Hi all,
I would appreciate some guidance in the use of CGI::POST_MAX. I've listed a
snippet of relevant code below from my program to illustrate.
When reading in data fields from an HTML form, I want to limit the size of
the data accepted from a TEXTAREA box. I don't want to depend upon my ISPs
timeouts and what-nots to stop a user from trying a DDOS on 'em.
The current incarnation of my script blows itself out of the water if the
$user_body variable (the TEXTAREA source) is greater than 4K, for example.
This is good.
I would like to be able to capture and control the process so that I don't
get rudely blown out of the water with a crude 500 Server message (this
would be gooder! <g>). I would like to: a)generate a useful message and, b)
set some flags, do some more processing, and send a message back to the user
to give them an opportunity to correct their input and atone for their sins.
(This would be more gooder! <g>)
I've read through the CGI.pm writeup, but I don't believe I'm applying it
correctly. I am having a problem understanding just how and where to make
use of CGI::POST_MAX, CGI::Carp, and probably cgi_error() in my code. Where
do I put 'em and can someone demonstrate with a similar snippet of code just
how and where these are used? For example, when this bombs with data > 4096
bytes, I don't even see an error message in my error log file,
...cgi-log.txt -- that would be a nice diagnostic help, too.
If there is another prefered method to limit size of input, I would
appreciate learning about that, too!
Right now my code produces an 'accurate' result (a nuke will 'accurately'
kill a fly), but I would prefer to have it produce a 'precise' result
(perhaps a HOW-TO on using tightly focused gamma rays to zap that fly,
instead). It works, but its not elegant.
I'm looking for the state of "most goodliness". <g>
(My apologies to non-native English readers of this list for my having fun
with the language, but its been a tough day...)
Thanks, all.
John--
[EMAIL PROTECTED]
===============================================================
#!/usr/bin/perl
use strict;
#use diagnostics;
use CGI qw/:standard/;
use CGI::Carp qw/fatalsToBrowser/;
BEGIN {
use CGI::Carp qw(carpout);
open(LOG, ">>$ENV{DOCUMENT_ROOT}/data/cgi-log.txt") or
die("Unable to open $ENV{DOCUMENT_ROOT}/data/cgi-log.txt: $!\n");
carpout(LOG);
}
$CGI::POST_MAX = 1024 * 4; ## Max 4K post size
$CGI::DISABLE_UPLOADS = 1; ## Disable file uploads
$formin = new CGI;
$user_name = ' ';
$user_addr = ' ';
$user_to = ' ';
$user_subj = ' ';
$user_body = ' ';
$user_name = $formin->param('name');
$user_addr = $formin->param('from');
$user_to = $formin->param('to');
$user_subj = $formin->param('subject');
$user_body = $formin->param('body');
## If good form data
## process the form's input...and do good things...
## else
## create return HTML page and tell user where they've transgressed...
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
