Re: Re: CGI: Make one big program or lots of little ones?

This is a technique that I use, either using hidden fields as you describe or passing flags in PATH_INFO.

However, I would use a hash instead of your @safesubs and $ok:

my %valid = map {$_ => undef} qw(this_sub that_sub other_sub);
die unless exists $valid{$op};
&$op();
[download]

Comment on Re: Re: CGI: Make one big program or lots of little ones? Download Code

Replies are listed 'Best First'.
Re: Re: Re: CGI: Make one big program or lots of little ones? by DarkProphet (Novice) on Feb 23, 2001 at 21:01 UTC
Well passing flags in the PATH_INFO works fine, but wouldn't encourage doing it that way, beacause the browser will show the whole path (including flags). This is fine if there is no real sensitive info in the path, but it can be more of a security risk. Using hidden fields is a bit safer. But your code itself does look a lot nicer ;-) I've never claimed to be a Perl God(TM), and any claims to the converse are used fictitiously.	[reply]
Re: Re: Re: Re: CGI: Make one big program or lots of little ones? by tomhukins (Curate) on Feb 23, 2001 at 21:25 UTC
Whether the programmer is using hidden fields or PATH_INFO, it's important to check all user-supplied data on the server side. Server side validation is essential for all Web development where untrusted users might access your site. Reference: The WWW Security FAQ.	[reply]