Open Computing "Hands-On" Tutorial: October 1994: Listings Listing 1: An HTML form, order.html, used by the fictitious Yoyodyne Corp. to collect order information via a graphical Web browser.
"; exit 0; if ($in{'cc'} && !$in{'email'}) { print <<_EOT_; You asked for a carbon copy of your order but did not include your email address. Please add your address and resubmit your order.
_EOT_ exit 0; # Open up temporary file for ordering system $order_file = "/tmp/order.$$"; open(ORDER,">$order_file"); print ORDER <<_EOT_; NAME: $in{'name'} ADDRESS: $in{'address'} PHONE: $in{'phone'} EMAIL: $in{'email'} PAYMENT: $in{'payment'} ACCOUNT: $in{'account'} AUTHORIZATION: $in{'key'} _EOT_ print ORDER "ITEMS:\n"; $n=0; foreach(split(/\n/,$in{'items'})) { ++$n; printf ORDER "%3d\t%s\n",$n,$_; } print ORDER "RECEIVED: $now\n"; print ORDER "\n"; print ORDER <<_EOT_; REMOTE: $ENV{'REMOTE_HOST'} _EOT_ print ORDER "\n"; close ORDER; # Send the order to the Processing database $cmd = "/usr/local/bin/process_order $order_file"; system $cmd; # If requested, send the user a copy of the order. if ($in{'cc'} && $in{'email'}) @addresses=($in{'email'}); $to = join(' ',@addresses); # Escape any suspicious characters $to=&protect($to); $mail_cmd = "/bin/mail"; $cmd = "$mail_cmd $to"; unless (open(MAIL,"| $cmd")) { print <<_EOT_; An error occurred while trying to submit your order. Please contact root@yoyodyne.com.
_EOT_
exit 0;
}
print MAIL "\n";
open(ORDER,"<$order_file");
while (
_EOT_
unlink($order_file);
exit 0;
sub protect
# Quotify characters which are special to the shell
local($_)=@_;
s!([;:&\$'`|()])!\\$1!g; # Use backslash to escape metacharacters
$_;
Listing 3: Test script cgi_test.
#!/usr/bin/perl
# CGI script to process Software Modification Requests (SMRs)
# patrick.m.ryan@bell-atl.com (patrick m. ryan)
eval "exec /usr/bin/perl -S $0 $*" if $running_under_some_shell;
# extra include directories
push(@INC,'/app/people/guide/GUIDE/server/WWW/httpd_1.1/cgi-bin');
push(@INC,'/app/people/ryan/perl');
require 'cgi-lib.pl';
require 'date.pl';
$now = &date(time()-(4*3600));
select STDOUT;
$|=1;
# Suck in everything from httpd.
&ReadParse;
print &PrintHeader;
print "