Re: The very un-useful 'premature end of script headers' error message
BTW, that's Stronghold/Apache version 1.3.4 if that helps...
Thanks Again
Luke
- Original Message -
From: "Cool Hand Luke" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 26, 2003 3:41 PM
Subject: The very un-useful 'premature end of script headers' error message
> Hi there,
> I am having the toughest time trying to run perl scripts on this
> Stronghold Apache SSL server I am working with for my company. Everything
I
> run returns the same 'premature end of script headers' error message. This
> has happened with every script I've run except the most rudimentary "hello
> world" types of scripts. I've made sure the chmod were set to 755 for all
> files and the directory all the files are in to eliminate that as a
concern.
> Is it the buffering? I've also made sure that I was uploading the files in
> ascii mode and not binary and I've been saving the files using UNIX
> conventions, so I don't think any invisible carriage returns or anything
of
> the sort have crept in. Here is what I am trying to run this time...
> Any help would be appreciated, cuz I'm stumped.
> Thanks
>
> #!/usr/local/bin/perl -w
>
> print "content-type: text/html\n\n";
>
> use strict;
> use SimLib;
>
> my $loginid = "XX";
> my $txnkey = "XX";
>
> my %ENTRY = &SimLib::get_submission;
>
> my $x_amount = $ENTRY{'x_amount'};
>
> if (index($x_amount,'$') == 0){
> $x_amount = substr($x_amount,1);
> }
>
> my $x_description = $ENTRY{'x_description'};
> my $x_currency_code = "USD";
>
>
> print " Order Form\n";
>
> print "\n";
> print "\nFinal Order\n";
>
> print "Description: ".$x_description." \n";
> print "Total Amount : ".$x_amount." \n";
>
> print " action=\"https://certification.authorize.net/gateway/transact.dll\";
> method=\"POST\">\n";
>
> &SimLib::InsertFP($loginid, $txnkey, $x_amount, $x_currency_code);
>
> print " $x_description . "\">\n";
> print " "\">\n";
> print " "\">\n";
> print " value=\"PAYMENT_FORM\">\n";
> print "\n";
> print "\n";
> print " ";
>
> 1;
>
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: The very un-useful 'premature end of script headers' error message
A couple of things, and I don't know if this affects Stronghold and I'm not
sure with which browser(s) you're testing. The first "C" in "Content-type:
text/html\n\n"; should be capitalized, or better yet, use the CGI module to
print the header.
#!/usr/bin/perl -w
use strict;
use CGI qw(:all);
use CGI::Carp qw(fatalsToBrowser); # send errors to browser
use SimLib;
my $q = new CGI; # initiate new CGI object
print $q->header(-type=>'text/html'); # send text/html header to browser
# etc.
Also, it's cleaner to use the CGI module or a HERE document to print your
HTML code, for example:
print $q->h1('Header');
print $q->p('blah blah blah');
or
print <
Final Order
ENDOFHTML
# and so on...
-
Scot Robnett
inSite Internet Solutions
[EMAIL PROTECTED]
-Original Message-
From: Cool Hand Luke [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003 5:52 PM
To: [EMAIL PROTECTED]
Subject: Re: The very un-useful 'premature end of script headers' error
message
BTW, that's Stronghold/Apache version 1.3.4 if that helps...
Thanks Again
Luke
- Original Message -
From: "Cool Hand Luke" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 26, 2003 3:41 PM
Subject: The very un-useful 'premature end of script headers' error message
> Hi there,
> I am having the toughest time trying to run perl scripts on this
> Stronghold Apache SSL server I am working with for my company. Everything
I
> run returns the same 'premature end of script headers' error message. This
> has happened with every script I've run except the most rudimentary "hello
> world" types of scripts. I've made sure the chmod were set to 755 for all
> files and the directory all the files are in to eliminate that as a
concern.
> Is it the buffering? I've also made sure that I was uploading the files in
> ascii mode and not binary and I've been saving the files using UNIX
> conventions, so I don't think any invisible carriage returns or anything
of
> the sort have crept in. Here is what I am trying to run this time...
> Any help would be appreciated, cuz I'm stumped.
