[Novalug] a perl question

Megan Larko larkoc@iges.org
Fri Jan 5 11:08:07 EST 2007


Howdy,

To make it linux-related it is perl version 5.8.8 for x86_64 FC4 linux.

I am writing a script that will allow scientists to enter information about a data set the scientist 
is releasing to a test-study group.   The output of the perl script is a data.table.html file that 
may be viewed on the web by anyone.   Not just anyone can get to the script to enter the info.  I 
would like to be relatively secure in writing the script.   I would like to use the -w -T and use 
strict option.   The -w is cool; the use strict stops the program from running with the following 
errors:

[root@localhost cgi-bin]# ./news.data.test.cgi
Global symbol "@pairs" requires explicit package name at ./news.data.test.cgi line 45.
Global symbol "@pairs" requires explicit package name at ./news.data.test.cgi line 47.
Global symbol "%FORM" requires explicit package name at ./news.data.test.cgi line 53.
Global symbol "%FORM" requires explicit package name at ./news.data.test.cgi line 55.
Global symbol "%FORM" requires explicit package name at ./news.data.test.cgi line 55.
Global symbol "%FORM" requires explicit package name at ./news.data.test.cgi line 56

(for each and every FORM line entry, and then finally...)

Execution of ./news.data.test.cgi aborted due to compilation errors.

I have initialized my variables with "my $var = "";"   This included variables obtained from the 
FORM such as $FORM{'ContactEmail'}  and $FORM{'name'} as my $ContactEmail = ""; and my $name = "";
But the string FORM, I could not get to initialize.   a my $FORMP'ContactEmail'} did not work 
(syntax error on my part maybe?)  Also I do use the $ContactEmail as a var without the $FORM prefix 
elsewhere.   What "explicit package" does it want?

I am attaching the script (117 ASCII lines) so that those who wish to look may find the line 
numbers.   BTW, it works successfully without the "use strict" but as it is a web form I would like 
to use better security/checking measures.

Thank you,
megan
-------------- next part --------------
#!/usr/bin/perl -w 
use strict;
###  Unbuffer the output ###
    use FileHandle;
    STDOUT->autoflush(1);
    my $mytime = scalar(localtime());
    my $server = $ENV{'SERVER_NAME'};
    my $host = $ENV{'REMOTE_HOST'};
    my $page = $ENV{'SCRIPT_NAME'};
    my $mailprog = '/usr/sbin/sendmail';
#Meg    my $mailprog = '/usr/bin/mail';
#Meg    my $recipient = 'larkoc@cola.iges.org';
    my $recipient = 'larkoc';
# Initialize vars
my $buffer = "";
my $pair   = "";
my $dir1   = "";
my $name   ="";
my $value  ="";
my $ContactEmail   ="";
my $datatype   ="";
my $dataname   ="";
my $dataDesc   ="";
my $dataX   ="";
my $dataY   ="";
my $dataCtr ="";
my $dataStartLat   ="";
my $dataStartLon   ="";
my $dataEndLat   ="";
my $dataEndLon   ="";
my $dataMeet   ="";
my $dataFormat   ="";
my $dataURL   ="";
my $mybrowser   ="";
my $FORM = "";

print "Content-type: text/html\n\n";
# Flush stdout buffer
$| = 1;
print "<Head><Title>NASA NEWS Investigators Data Table</Title></Head>";
print "<BODY>\n";

read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});

@pairs = split(/&/, $buffer);

foreach $pair (@pairs)
{
  ($name, $value) = split(/=/, $pair);
  $value =~ tr/+/ /;
  $value=~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

 $FORM{$name} = $value;
}
 if ($FORM{'ContactEmail'} eq "") {$FORM{'ContactEmail'} = '';}
 if ($FORM{'name'} eq "") {$FORM{'name'} = '';}

print "<IMG SRC=\"header_news.jpg\" ALT=\"NEWS logo\" HEIGHT=\"100\" WIDTH=\"600\"><BR>\n";
print "Your form submission to NEWS Data has been sent.\n";

open (MAIL, "|$mailprog $recipient ") || die "cant open $mailprog!\n";
print MAIL "Subject: NEWS Data Test\n";
print MAIL "This is a Web page from $FORM{'name'}\n";
print MAIL "\n";
print MAIL "The dataset name: $FORM{'dataname'}\n";
print MAIL "Type: $FORM{'datatype'}.\n\n";
print MAIL "Special Instructions: $FORM{'dataDesc'}\n";
print MAIL "\n";
print MAIL "---------------------------------------------------------------------------\n";
print MAIL "Statistics from: $FORM{'name'} at $FORM{'ContactEmail'}\n";
print MAIL "\n";
print MAIL "The time sent was $mytime \n";
print MAIL "The browser used to access my Web page: $ENV{'HTTP_USER_AGENT'}\n";
print MAIL "The server used to process my Web page: $ENV{'SERVER_NAME'}\n";
print MAIL "---------------------------------------------------------------------------\n";
print MAIL "\n";
close (MAIL);

print "<P>\n";
print "<CENTER>\n";
print "Your dataset description update to the NASA Energy and Watercycle site has been received.<BR>  Please visit <A HREF=\"http://192.239.87.211/data.news.table.html\">the NEWS data
table to view the current descriptions (and holdings)</A><P>\n";
print "The current time is: $mytime <BR>\n";
print "<A HREF=\"http://www.nasa-news.org/\">Return to NEWS Page</A>\n";
print "</CENTER>\n";
print "</BODY>\n";
print "</HTML>\n";

# Write updated information to file "survey.response"
if ($mybrowser =~ /MSIE/) {
        $dir1="/var/www/response/IE";
} else {
        $dir1="/var/www/response";
}  # Ends browser if block
if (open(RESPONSE, ">$dir1/survey.response")) {
   flock RESPONSE, 2; #lock file to assure only single-access
   print RESPONSE "$FORM{'name'} XX $FORM{'ContactEmail'} XX $FORM{'datatype'} XX $FORM{'dataname'} XX $FORM{'dataX'} XX $FORM{'dataY'} XX $FORM{'dataCtr'} XX $FORM{'dataStartLat'} XX $FORM{'dataStartLon'} XX $FORM{'dataMeet'} XX $FORM{'dataEndLat'} XX $FORM{'dataEndLon'} XX $FORM{'dataFormat'} XX $FORM{'dataURL'} XX TEXT: $FORM{'dataDesc'} \n";
} else {     print "<center>Can't open $dir1/response</center>\n";
}  #Ends fi open and releases flock
close (RESPONSE);

# Replace old response file with new response file
# Run 4 times to remove all spaces from system data program; replace some with underscore
$mytime =~ s/\s+//;
$mytime =~ s/\s+//;
$mytime =~ s/\s+/_/;
$mytime =~ s/\s+/_/;
#print "mytime  $mytime \n\n";
rename ("$dir1/survey.response","$dir1/survey.response.$mytime") || print
"Cannot rename response\n";

### Now chdir response and run pagegen.
chdir $dir1;
# NOTE: system forks then execs; exec just executes
system  "ls  > infile.list";
system  "./pagegen.pl";



More information about the Novalug mailing list