From: Shaun Fryer <[EMAIL PROTECTED]>
> Please take into account that I'm new at this...
>
> Rather than using CGI.pm, I'm using the following library sub-routine
> which was passed to me by a friend (I think from one of the O'Reilly
> books).
Especialy since you are new at this you should use CGI.pm.
> What I'm wondering is if Perl 5 has any built in functionality
> to prevent buffer overruns or excessive memory consumption resulting
> from POST data. Is there a default maximum for buffer size and for
> bytes recieved via POST?
Normaly no.
> If so, what are these maximums?
>
> And, coming from a total newbee, does CGI.pm deal with this better? If
> so, how?
Yes, CGI.pm does handle this. From it's docs:
=item B<$CGI::POST_MAX>
If set to a non-negative integer, this variable puts a ceiling
on the size of POSTings, in bytes. If CGI.pm detects a POST
that is greater than the ceiling, it will immediately exit with an
error message. This value will affect both ordinary POSTs and
multipart POSTs, meaning that it limits the maximum size of file
uploads as well. You should set this to a reasonably high
value, such as 1 megabyte.
> $value =~ s/<!--(.|\n)*-->//g; # disallow SSI
THIS HAS NOTHING TO DO WITH POST DATA PARSING. THIS
THING SHOULD NOT HAVE BEEN INCLUDED IN THIS FUNCTION!
This was aparently added by someone who wanted to include the
posted data in an HTML page. But first, he should have deleted the
included SSIs (well ... HTML comments, that could be SSIs) later,
not within a function that parses and unescapes the posted data.
(Never do two unrelated things in a single procedure.) And second,
the regexp is incorrect.
Jenda
P.S.: Again from CGI.pm's docs:
=head1 COMPATIBILITY WITH CGI-LIB.PL
To make it easier to port existing programs that use cgi-lib.pl
the compatibility routine "ReadParse" is provided. Porting is
simple:
OLD VERSION
require "cgi-lib.pl";
&ReadParse;
print "The value of the antique is $in{antique}.\n";
NEW VERSION
use CGI;
CGI::ReadParse
print "The value of the antique is $in{antique}.\n";
=========== [EMAIL PROTECTED] == http://Jenda.Krynicky.cz ==========
There is a reason for living. There must be. I've seen it somewhere.
It's just that in the mess on my table ... and in my brain
I can't find it.
--- me
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
