Hi
I am sure this is not supposed to be so hard but I still cannot get the hang
of passing these objects around.
What I am trying to do is work with CGI.pm
I have a cgi object and I also want to break my program up into subs to keep
it clean and easy to code.
So I create a CGI object. It's great, got all my form values in it and does
cool stuff.
I need to validate (and untaint) a whole form of variables so I pass the CGI
object off to a sub routine and try to do stuff. I have read acces to the
object and all the methods work well but I cannot change any of the values.
Not even to untaint them.
Surely this is common and everyone does it.
I am including my code below (all of it) to give a clear idea of what I am
trying to do. I know a few of the things I am doing are not reccomended and
I am not completely happy with the code but it is a lot better than the code
in my last program :-> and will get better. It basically does what I want
except that it will not allow me to change the CGI object in my subroutines.
Any suggestions welcome.
Thanks
************************************
In sub step2 this line calls the offending sub.
$message = validate_input($q);
error is:
Can't modify subroutine entry in character translation at
/usr/local/apache/cgi-bin/do_not_use_in_production/ESEC_VALIDATE.pm line 31,
near "tr
/[a-z]/[A-Z]/;"
syntax error at
/usr/local/apache/cgi-bin/do_not_use_in_production/ESEC_VALIDATE.pm line 32,
near ");"
BEGIN failed--compilation aborted at ./castime.cgi line 16.
************************************
#!/usr/bin/perl -wT
# Add new casual user
# June 2001
##
use CGI qw(:standard); # load CGI routines
use POSIX;
umask(026);
use lib "/usr/local/apache/cgi-bin/do_not_use_in_production";
use strict ;
use ESEC_CGI;
use ESEC_HTML;
use ESEC_VALIDATE;
use CGI::Carp qw(fatalsToBrowser);
my $message = "";
my $ref_id = "/usr/local/esec/logs/junk";
my %state ;
my $state_dir = "/usr/local/esec/logs/";
my $name; # Used to validate input
my $value; # Used to validate input
my $q = new CGI; # create new CGI object
if (! $q->param()) {
&draw_tnc($q);
} else {
## Open the state file and write values to it
## Using a dbm file so duplicates and existing values are handled
## Specifically they are updated nad not duplicated.
if ( defined $q->param('state') ){
dbmopen(%state, "$state_dir". $q->param('state'), 0666) or
&draw_html_error("cannot open dbm");
foreach $name ($q->param) {
$value = $q->param("$name");
$name =~ tr/+/ /;
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
if (($value =~ /\<\!--\#(.*)\s+(.*)\s?=\s?(.*)--\>/) || ($value =~
/[!;><\'\*`\|]/)) {
&draw_html_error("Something wrong with $value");
}
$state{"$name"} = $value;
}
dbmclose (%state);
}
SWITCH: {
if ($q->param('action') == 1) { &do_step1; last SWITCH; }
if ($q->param('action') == 2) { &do_step2; last SWITCH; }
if ($q->param('action') == 3) { &do_step3; last SWITCH; }
if ($q->param('action') == 4) { &do_step4; last SWITCH; }
&draw_bad_end();
}
}
exit;
sub do_step1 {
if ( $q->param('tncok') ne "T" ) {
&draw_tnc_reject($q);
} else {
$q->param(-name=>'action',-value=>'2');
$q->param(-name=>'state', -value=>&get_ref_id($ref_id));
&draw_user_detail($q, $message );
}
}
sub do_step2 {
##
# Processing User personal details and drawing account style form
##
$message = validate_input($q);
if ( $message eq "" ) {
## Does not need to be here just want to see what happens.
dbmopen(%state, "$state_dir". $q->param('state'), 0666);
foreach (keys %state) { $q->param(-name=>$_, -value=>$state{$_}) ; }
dbmclose (%state);
$q->param(-name=>'action',-value=>'3');
&draw_accounts_form($q, $message);
} else {
&draw_user_detail($q, $message);
};
}
sub do_step3 {
#$message = &validate_user_detail();
if ( $message eq "" ){
## Does not need to be here just want to see what happens.
dbmopen(%state, "$state_dir". $q->param('state'), 0666);
foreach (keys %state) { $q->param(-name=>$_, -value=>$state{$_}) ; }
dbmclose (%state);
$q->param(-name=>'action',-value=>'4');
&draw_payment_form($q, $message);
} else {
&draw_accounts_form($q, $message);
};
}
sub do_step4 {
# $message = &process_payment();
# if ( $message eq "" ) {
# &create_account() or &die();
# &print_reciept();
## Does not need to be here just want to see what happens.
dbmopen(%state, "$state_dir". $q->param('state'), 0666);
foreach (keys %state) { $q->param(-name=>$_, -value=>$state{$_}) ; }
dbmclose (%state);
&draw_reciept($q);
# } else &draw_accounts_form();
}
##
# End main program
##
##
# Start module
#
#!/usr/local/bin/perl5
###
package ESEC_VALIDATE;
require Exporter; # so I can export global variables.
use strict;
use DB_File;
use CGI;
use vars qw(@ISA @EXPORT);
@ISA = qw(Exporter);
@EXPORT = qw(
&validate_input
&validate_user_detail
);
###
### CONSTANTS
###
###
### FUNCTIONS
###
sub validate_input(){
my ($q) = @_;
my $message = "";
# I want to uppercase it
$q->params('company') =~ tr/[a-z]/[A-Z]/;
# Now I want to get only 30 characters of it.
$q->params('company') = substr($q->params('company',0,30);
}
sub validate_user_detail(){
return;
}
1;
