quotemeta regex

Carl Franks Mon, 29 Oct 2001 03:14:56 -0800

Hi all,

I'm having trouble with a cgi script, the main problem is the snippet below,
is there anything obvious wrong with it?


if (quotemeta $url =~ /$bad/i) {
 $error = '1';
}


The rest of the code is posted below.
When I run it (telnet) I get the following error messages:

Use of uninitialized value at ./frameit.cgi line 27.
Use of uninitialized value at ./frameit.cgi line 32.
/?/: ?+*{} follows nothing in regexp at ./frameit.cgi line 32.

Basically, it takes a url from GET
e.g.
http://www.actualreality.org.uk/cgi-bin/frameit.cgi?http://www.yahoo.com
and creates a frameset with the url in one frame, and a site banner in the
other frame.
It doesn't check whether it's run from the same domain, as it needs to be
able to be called from a stand-alone program on the users desktop.
For security, it checks that the url doesn't contain the cgi name or other
illegal characters @ ` | ?



#!/usr/bin/perl -w
#
####user variables
$scriptname = 'frameit.cgi'; #the filename of this script
$siteroot = 'http://www.actualreality.org.uk';
$email = '[EMAIL PROTECTED]';
$bannerpage = '/site/outside.html';

####initialize variables
@badchars = ("@", "`", "|", "?");
$url = '0';
$error = '0';
@illegal = @badchars;

####

&parseget;
&printpage;

####

sub parseget {

 push @illegal, $scriptname;
 $url = $ENV{'QUERY_STRING'};
 
 if ($url != /^(http)/i) { ### LINE 27#
  $error = '1';
 }
 
 foreach $bad(@illegal) {
  if (quotemeta $url =~ /$bad/i) { ###LINE 32#
   $error = '1';
  }
 }
###debugging code#
#print "Content-type:text/html\n\n";
print "@illegal\n";
print "@badchars\n";
print "$error\n";
### #
}

####

sub printpage {

 print "Content-type:text/html\n\n";
 print "<html><head>";
 if ($error == '0') {
  print "<title>";
  print "This page is outside of $siteroot";
  print "</title></head>";
 } else {
  print "<title>";
  print "Error";
  print "</title></head>";
 }
 if ($error == '0') {
print <<EndOfHTML;
<frameset rows="50,*" frameborder="YES" border="1" framespacing="1"
bordercolor="#CCCCFF">
<frame name="topFrame" src="$siteroot$bannerpage" >
<frame name="mainFrame" src="$url">
</frameset>
</html>
EndOfHTML
 } else {
print <<EndOfHTML;
<body>
<center>You have sent an illegal url to this script.<br><br>
The correct syntax is:<br>
$siteroot/cgi-bin/$scriptname?<b>http://somesite.com</b>
<br><br>do not include the characters <b>@illegal </b>
or the script name "<b>$scriptname</b>" after the "?".
<br><br>Please contact the <a href="$email">webmaster</a>for help.
</center></body></html>
EndOfHTML
 }
 exit();
}

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

quotemeta regex

Reply via email to