> Thanks
>
> #!/usr/local/bin/perl -w
>
> print "content-type: text/html\n\n";
>
> use strict;
> use SimLib;
>
> my $loginid = "XX";
> my $txnkey = "XX";
>
> my %ENTRY = &SimLib::get_submission;
>
> my $x_amount = $ENTRY{'x_amount'};
>
> if (index($x_amount,'$') == 0){
> $x_amount = substr($x_amount,1);
> }
>
> my $x_description = $ENTRY{'x_description'};
> my $x_currency_code = "USD";
>
>
> print " Order Form\n";
>
> print "\n";
> print "\nFinal Order\n";
>
> print "Description: ".$x_description." \n";
> print "Total Amount : ".$x_amount." \n";
>
> print " action=\"https://certification.authorize.net/gateway/transact.dll\";
> method=\"POST\">\n";
>
> &SimLib::InsertFP($loginid, $txnkey, $x_amount, $x_currency_code);
>
> print " $x_description . "\">\n";
> print " "\">\n";
> print " "\">\n";
> print " value=\"PAYMENT_FORM\">\n";
> print "\n";
> print "\n";
> print " ";
>
> 1;
>
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: The very un-useful 'premature end of script headers' error message
Hi Scott,
Thanks for the reply. I tried using your code (I'm a beginner with the
cgi module so please let me know if I made any obvious errors) and it gave
me the same error. Here's what I tried. Also, I've noticed that any time I
use CGI::Carp to try to write errors to the browser it gives me that same
error message. Also, this server is using version 5.003, which I know is not
a good idea because there are problems with output buffering, is this
perhaps the source?
Thanks,
Luke
#!/usr/bin/perl -w
use strict;
use CGI qw(:all);
use CGI::Carp qw(fatalsToBrowser); # send errors to browser
use SimLib;
my $q = new CGI; # initiate new CGI object
print $q->header(-type=>'text/html'); # send text/html header to browser
(Same as before)
- Original Message -
From: "Scot Robnett" <[EMAIL PROTECTED]>
To: "Cool Hand Luke" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, March 26, 2003 4:13 PM
Subject: RE: The very un-useful 'premature end of script headers' error
message
> A couple of things, and I don't know if this affects Stronghold and I'm
not
> sure with which browser(s) you're testing. The first "C" in "Content-type:
> text/html\n\n"; should be capitalized, or better yet, use the CGI module
to
> print the header.
>
> #!/usr/bin/perl -w
>
> use strict;
> use CGI qw(:all);
> use CGI::Carp qw(fatalsToBrowser); # send errors to browser
> use SimLib;
>
> my $q = new CGI; # initiate new CGI object
> print $q->header(-type=>'text/html'); # send text/html header to browser
>
> # etc.
>
> Also, it's cleaner to use the CGI module or a HERE document to print your
> HTML code, for example:
>
> print $q->h1('Header');
> print $q->p('blah blah blah');
>
> or
>
> print <
> Final Order
> ENDOFHTML
>
> # and so on...
>
>
> -----
> Scot Robnett
> inSite Internet Solutions
> [EMAIL PROTECTED]
>
>
>
>
> -Original Message-
> From: Cool Hand Luke [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, March 26, 2003 5:52 PM
> To: [EMAIL PROTECTED]
> Subject: Re: The very un-useful 'premature end of script headers' error
> message
>
>
> BTW, that's Stronghold/Apache version 1.3.4 if that helps...
> Thanks Again
> Luke
>
> - Original Message -
> From: "Cool Hand Luke" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, March 26, 2003 3:41 PM
> Subject: The very un-useful 'premature end of script headers' error
message
>
>
> > Hi there,
> > I am having the toughest time trying to run perl scripts on this
> > Stronghold Apache SSL server I am working with for my company.
Everything
> I
> > run returns the same 'premature end of script headers' error message.
This
> > has happened with every script I've run except the most rudimentary
"hello
> > world" types of scripts. I've made sure the chmod were set to 755 for
all
> > files and the directory all the files are in to eliminate that as a
> concern.
