perl - Is it possible to send POST parameters to a CGI script without another HTTP request? -

-

I am trying to run a CGI script from any other Perl module in the current environment. All work well for GET requests using standard system calls

Has anyone participated in this problem, or has any suggestions for other ways to try it?

For clarity, some of the following are simplified

Receive the request and For post request w / o parameters , I do the following:

/ P> 

  # $ query is a CGI object $ $ perl = $ ^ X; My $ cgi = $ cgi_script_location; # /path/file.cgi System {$ perl} $ cgi;
  • The parameter is passed through the QUERY_STRING environment variable.
  • STDOUT is captured by the calling script so that the CGI script print normally behaves. 

    •   
     
     
     
     
      # $ The query is a CGI object, my $ perl = $ ^ X; My $ cgi = $ cgi_script_location; # /path/file.cgi # Parameter ran the command line in a URL-escaped string to pass the appropriate # to a CGI script. #Null characters are handled properly # eg, param 1 = this% 20is% 20a% 20string and the ultimate 2 = 42 and ... etc # This works my $ param_string = $ self- & gt; Get_current_param_string (); # There are several ways to do this, but the system does not pass any # parameter (different questions), using #QX // and printing the return value also work. Open (my $ cgi_pipe, "| $ perl $ cgi"); Print {$ cgi_pipe} $ param_string; Close ($ cgi_pipe);
    • This method works for less parameter lists, but if the whole command is close to 1000 characters, the reduction in the parameter list decreases. This is the reason I tried to save the parameter to the file; Shell to avoid borders.
    • If I dump the parameter list from executed CGI script, then I get something like the following:

    param1 = blah. A group of other parameters ...
    Ultimate = whatever p & lt; - There are more criteria cut after 'P'.

    Everything that I have done does not help me or does not work

    • Follow up
    • The criteria were saved in a file using CGI-> save (), pass that file into the CGI script. Only the first parameter is read using this parameter.

    $> Perl Index & lt; Temp-param-file

    • $ param_string saved in a file, pass that file into the CGI script as above. Similar limitations for passing orders through the command line; Is still cut.
    • Ensure that $ CGI :: POST_MAX is acceptable high (this is -1).
    • Make sure the command line processing of CGI was working. (No_debug not set)
    • Run CGI from command line with the same parameter This works.

      • Leeds

      • Obviously, it seems that one of Shell's characters are used to execute the Perl command , But it was not resolved by passing the parameters of the file.

        • Password parameter system as a single string, with HTTP input, extremely dangerous is.

        ,

        If there is only one scalar logic, the logic is checked for shell metachactors, and if any, then the order of the entire logic system Is passed to open the pars (it is on the Unix platform / bin / sh -c, but differs on other platforms). If there are no shell metachactors in the logic, then ..

        In other words, if I pass in the argument -e printf ("working ...") pass Will do; Rm -rf /; I can remove information from my disk (everything if your web server is running as root). If you choose to do so, make sure you call the system ("perl", @ cgi) instead.

        The argument length you are issuing may be an OS limit (described above):

        There are several ways to know the upper limit:

        • Command: getconfig ARG_MAX
        • System headers: ARG_MAX in the example & lt; [Sys /] limits.h>

        Saving a temporary file is risky: many CGI calls can be saved in the same file, can create race conditions A user's parameter can be used by another user's process.

        You can try to open file operations in the process and instead of crossing the argument as standard input. Open your $ perl, '|', 'perl' or die; Fprintf (PERL, @cgi);


Comments

Post a Comment

Popular posts from this blog

c# - How to capture HTTP packet with SharpPcap -

-
I would like to capture all incoming HTTP packets on my machine. To do this, I am using SharpPcap which is a WinPcap The cover is. SharpPcap works very well, but it captures TCP packets and what it wants to do for me is a very low level. Does anyone know how can I easily get full HTTP requests / reactions from all these TCP packets? Thanks SharpPcap is already able to capture the packet in the same way That's what the virus does (just in the code instead of the GUI). And you can either either parse them directly or you can put them in the drive in the common .pcap file format. The steps to parse the capture are: Open a connection at any time Loop a while Or start capturing using an event callback Parsing the raw packet for the type you want If you are reading .PPP dump files In addition to calling you an offline capture reader is almost the same, there is no need to select an interface, and you can set the majority There is no need to do the modes. All st...
Read more

php - Multiple Select with Explode: only returns the word "Array" -

-
By using Wordpress I have created a multiple selection box so that users can select categories to exclude. When the page is initially loaded, I see my predefined default option. However, when I select a new value and I save ... I only see the word "Array" and have not chosen anything else? & lt; Class = "amultiple" id = "& lt; php echo $ value ['id'] ;? gt;" name = "& gt; php echo $ value ['id'] ;; gt; []" Multiple = "multiple" size = "8" & gt; & Lt ;? Php global option; Foreign currency ($ value as value $) {if (get_settings ($ value ['id']) === FALSE {$$ value ['id'] = $ value ['std']; } And {$$ value ['id'] = get_settings ($ value ['id']); }} $ Ranges = & amp; Amp; Categories ('type = post & orderbiz = name & amp; hide_empty = 1'); If ($ ranges) {$ ex_cat = implode (',', $ tt_cat_exclude); Forex Currency ($ range a...
Read more

php - jQuery AJAX Post not working -

-
I do not understand why this script does not work. It has something to do within AJAX PostScript / Function. Right now, when I submit my form, it runs php code on the same page. What it should do, send the values ​​of the form for Project_Azax.fp, then there will be a refund of success on the page which is correct or false. $ (document) .ready (function () {$ ('div # didIt'). Hide (); $ ('form [name = adminForm]'). Submit (function () ($ {'.post' ('/ project_ajax.php', {action: $ ('[name = action]') Val (), pId: $ ('[name = pId]'). Val (), name ('[Name = name]'. Val (), url: $ ('[url = url]'). Val (), summary: ('[summary = summary]'). Val ()}, Function (data) {if (data.success) {$ ('div # didIt') .Sliddown ('slow');} and {warning ('unsuccessful SA!');}}, 'Jason'); return false ;});}); What is the code for project_ajax.php below ... if ($ _ POST ['action'] == ...
Read more