Loading ...
Sorry, an error occurred while loading the content.
 

RE: [PBML] transport

Expand Messages
  • CircuitLabs.Com
    Well..I figured it out already and I have it setup so that the user can only transport in a certain directory, in my case, the public_html one. Thank you, R.
    Message 1 of 5 , Jun 27, 2002
      Well..I figured it out already and I have it setup so that the user can only
      transport in a certain directory, in my case, the public_html one.

      Thank you,
      R. Buschbom
      CircuitLabs.Com
      http://www.circuitlabs.com

      NOTE: This message was sent without an attachment. If there is one
      attached - Do NOT open it. And please notify us. If there is an attachment,
      we will type the line in bold: Fa83 in the subject. This is for the
      protection of your computer against viruses.


      -----Original Message-----
      From: Franki [mailto:frankieh@...]
      Sent: Friday, June 28, 2002 3:08 AM
      To: perl-beginner@yahoogroups.com
      Subject: RE: [PBML] transport


      I don't know what I'm talking about for the most part with perl.. still a
      newbie myself,
      but this might work. (it does at my end...)
      but this has no error checking and there is no taint checking either..

      for example, what if someone calls a page like
      transport=../../../../etc/passwd
      that would result in the display of the password file. (assuming that it can
      be displayed like that.)

      you need to add some regex to make sure that the user supplied input, can't
      contain anything nasty..
      Do a search for "taint mode" in google, and you'll find a ton of stuff that
      shows what you need to do.

      This does work if you trust the people that are using it to not try anything
      "nasty".. and with alittle error
      checking, it should be fine. (If you are using perl on windows, then remove
      the -T from the path.. taint mode
      doesn't work that way in windows.)

      You should also put this: print "location: $url\n\n"; into an if statement,
      so you can
      test for a value in $form{'transport'} and if so, do the redirect, then you
      can put an else statement
      after that and print an error if there was no input... (you could also test
      for the transport files existance on the server as well, so it won't
      redirect to files that doesnt' exist.)

      Anyway, this does what you want.. its basic, but it works.


      #!/usr/bin/perl -T

      #Get the form's input.
      use CGI;
      CGI::ReadParse(*form);

      my $url = 'http://203.59.39.226/';
      $url .= "$form{'transport'}";
      print "location: $url\n\n";



      rgds

      Frank

      -----Original Message-----
      From: CircuitLabs.Com [mailto:rob@...]
      Sent: Friday, 28 June 2002 6:34 AM
      To: PBML
      Subject: [PBML] transport


      How do I write a script that if I link to..
      navigation.cgi?transport=page
      it takes them to the page named page.html?

      Basically:

      User clicks on:
      http://www.mysite.com/navigation.cgi?transport=page1

      Then the script forwards them to
      http://www.mysite.com/page1.html

      HOW?!? Thanks! This is urgent.
      I've tried many ways. Mainly with CGI.pm.

      Thank you,
      CircuitLabs.Com
      http://www.circuitlabs.com

      NOTE: This message was sent without an attachment. If there is one
      attached - Do NOT open it. And please notify us. If there is an attachment,
      we will type the line in bold: Fa83 in the subject. This is for the
      protection of your computer against viruses.



      [Non-text portions of this message have been removed]



      Unsubscribing info is here:
      http://help.yahoo.com/help/us/groups/groups-32.html

      Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/





      Unsubscribing info is here:
      http://help.yahoo.com/help/us/groups/groups-32.html

      Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
    • Franki
      I don t know what I m talking about for the most part with perl.. still a newbie myself, but this might work. (it does at my end...) but this has no error
      Message 2 of 5 , Jun 27, 2002
        I don't know what I'm talking about for the most part with perl.. still a
        newbie myself,
        but this might work. (it does at my end...)
        but this has no error checking and there is no taint checking either..

        for example, what if someone calls a page like
        transport=../../../../etc/passwd
        that would result in the display of the password file. (assuming that it can
        be displayed like that.)

        you need to add some regex to make sure that the user supplied input, can't
        contain anything nasty..
        Do a search for "taint mode" in google, and you'll find a ton of stuff that
        shows what you need to do.

        This does work if you trust the people that are using it to not try anything
        "nasty".. and with alittle error
        checking, it should be fine. (If you are using perl on windows, then remove
        the -T from the path.. taint mode
        doesn't work that way in windows.)

        You should also put this: print "location: $url\n\n"; into an if statement,
        so you can
        test for a value in $form{'transport'} and if so, do the redirect, then you
        can put an else statement
        after that and print an error if there was no input... (you could also test
        for the transport files existance on the server as well, so it won't
        redirect to files that doesnt' exist.)

        Anyway, this does what you want.. its basic, but it works.


        #!/usr/bin/perl -T

        #Get the form's input.
        use CGI;
        CGI::ReadParse(*form);

        my $url = 'http://203.59.39.226/';
        $url .= "$form{'transport'}";
        print "location: $url\n\n";



        rgds

        Frank

        -----Original Message-----
        From: CircuitLabs.Com [mailto:rob@...]
        Sent: Friday, 28 June 2002 6:34 AM
        To: PBML
        Subject: [PBML] transport


        How do I write a script that if I link to..
        navigation.cgi?transport=page
        it takes them to the page named page.html?

        Basically:

        User clicks on:
        http://www.mysite.com/navigation.cgi?transport=page1

        Then the script forwards them to
        http://www.mysite.com/page1.html

        HOW?!? Thanks! This is urgent.
        I've tried many ways. Mainly with CGI.pm.

        Thank you,
        CircuitLabs.Com
        http://www.circuitlabs.com

        NOTE: This message was sent without an attachment. If there is one
        attached - Do NOT open it. And please notify us. If there is an attachment,
        we will type the line in bold: Fa83 in the subject. This is for the
        protection of your computer against viruses.



        [Non-text portions of this message have been removed]



        Unsubscribing info is here:
        http://help.yahoo.com/help/us/groups/groups-32.html

        Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
      • Sengupta, Rajib (CC-Contractor)
        please do not post this messages . ... From: rodolfo menjivar [mailto:ram183@yahoo.com] Sent: Friday, June 28, 2002 5:19 PM To: perl-beginner@yahoogroups.com
        Message 3 of 5 , Jun 28, 2002
          please do not post this messages .

          -----Original Message-----
          From: rodolfo menjivar [mailto:ram183@...]
          Sent: Friday, June 28, 2002 5:19 PM
          To: perl-beginner@yahoogroups.com
          Subject: Re: [PBML] transport



          oops, wrong person for you to come to for help in PERL of CGI. I am only a
          beginner.



          ---------------------------------
          Do You Yahoo!?
          Sign-up for Video Highlights of 2002 FIFA World Cup

          [Non-text portions of this message have been removed]


          Unsubscribing info is here:
          http://help.yahoo.com/help/us/groups/groups-32.html
          <http://help.yahoo.com/help/us/groups/groups-32.html>

          Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
          <http://docs.yahoo.com/info/terms/> .




          [Non-text portions of this message have been removed]
        • rodolfo menjivar
          oops, wrong person for you to come to for help in PERL of CGI. I am only a beginner. ... Do You Yahoo!? Sign-up for Video Highlights of 2002 FIFA World Cup
          Message 4 of 5 , Jun 28, 2002
            oops, wrong person for you to come to for help in PERL of CGI. I am only a beginner.



            ---------------------------------
            Do You Yahoo!?
            Sign-up for Video Highlights of 2002 FIFA World Cup

            [Non-text portions of this message have been removed]
          Your message has been successfully submitted and would be delivered to recipients shortly.