> > Is it the buffering? I've also made sure that I was uploading the files
in
> > ascii mode and not binary and I've been saving the files using UNIX
> > conventions, so I don't think any invisible carriage returns or anything
> of
> > the sort have crept in. Here is what I am trying to run this time...
> > Any help would be appreciated, cuz I'm stumped.
> > Thanks
> >
> > #!/usr/local/bin/perl -w
> >
> > print "content-type: text/html\n\n";
> >
> > use strict;
> > use SimLib;
> >
> > my $loginid = "XX";
> > my $txnkey = "XX";
> >
> > my %ENTRY = &SimLib::get_submission;
> >
> > my $x_amount = $ENTRY{'x_amount'};
> >
> > if (index($x_amount,'$') == 0){
> > $x_amount = substr($x_amount,1);
> > }
> >
> > my $x_description = $ENTRY{'x_description'};
> > my $x_currency_code = "USD";
> >
> >
> > print " Order Form\n";
> >
> > print "\n";
> > print "\nFinal Order\n";
> >
> > print "Description: ".$x_description." \n";
> > print "Total Amount : ".$x_amount." \n";
> >
> > print " > action=\"https://certification.authorize.net/gateway/transact.dll\";
> > method=\"POST\">\n";
> >
> > &SimLib::InsertFP($loginid, $txnkey, $x_amount, $x_currency_code);
> >
> > print " > $x_description . "\">\n";
> > print " > "\">\n";
> > print " > "\">\n";
> > print " > value=\"PAYMENT_FORM\">\n";
> > print "\n";
> > print "\n";
> > print " ";
> >
> > 1;
> >
> >
> > --
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: The very un-useful 'premature end of script headers' error message
Greetings;
The two most common problems are an invalid path-to-perl and
invalid permissions.
First, get on the command line of your server and do a
which perl
and see where it is on that system. The two examples you have
quoted have different paths! And they both give the same
results?
Check the error logs for the server and see what they say.
They are usually much more informative. They should be
publically accessible when you are logged on.
There is an apache extension that tightens up security for
cgi programs. If your server is using this the requirements
for naming and permissions are slightlky different and very
picky. Check with your server support people.
Good Luck!
Dennis
On Wed, 26 Mar 2003, Cool Hand Luke wrote:
> Date: Wed, 26 Mar 2003 18:16:22 -0800
> From: Cool Hand Luke <[EMAIL PROTECTED]>
> To: Scot Robnett <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> Subject: Re: The very un-useful 'premature end of script headers' error
> message
>
> Hi Scott,
> Thanks for the reply. I tried using your code (I'm a beginner with the
> cgi module so please let me know if I made any obvious errors) and it gave
> me the same error. Here's what I tried. Also, I've noticed that any time I
> use CGI::Carp to try to write errors to the browser it gives me that same
> error message. Also, this server is using version 5.003, which I know is not
> a good idea because there are problems with output buffering, is this
> perhaps the source?
> Thanks,
> Luke
>
> #!/usr/bin/perl -w
>
> use strict;
> use CGI qw(:all);
> use CGI::Carp qw(fatalsToBrowser); # send errors to browser
> use SimLib;
>
> my $q = new CGI; # initiate new CGI object
> print $q->header(-type=>'text/html'); # send text/html header to browser
>
> (Same as before)
>
> - Original Message -
> From: "Scot Robnett" <[EMAIL PROTECTED]>
> To: "Cool Hand Luke" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Wednesday, March 26, 2003 4:13 PM
> Subject: RE: The very un-useful 'premature end of script headers' error
> message
>
>
> > A couple of things, and I don't know if this affects Stronghold and I'm
> not
> > sure with which browser(s) you're testing. The first "C" in "Content-type:
> > text/html\n\n"; should be capitalized, or better yet, use the CGI module
> to
> > print the header.
> >
> > #!/usr/bin/perl -w
> >
> > use strict;
> > use CGI qw(:all);
> > use CGI::Carp qw(fatalsToBrowser); # send errors to browser
> > use SimLib;
> >
> > my $q = new CGI; # initiate new CGI object
> > print $q->header(-type=>'text/html'); # send text/html header to browser
> >
> > # etc.
