I need some help with the following code.

open (FILE,"$rootpath$FORM{'subnumber'}") | | die "Can't Open $rootpath$FORM{'subreal'}: $!\n";


Can the $rootpath$FORM part be replace some how with a URL? Any time I try to do that it gives me a server 500 Error, I'm sure that
I have to change something... like the FILE part but I just don't know enought about PERL

If anyone knows.. PLEASE HELP!

Thanx in advance!

------------------
The Crowe crowe@darkspiral.com
http://www.darkspiral.com

This code you have provided could never open a URL. The open statement is designed to open a file on the server in which the program itself resides. Before I show how to open a URL, I should note that the following statement is extremely dangerous from a security standpoint:


The problem with this statement is the following: Let's say a user on your site is a hacker or has some purpose to destroy data on your site. Using a form (either yours or one they created), they could technically perform operations on files in your server by entering bad information to trick the form and your open statement into doing something to your site. This could be anything from attempting to read files you have hidden securely to actually trying to erase portions of the directory structure. A better way to defeat this would be to use "strict" and CGI.pm to parse your form variables. That way you have a sigificantly lesser chance of problems. Since strict requires you to become a bit more solid in your coding practices, make sure you are solid in Perl when you make that change.

Lets get down to your problem. OPEN as a command will not open a URL, since we are using a CGI though, we are automatically interfaced with the web server, and any information we output is first parsed through that server for commands, so all we have to do is send a command to the server. I am going to use the CGI module in this code snippet, you are free to modify it as you see fit:


Keep in mind that in most cases it is best to use absolute URL's with this method (ex: http://www.mydomain.com/images/blah.gif) rather than relative URL's (/images/blah.gif).

Hope this is useful,


------------------
Fred Hirsch
Web Consultant & Programmer

  
By adding -T it forces you to make sure any information that's going to the system shell is safe. The above would never run. You would have to rewrite it like:


As for the original question about getting a URL, depending on what you mean by getting, you can also use:

use LWP::Simple;
my $url = get ('http://wwww.yahoo.com');

which will store the contents of the home page of Yahoo in $url.

Hope that helps!

Alex

[This message has been edited by Alex (edited January 19, 1999).]

The code I posted was part of a Message board
type script that I modified to use as a NEWS posting script.. just for a little background info. Now I'm experimenting a little with it.

My problem is, the site I want to update is hosted on a Windows NT server and the gentlemen who runs it doesn't know how to install perl for NT (yet)..

I was attempting to run the script from my linux server and have it WRITE to the NEWS page on my other server.

Example:
www.lit.org <--- is hosted on Windows NT
www.darkspiral.com <--- hosted on linux (wher e I have full cgi access).

I wanted to write to a file .. ie
http://www.lit.org/news.html

If its not possible, I understand.. but I wanted to try and thought I would ask here.

A couple other Points. This forum has been extremely helpful in all the perl ideas I've had. You guys really seem to know what your doing, both moderators and users. This has to be one of my favorite places to visit.

Now that your all buttered up, Would you guys
suggest the BEST books to REALLy learn perl as it relates especially to the web? Also if you know if any web sites. I'd REALLY appreciate the info. I know enought to be dangerous, but I'd really like to learn it.

Thanx again for your responses.

Crowebiashi



------------------
The Crowe crowe@darkspiral.com
http://www.darkspiral.com

First I would like to thank Alex for adding the point about untainting variables. I was under the false impression that strict forced the -T option in Perl. We learn something new everyday. I must emphasize like Alex did that passing incoming form data directly to the shell is the quickest way to allow a hacker access to your entire server, and is a VERY BAD IDEA. Always untaint!!

As for NT and Perl, it is very very easy to install. Simply download the package from http://www.activestate.com and you'll be able to program in perl like a man with no arms. If you still cannot get your server company to install Perl, you are probably out of luck UNLESS your server supports the PUT method which was developed by Netscape. It basically allows you to dump form data into a file, rather than direct that data into a CGI like POST does.

Unfortunately, there is not alot of actual information available on how to do this, and since NT is generally oriented toward handling items with ActiveX, VBScript, and ASP, you might be out of luck unless you can create a program that can handle input from a POST action and output the data into a file. This is VERY easy to do in Perl.. it makes sense it would work on NT, but Microsoft doesn't always make sense (not an offense, tis a point of fact). Anyhow, there are alpha prototype modules out in CPAN that allow users to manipulate ASP and Frontpage extensions, but I have never attempted to use them, and they would need to be installed on your Linux box to get any sort of function out of em.

Now, all that ranting aside, let me try and post some methods for dealing with this issue, I use some slightly modified modules here, so hopefully you have them installed:

I am interested to see if these will work. Go ahead and let me know if you have luck with them.


------------------
Fred Hirsch
Web Consultant & Programmer