firefox could open my cgi, IE will be dead, why?

my cgi is very simple, just output the file's content. the file name
is from another cgi's parameter.

If I use firefox visist the page, no issues at all! Everything looks
great. But if I use Internet Explorer, the cgi will make IE to die.
Please help me.

#!/tivoli/vendor/perl/bin/perl
use CGI;
#rchen on 4/10

my $cgi = new CGI;
print $cgi->header(-type=>"text/html", -expires=>'now');
print $cgi->start_html("Details of the configurations");

my $logfile = $cgi->param('logfile');
open(DATA, "$logfile")|| die("File is not exist!\n");

@lines = ;

foreach $line (@lines) {
print "

$line <\PRE>";

}



close(DATA);

print $cgi->end_html;

Re: firefox could open my cgi, IE will be dead, why?

Hi!

You sent a "text/html" document, so you should directly read from the
file and write to the html stream. The text may contain some
characters with special meaning for html (like "&"). Apply the
function encode_entities to the data before printing.

Greeting from Bavaria,

Markus


On 20 Nov., 07:31, "robertchen...@gmail.com"
wrote:
> my cgi is very simple, just output the file's content. the file name
> is from another cgi's parameter.
>
> If I use firefox visist the page, no issues at all! Everything looks
> great. But if I use Internet Explorer, the cgi will make IE to die.
> Please help me.
>
> #!/tivoli/vendor/perl/bin/perl
> use CGI;
> #rchen on 4/10
>
> my $cgi = new CGI;
> print $cgi->header(-type=>"text/html", -expires=>'now');
> print $cgi->start_html("Details of the configurations");
>
> my $logfile = $cgi->param('logfile');
> open(DATA, "$logfile")|| die("File is not exist!\n");
>
> @lines = ;
>
> foreach $line (@lines) {
> print "

$line <\PRE>";

>

> }

>

> close(DATA);

> print $cgi->end_html;

Re: firefox could open my cgi, IE will be dead, why?

robertchen117@gmail.com wrote:
> my cgi is very simple, just output the file's content. the file name
> is from another cgi's parameter.
>
> If I use firefox visist the page, no issues at all! Everything looks
> great. But if I use Internet Explorer, the cgi will make IE to die.
> Please help me.

Enable warnings (and strictures), and Perl will help you find the problem.

--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl

Re: firefox could open my cgi, IE will be dead, why?

robertchen117@gmail.com wrote:
> my cgi is very simple, just output the file's content. the file name
> is from another cgi's parameter.
>
> If I use firefox visist the page, no issues at all! Everything looks
> great. But if I use Internet Explorer, the cgi will make IE to die.
> Please help me.
>
> #!/tivoli/vendor/perl/bin/perl
> use CGI;
> #rchen on 4/10
>
> my $cgi = new CGI;
> print $cgi->header(-type=>"text/html", -expires=>'now');
> print $cgi->start_html("Details of the configurations");
>
> my $logfile = $cgi->param('logfile');
> open(DATA, "$logfile")|| die("File is not exist!\n");
>
> @lines = ;
>
> foreach $line (@lines) {
> print "

$line <\PRE>";

> }

>

> close(DATA);

> print $cgi->end_html;



I tried to bit improve your script. All changes are closed to #### lines and 

original lines are commented by ##.



#!/tivoli/vendor/perl/bin/perl

use CGI;

###############

use strict;

###############

#rchen on 4/10



 my $cgi = new CGI;



print $cgi->header(-type=>"text/html", -expires=>'now');

print $cgi->start_html("Details of the configurations");

my $logfile = $cgi->param('logfile');

## open(DATA, "$logfile")|| die("File is not exist!\n");

###############

open(DATA, "$logfile") or die("File not exist or not permission to 

read!\n");

###############

## @lines = ;

## foreach $line (@lines) {

###############

while (my $line = ) {

###############

         print "
$line <\PRE>";

 }

close(DATA);

print $cgi->end_html;





-- 



Petr Vileta, Czech republic

(My server rejects all messages from Yahoo and Hotmail. Send me your mail 

from another non-spammer site please.)

Re: firefox could open my cgi, IE will be dead, why?

On Nov 19, 10:31 pm, "robertchen...@gmail.com"
wrote:
> my cgi is very simple, just output the file's content. the file name
> is from another cgi's parameter.
>
> If I use firefox visist the page, no issues at all! Everything looks
> great. But if I use Internet Explorer, the cgi will make IE to die.
> Please help me.
>
> #!/tivoli/vendor/perl/bin/perl
> use CGI;
> #rchen on 4/10
>
> my $cgi = new CGI;
> print $cgi->header(-type=>"text/html", -expires=>'now');
> print $cgi->start_html("Details of the configurations");
>
> my $logfile = $cgi->param('logfile');
> open(DATA, "$logfile")|| die("File is not exist!\n");
>
> @lines = ;
>
> foreach $line (@lines) {
> print "

$line <\PRE>";

>

> }

>

> close(DATA);

> print $cgi->end_html;



You're using <\PRE> when should be 

 line 

 line

      line

      line

Re: firefox could open my cgi, IE will be dead, why?

patrick wrote:

>> print $cgi->header(-type=>"text/html", -expires=>'now');
>> print $cgi->start_html("Details of the configurations");
>>
>> my $logfile = $cgi->param('logfile');
>> open(DATA, "$logfile")|| die("File is not exist!\n");
>>
>> @lines = ;
>>
>> foreach $line (@lines) {
>> print "

$line <\PRE>";

>>

>> }

>>

>> close(DATA);

>> print $cgi->end_html;

> 

> You're using <\PRE> when should be 

 line 

 line

>       line

>       line

> 

", , "

Re: firefox could open my cgi, IE will be dead, why?

Big and Blue writes:

> print $cgi->header(-type=>"text/text", -expires=>'now');
> ....
> print ;
>
> No point putting it into HTML if you don't intend to use it.

The mime type for plain text is text/plain.

sherm--

--
WV News, Blogging, and Discussion: http://wv-www.com
Cocoa programming in Perl: http://camelbones.sourceforge.net

Re: firefox could open my cgi, IE will be dead, why?

On Nov 19, 10:31 pm, "robertchen...@gmail.com"
wrote:
> my cgi is very simple, just output the file's content. the file name
> is from another cgi's parameter.
>
> If I use firefox visist the page, no issues at all! Everything looks
> great. But if I use Internet Explorer, the cgi will make IE to die.
> Please help me.
Others have already point out the main issues, but I'll point out a
few that were missed.
>
> #!/tivoli/vendor/perl/bin/perl
Since this is a cgi script that relies on user input, you should be
running in taint mode.

#!/tivoli/vendor/perl/bin/perl -T

> use CGI;
During the testing/debugging phase, you should redirect the fatal
errors and warnings to the browser to aide in troubleshooting.

use CGI::Carp qw(fatalsToBrowser warningsToBrowser);
> #rchen on 4/10
>
> my $cgi = new CGI;
> print $cgi->header(-type=>"text/html", -expires=>'now');
> print $cgi->start_html("Details of the configurations");
warningsToBrowser(1); # warnings show up as html comments
>
> my $logfile = $cgi->param('logfile');
> open(DATA, "$logfile")|| die("File is not exist!\n");
1) That is very insecure because it allows the user to access files
that they shouldn't.

2) Unless there is a possibility of having spaces in the filename,
there is no need (and most will say you shouldn't) use the quotes
around the var.

3) DATA is one of Perl's reserved filehandles used to read in data
after the __DATA__ or __END__ token. It should not be used as the
filehandle for accessing the log file.

4) It's preferable to use the 3 arg form of the open call.

5) Especially during debugging, the die statement should include the
error message returned by the OS.

my %logs (log1 => 'path/to/log1',
log2 => 'path/to/log2',
log3 => 'path/to/log3',
);

my $logfile = $cgi->param('logfile');
open( my $logfile, '<', $logs{$logfile} )
|| die "Unable to open $logfile: <$!>\n";

>
> @lines = ;
>
> foreach $line (@lines) {
> print "

$line <\PRE>";

>

> }

>

> close(DATA);

> print $cgi->end_html;

Re: firefox could open my cgi, IE will be dead, why?

On Nov 20, 10:20 pm, Ron Bergin wrote:
>
> my $logfile = $cgi->param('logfile');
> open( my $logfile, '<', $logs{$logfile} )
> || die "Unable to open $logfile: <$!>\n";
>
Oops, a little correction:

my $logfile = $cgi->param('logfile');
open( my $log, '<', $logs{$logfile} )
|| die "Unable to open $logfile: <$!>\n";

Re: firefox could open my cgi, IE will be dead, why?

At 2007-11-21 01:20AM, "Ron Bergin" wrote:
[...]
> use CGI::Carp qw(fatalsToBrowser warningsToBrowser);
[...]
> my $logfile = $cgi->param('logfile');
> open( my $logfile, '<', $logs{$logfile} )
> || die "Unable to open $logfile: <$!>\n";

Probably shouldn't use "<" and ">" as quotes if you're emitting HTML.

--
Glenn Jackman
"You can only be young once. But you can always be immature." -- Dave Barry

Re: firefox could open my cgi, IE will be dead, why?

Quoth Ron Bergin :
>
> 2) Unless there is a possibility of having spaces in the filename,
> there is no need (and most will say you shouldn't) use the quotes
> around the var.

Perl is not shell. There is no need to quote variables, ever, unless you
*really* care about stringification for some reason.

Ben

Re: firefox could open my cgi, IE will be dead, why?

"Petr Vileta" writes:
> ## open(DATA, "$logfile")|| die("File is not exist!\n");
> ###############
> open(DATA, "$logfile") or die("File not exist or not permission to
> read!\n");

Why not just let Perl tell you what went wrong? Also, don't need to
quote "$logfile", and you can use lexical filehandles instead of
needing globals like DATA:

open my $data, '<', $logfile or die "Can't open data file: $!";

-=Eric

quote variables (was: Re: firefox could open my cgi, IE will be dead, why?)

Ben Morrow schreef:
> Ron Bergin:

>> 2) Unless there is a possibility of having spaces in the filename,
>> there is no need (and most will say you shouldn't) use the quotes
>> around the var.
>
> Perl is not shell. There is no need to quote variables, ever, unless
> you *really* care about stringification for some reason.

Yes, sometimes you can make use of stringification. See for example the
rename method in IO::All,
http://search.cpan.org/src/INGY/IO-All-0.38/lib/IO/All/Files ys.pm

--
Affijn, Ruud

"Gewoon is een tijger."