> >
> > Also, it's cleaner to use the CGI module or a HERE document to print your
> > HTML code, for example:
> >
> > print $q->h1('Header');
> > print $q->p('blah blah blah');
> >
> > or
> >
> > print < >
> > Final Order
> > ENDOFHTML
> >
> > # and so on...
> >
> >
> > -
> > Scot Robnett
> > inSite Internet Solutions
> > [EMAIL PROTECTED]
> >
> >
> >
> >
> > -Original Message-
> > From: Cool Hand Luke [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, March 26, 2003 5:52 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: The very un-useful 'premature end of script headers' error
> > message
> >
> >
> > BTW, that's Stronghold/Apache version 1.3.4 if that helps...
> > Thanks Again
> > Luke
> >
> > - Original Message -
> > From: "Cool Hand Luke" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, March 26, 2003 3:41 PM
> > Subject: The very un-useful 'premature end of script headers' error
> message
> >
> >
> > > Hi there,
> > > I am having the toughest time trying to run perl scripts on this
> > > Stronghold Apache SSL server I am working with for my company.
> Everything
> > I
> > > run returns the same 'premature end of script headers' error message.
> This
> > > has happened with every script I've run except the most rudimentary
> "hello
> > > world" types of scripts. I've made sure the chmod were set to 755 for
> all
> > > files and the directory all the files are in to eliminate that as a
> > concern.
> > > Is it the buffering? I've also made sure that I was uploading the files
> in
> >
Re: The very un-useful 'premature end of script headers' error message
Hi Dennis, Yeah you noticed the "path-to-perl" discrepancy. That was an
accident, the path-to-perl is
#!/usr/bin/perl
as in the later example. That's not it
Also, I've tried setting the permissions wide open to 777 and I still get
the same errors. I'll see if I can find anything in the error logs. Thanks!
Luke
- Original Message -
From: "Dennis G. Wicks" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 26, 2003 7:04 PM
Subject: Re: The very un-useful 'premature end of script headers' error
message
> Greetings;
>
> The two most common problems are an invalid path-to-perl and
> invalid permissions.
>
> First, get on the command line of your server and do a
>
> which perl
>
> and see where it is on that system. The two examples you have
> quoted have different paths! And they both give the same
> results?
>
> Check the error logs for the server and see what they say.
> They are usually much more informative. They should be
> publically accessible when you are logged on.
>
> There is an apache extension that tightens up security for
> cgi programs. If your server is using this the requirements
> for naming and permissions are slightlky different and very
> picky. Check with your server support people.
>
> Good Luck!
> Dennis
>
>
>
>
>
> On Wed, 26 Mar 2003, Cool Hand Luke wrote:
>
> > Date: Wed, 26 Mar 2003 18:16:22 -0800
> > From: Cool Hand Luke <[EMAIL PROTECTED]>
> > To: Scot Robnett <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> > Subject: Re: The very un-useful 'premature end of script headers' error
> > message
> >
> > Hi Scott,
> > Thanks for the reply. I tried using your code (I'm a beginner with
the
> > cgi module so please let me know if I made any obvious errors) and it
gave
> > me the same error. Here's what I tried. Also, I've noticed that any time
I
> > use CGI::Carp to try to write errors to the browser it gives me that
same
> > error message. Also, this server is using version 5.003, which I know is
not
> > a good idea because there are problems with output buffering, is this
> > perhaps the source?
> > Thanks,
> > Luke
> >
> > #!/usr/bin/perl -w
> >
> > use strict;
> > use CGI qw(:all);
> > use CGI::Carp qw(fatalsToBrowser); # send errors to browser
> > use SimLib;
> >
> > my $q = new CGI; # initiate new CGI object
> > print $q->header(-type=>'text/html'); # send text/html header to browser
> >
> > (Same as before)
> >
> > - Original Message -
> > From: "Scot Robnett" <[EMAIL PROTECTED]>
> > To: "Cool Hand Luke" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > Sent: Wednesday, March 26, 2003 4:13 PM
> > Subject: RE: The very un-useful 'premature end of script headers' error
> > message
> >
> >
> > > A couple of things, and I don't know if this affects Stronghold and
I'm
> > not
> > > sure with which browser(s) you're testing. The first "C" in
"Content-type:
> > > text/html\n\n"; should be capitalized, or better yet, use the CGI
module
> > to
> > > print the header.
