On Wed, 13 Jun 2001, Curtis Poe wrote:
>
> There are a few problems with your script.
>
> First, as mentioned earlier, Perl will not interpret values in strings in single
>quotes. You'll
> need double quotes.
>
> Second, you have not assigned values to those variables (lines 17 and 18) until
>*after* you tried
> to use them (line 11). Had you used 'strict', you would have been warned about
>trying to use a
> global variable without an explicit package name.
>
> Third, if your variable contain character with special meaning in a query string,
>then the
> resulting 'action' attribute will have problems. You need to escape those
>characters with
> URI::Escape. Try this:
>
> #!/usr/bin/perl -wT
> use strict;
> use CGI;
> use CGI::Carp 'fatalsToBrowser';
> use URI::Escape;
>
> my $q = new CGI;
> my $uri_chars = "\0-\377";
> my $usuario = uri_escape( $q->param('username'), $uri_chars );
> my $contrasena = uri_escape( $q->param('passwd'), $uri_chars );
>
> print $q->header,
> $q->start_html({bgcolor=>"white"}, 'Check users'),
> $q->h1('Check users'),
> $q->br,
>
>
>$q->start_form(-action=>"http://external-server/cgi-bin/checkuser.cgi?user=$usuario&pass=$contrasena";),
> $q->h3('type user name'),
> $q->textfield(-name=>'username', -size=>20),
> $q->p(),
> $q->h3('type user password'),
> $q->password_field(-name=>'passwd', -size=>20),
> $q->p(),
> $q->submit(-name=>'Check'),
> $q->end_form, $q->hr,
> $q->end_html;
>
> The $uri_chars variable will cause *everything* to be uri_escaped. If you only want
>to escape
> those characters that might pose a problem in the URL, try the following line:
>
> my $uri_chars = '\x00-\x29\x2b\x2c\x2f\x3a-\x40\x5b-\x5e\x60\x7b-\xff';
>
> Cheers,
> Curtis Poe
>
Good points Curtis and thanks for your answers; I've applied (and
understood) all your advices but when I fill the forms with valid entries,
the submit is still passing wrong parameters to checkuser.cgi, like this:
http://external-server/cgi-bin/checkuser.cgi?user=%5Cx00-%5Cx29%5Cx2b%5Cx2c%5Cx2f%5Cx3a-%5Cx40%5Cx5b-%5Cx5e%5Cx60%5Cx7b-%5Cxff&pass=%5Cx00-%5Cx29%5Cx2b%5Cx2c%5Cx2f%5Cx3a-%5Cx40%5Cx5b-%5Cx5e%5Cx60%5Cx7b-%5Cxff
Note:
if i type
http://external-server/cgi-bin/checkuser.cgi?user=abel&pass=prueba
the script works fine.
But not through the form. :(
I've used both
my $uri_chars = "\0-\377";
and
my $uri_chars = '\x00-\x29\x2b\x2c\x2f\x3a-\x40\x5b-\x5e\x60\x7b-\xff';
Am I missing something else?
Thanks in advance,
Abel Lucano
Decode SA
email: [EMAIL PROTECTED]
http://www.decode.com.ar
