() does not necessarily return 'on' for a https connection but some value that's true.

Anyway I would probably use a subroutine and pass the object in explicitly, more or less like this:

my $q = CGI->new;
check_https($q);

sub check_https {
  my ($cgi) = @_;
  unless ($cgi->https) {
     my $url = $cgi->url(-path_info=>1, -query =>1);
     s/^http:/https:/ or die "Unsupported URI scheme, or https detecti
+on error";
     print $cgi->redirect($url);
     exit;
  }
}
[download]

Ofcourse, this doesn't handle POST requests well.

edit: fixed typo.

"What should it profit a man, if he should win a flame war, yet lose his cool?"

Comment on Re: pass cgi object? Select or Download Code