stackoom
  简体   繁体   中英

Perl CGI To Write File

 原文  2013-11-15 23:10:18       perl

Question

I have written a Java Applet as a school project and I need a CGI file to create a file in the cgi-bin directory. The problem is when I run the code from the browser, the code executes but my file is not created with the variable name. Nothing is created. Here is the code 

#!/usr/bin/perl -wT
use CGI;

print "content-type: text/plain\n\n";

my $q = CGI->new();
my $name = $q->param('username');
my $pw = $q->param('param');
my $bool = $q->param('bool');
my $rel = $q->param('rel');
my $ext = ".txt";
my $strt = "../cgi-bin/";
my $app = $strt . $name . $ext;

print $app;

open (FILE,'>',$app) or print "Error";
print FILE $pw . "\n";
print FILE $bool . "\n";
print FILE $rel;

close(FILE);

When I run the cgi it prints the $app variable and it is the correct address I want but the file is not created. If I change the line 

open (FILE,'>',$app) or print "Error";

to 

open (FILE,'>','../cgi-bin/test.txt') or print "Error";

it creates the file where I want it. Any ideas why this would happen when using the variable $app? Either way I never get Error printed to the browser.

SOLUTION: Thanks guys for the help. When using: 

use CGI::Carp qw(fatalsToBrowser);

I got this error: 

Content-type: text/html

<H1>Software error:</H1>
<PRE>Insecure dependency in open while running with -T switch
</PRE>
<P>
For help, please send mail to the webmaster (<a href="mailto:or webmaster">or webmaster</a>), giving this error message 
and the time and date of the error.

It seems it was not liking the -T. Once I removed that it worked. Thanks again

2 answers

solution1
 3  2013-11-16 01:10:43

Why you use ../cgi-bin to write into cgi-bin ? Just use:

open (FILE, ">$name$ext") or die $!;

and use CGI::Carp qw(fatalsToBrowser); to carp fatals on the browser (suitable for this debug) with file creation

solution2
 1  2013-11-16 02:36:18

-T is Perl's "tainted data" flag. It stops you from doing unsafe operations with untrusted data. Yes, your script works without the -T flag, but now you have a very insecure script.

If someone passes in a username value of ../../../../../../../../home/badguy/secret , then you will write the username and password into secret.txt in badguy's home directory. -T prevents you from doing that. That's why -T exists.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Write data to a file using CGI-perl perl CGI to write file to sibling directory Perl CGI download file Reading a file in perl with CGI? Downloading file in cgi perl script Upload file using Perl CGI Perl CGI Input type FILE Perl CGI writing to a file concurrently perl cgi unzip an uploaded file Is it possible to write a HTML file with inline css by using perl CGI.pm?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM