Hello, iam havign an issue about a string that when is submittd
through a form in index.pl doesnt get back the same as the original
you can read here so i wont type everythign form beginning please.
PerlMonks tried to help me (well 1 of them actuall) but i didnt came
to a final conclusion as to whats going on and how to correct it.
On Jan 3, 7:51=A0am, Nikos
> Hello, iam havign an issue about a string that when is submittd
> through a form in index.pl doesnt get back the same as the original
>
> you can read here so i wont type everythign form beginning please.
We can't read anything you don't give us. If you think you put in a
hyperlink there, you didn't. Usenet is text only.
Paul Lalli
On 3 Éá=ED, 15:06, Paul Lalli
> We can't read anything you don't give us. =A0If you think you put in a
> hyperlink there, you didn't. =A0Usenet is text only.
Ah, sorry Paul here is the the link(had it in mind but forgo to attach
it): http://perlmonks.org/?node_id=3D659466
Did anyone read the link? if you want i can also explaint he peroblem
here.
Nikos wrote:
> Did anyone read the link? if you want i can also explaint he peroblem
> here.
I did but there was insufficient information for me to comment. You
didn't post a complete program nor the HTML of the form which invoked
the program.
I suspect that printing* the value of param('select') in the else clause
will shed some light on the problem. It wouldn't hurt to print
@display_files too.
Maybe some values need chomping.
* I'd use Data::Dumper or carefully quote the values to look for
extraneous whitespace etc;
Here is index.pl as it is now: you can view it at http://nikos.no-ip.org
if you want
#!/usr/bin/perl -w
use strict;
use CGI::Carp qw(fatalsToBrowser);
use CGI qw(:standard);
use DBI;
use POSIX qw(strftime);
use Encode;
my ($select, $article, $row, $data);
my $date =3D strftime('%y-%m-%d %H:%M:%S', localtime);
my $display_date =3D strftime('%a %d %b, %I:%M %p', localtime);
Encode::from_to($display_date, 'ISO-8859-7', 'utf8');
my $host =3D gethostbyaddr (pack ("C4", split (/\./,
$ENV{'REMOTE_ADDR'})), 2) || $ENV{REMOTE_ADDR};
$host =3D "Administrator" if ( ($host =3D~ /dell/) or ($host =3D~ /
localhost/) );
#===================3D=3 D=====3D=
==================== =====3D=
==================== =====3D=
====
my $db =3D ( $ENV{'SERVER_NAME'} !~ /varsa/ )
? DBI->connect('DBI:mysql:orthodox;localhost', 'root', '*****',
{RaiseError=3D>1})
: DBI->connect('DBI:mysql:nikosva_orthodox;www.freegreece.net' ,
'nikosva_nikos', '****', {RaiseError=3D>1});
#===================3D=3 D=====3D=
==================== =====3D=
==================== =====3D=
====
print header( -charset=3D>'utf-8' );
my $article =3D param('select') || "Áñ÷éêÞ Óåëßäá!";=
my @files =3D glob "$ENV{'DOCUMENT_ROOT'}/data/text/*.txt";
my @display_files =3D map m{([^/]+)\.txt}, @files;
Encode::from_to($_, 'ISO-8859-7', 'utf8') for @display_files;
if ( param('select') ) { #If user selected an item from the drop
down menu
unless ( grep { $_ eq param('select') } @display_files ) #Unless
user selection doesn't match one of the valid filenames within
@display_files
{
if( param('select') =3D~ /\0/ )
{
$article =3D "*Null Byte Injection* attempted & logged!";
print br() x 2, h1( {class=3D>'big'}, $article );
}
if( param('select') =3D~ /\/\.\./ )
{
$article =3D "*Backwards Directory Traversal* attempted &
logged!";
print br() x 2, h1( {class=3D>'big'}, $article );
}
$select =3D $db->prepare( "UPDATE guestlog SET article=3D?, date=3D?,
counter=3Dcounter+1 WHERE host=3D?" );
$select->execute( $article, $date, $host );
exit 0;
}
$article =3D decode('utf8', param('select' ));
Encode::from_to($article, 'utf8', 'ISO-8859-7');
open FILE, "<$ENV{'DOCUMENT_ROOT'}/data/text/$article.txt" or die
$!;
local $/;
$data =3D
close FILE;
$select =3D $db->prepare( "UPDATE guestlog SET article=3D?, date=3D?,
counter=3Dcounter+1 WHERE host=3D?" );
$select->execute( $article, $date, $host );
}
else {
$select =3D $db->prepare( "SELECT host FROM guestlog WHERE host=3D?" );
$select->execute( $host );
if ($select->rows)
{
$select =3D $db->prepare( "SELECT host, DATE_FORMAT(date, '%a %d
%b, %h:%i') AS date, counter, article FROM guestlog WHERE host=3D?" );
$select->execute( $host );
$row =3D $select->fetchrow_hashref;
$data =3D "Êáëþ=F2 Þëèå=F2 $host! ×áßñïì=
áé ðï=F5 âñßóêåéò ôç=ED óåëßäá
åíäéáöÝñïõóá.
Ôåëåõôáß=E1 öïñÜ Þñèå=F2 =E5=
äþ ùò $row->{host} óôéò $row-
>{date} !
Ðñïçãïýìåíïò áñéèìþ=ED =
åðéóêÝøåùí =3D> $row->{counter}
Ôåëåõôáß=E1 åßäå=F2 ôï êåß=
ìåíï [ $row->{article} ]
Ðïéü êåßìåí=EF èá ìåëåôÞ=
óåéò áõôÞ=ED ôç=ED öïñÜ !?";
$select =3D $db->prepare( "UPDATE guestlog SET date=3D?,
counter=3Dcounter+1 WHERE host=3D?" );
$select->execute( $date, $host );
}
else
{
if ($host eq "Administrator") {
$data =3D "ÃåéÜ óï=F5 Íéêüëá! Ðþ=F2 =F0=
Üí=E5 ôá êÝöé=E1? ;-)";
}
else {
$data =3D "ÃåéÜ óï=F5 $host!
¸ñ÷åóá=E9 ãé=E1 1=E7 öïñÜ åä=
=FE !!
Åëðßæù íá âñåß=F2 ôá êåß=
ìåíá åíäéáöÝñïíôá :-)";
}
unless ($host eq "Administrator") {
$select =3D $db->prepare( "INSERT INTO guestlog (host, date,
article, counter) VALUES (?, ?, ?, ?)" );
$select->execute( $host, $date, $article, 1 );
}
}
}
for ($data) {
s/\n/\\n/g;
s/"/\\"/g;
tr/\cM//d;
}
#======OK, $data set up. Now print header, start_html and JavaSc=
ript
stuff======
print
start_html(
-script =3D> [
"var textToShow =3D '$data';",
{
-language =3D> 'JAVASCRIPT',
-src =3D> '/data/scripts/char_by_char.js'
}
],
-style =3D> '/data/scripts/style.css',
-title =3D> 'Ïñèüäïîá ÐíåõìáôéêÜ =C8=
Ýìáô=E1!',
-onload =3D> 'init();'
),
a({href=3D>'/cgi-bin/register.pl'}, img{src=3D>'/data/images/reg.jpg'}),
start_form(action=3D>'/cgi-bin/index.pl'),
h1({class=3D>'lime'}, "ÅðÝëåî=E5 ôï êåßìåí=EF =
ðï=F5 óå åíäéáöÝñåé =3D> ",
popup_menu( -name=3D>'select', -values=3D>
\@display_files ),
submit(-label=3D>'ok')),
end_form,
div({id =3D> "DivText"}),
end_html;
#===================3D=3 D=====3D=
==================== =====3D=
==================== =====3D=
====
The problem is that when the user selects something from my popup
menu(one string) and then submits it, the returned string being sent
back to my index.pl ain't matching this line: unless ( grep { $_ eq
param('select') } @display_files )
and that fact led to believe that the browser or something else
somehow malformes the original value(the one selected before
submission)
I though that this line would take care of the problem coverting it
properly to utf8 but it doesnt :(
$article =3D decode('utf8', param('select' ));
please help
Nikos wrote:
> Here is index.pl as it is now: you can view it at http://nikos.no-ip.org
> if you want
Really this is too complex for me to try because I don't want to have to
set up a database and so on. Nevertheless I've made some comments below.
There's a lot of suspicious code there. At one point you use decode to
convert from utf8 to perl's internal encoding and immediately use
Encode::from_to to convert from utf8 to ISO-8859-7!
Are you sure glob returns filenames encoded in ISO-8859-7 when run by
the web-server?
>
> The problem is that when the user selects something from my popup
> menu(one string) and then submits it, the returned string being sent
> back to my index.pl ain't matching this line: unless ( grep { $_ eq
> param('select') } @display_files )
As I suggested before, print the values of param('select) and @display
files so that you can SEE what is wrong.
> and that fact led to believe that the browser or something else
> somehow malformes the original value(the one selected before
> submission)
AFAIK, most browsers (but not all) will return data encoded using the
encoding specified in the HTTP headers for the form HTML.
http://www.intertwingly.net/blog/1761.html
> I though that this line would take care of the problem coverting it
> properly to utf8 but it doesnt :(
> $article = decode('utf8', param('select' ));
That doesn't convert TO utf8, it converts FROM utf8!
On Thu, 3 Jan 2008 10:00:22 -0800 (PST) Nikos
N> The problem is that when the user selects something from my popup
N> menu(one string) and then submits it, the returned string being sent
N> back to my index.pl ain't matching this line: unless ( grep { $_ eq
N> param('select') } @display_files )
What is the exact content of param('select') at this point?
What is the exact content of @display_files?
Use Firefox+Firebug to see the exact data being posted back to the
server. What is the 'select' parameter's content? Show the entire POST
operation's data load.
As an aside, you may want to look into CGI::FormBuilder to build forms
easily (or the Template Toolkit, or Mason, or any other such toolkit)
and Rose::DB::Object to get your DB data.
Ted
I decided to try as far as i could to make a single test script, which
i actually embedded into my index.pl file, so to PROVE my initial
guess that there was no need to NOT expect the returned string as
being the same as the original, hence no encoding being necessary to
be performed. Here it is:
if ( param('select') ) { #If user selected an item from the drop down
menu unless( grep /^\Q$article\E$/, @menu_files ) #Unless user
selection doesn't match one of the valid filenames within
@menu_files ......}} print param('select'), ' - ',
length( param('select') ), br() x2; foreach( @menu_files ) { my $match
=3D ($_ eq param('select')) ? "matches" : "fails to match"; print $_, '
- ', length( $_ ), ' - ', $match, br; } Encode::from_to($article,
'utf8', 'ISO-8859-7'); open FILE, "<$ENV{'DOCUMENT_ROOT'}/data/text/
$article.txt" or die $!; ........
[download]
As you can see i'am checking the returned parameter against
@menu_files so to see if when i print them they look the same and when
i also print their lengths they are equal.
The result is the parameter string is identical to its corresponding
item inside @menu_files.
Both strings are perl-internal utf8 flagged strings because when i
print their lengths i get a number twice as much as the chars that
consist the filename. For example if a filename is called "íßêï=F2" =
i
get length 10 before and after the submission, which means that both
are stored in a utf8 perl internal manner/way.
So, after this i gather you agree with me that no encoding/decoding
processes being necessary.