> > >
> > > #!/usr/bin/perl -w
> > >
> > > use strict;
> > > use CGI qw(:all);
> > > use CGI::Carp qw(fatalsToBrowser); # send errors to browser
> > > use SimLib;
> > >
> > > my $q = new CGI; # initiate new CGI object
> > > print $q->header(-type=>'text/html'); # send text/html header to
browser
> > >
> > > # etc.
> > >
> > > Also, it's cleaner to use the CGI module or a HERE document to print
your
> > > HTML code, for example:
> > >
> > > print $q->h1('Header');
> > > print $q->p('blah blah blah');
> > >
> > > or
> > >
> > > print < > >
> > > Final Order
> > > ENDOFHTML
> > >
> > > # and so on...
> > >
> > >
> > > -
> > > Scot Robnett
> > > inSite Internet Solutions
> > > [EMAIL PROTECTED]
> > >
> > >
> > >
> > >
> > > -Original Message-
> > > From: Cool Hand Luke [mailto:[EMAIL PROTECTED]
> > > Sent: Wednesday, March 26, 2003 5:52 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: The very un-useful 'premature end of script headers'
error
> > > message
> > >
> > >
> > &g
Re: The very un-useful 'premature end of script headers' error message
Hello All,
I think I figured it out, (so far). I 'm pretty sure that it has to do
with perl 5.003 disliking the looping with the "my $pair" syntax.
As a work around, I changed this
foreach my $pair (split(/[&;]/, $submission)) {
# Convert plus to space
$pair =~ y/+/ /;
# Split into key and value.
my ($name, $value) = split(/=/, $pair, 2); # splits on the first =.
# Convert %XX from hex numbers to character
$name =~ s/%([A-Fa-f0-9]{2})/pack("c", hex($1))/ge;
$value =~ s/%([A-Fa-f0-9]{2})/pack("c", hex($1))/ge;
# Associate key and value
$ENTRY{$name} .= "\0" if (defined($ENTRY{$name}));
$ENTRY{$name} .= $value;
}
Into this(with slight style differences)
{
# Split the name-value pairs
my $pair;
for $pair (split(/[&;]/, $submission)) {
# Convert plus to space
$pair =~ y/+/ /;
# Split into key and value.
my ($name, $value) = split(/=/, $pair, 2); # splits on the first
=.
# Convert %XX from hex numbers to character
$name =~ s/%([A-Fa-f0-9]{2})/pack("c", hex($1))/ge;
$value =~ s/%([A-Fa-f0-9]{2})/pack("c", hex($1))/ge;
# Associate key and value
$ENTRY{$name} .= "\0" if (defined($ENTRY{$name}));
$ENTRY{$name} .= $value;
}
}
And it worked! Thanks to Bob, Scott, and Tim for all the help! Now all
that's left is to bug the right people so that an actual up to date version
of perl gets installed. :)
Luke
- Original Message -
From: "Cool Hand Luke" <[EMAIL PROTECTED]>
To: "Bob Showalter" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, March 28, 2003 1:02 AM
Subject: Re: The very un-useful 'premature end of script headers' error me
ssage
> > 1. You *MUST* examine the server's error log. "Prematue end of script
> > headers" is just a generic message put out by Apache when it couldn't
find
> > the response header your script should have put out. Any error messages
> > output by Perl or your script will be found in the error log. Until you
> can
> > see those logs, we're just guessing.
>
> Hi just thought I'd let y'all know I've figured out how to get more
> effective error messages. I decided to start from scratch with the
original
> sample script I postedhere's my error message now.
>
> Missing $ on loop variable at SimLib.pm line 57.
> BEGIN failed--compilation aborted at sim.pl line 25.
> Obviously it's the SimLib.pm module that the perl interpreter is having
> probs with. I checked the SimLib.pm module and here's what I've got for
> lines 38 on. I've put a comment on line 57. I can't seem to find the
> problem. I don't see where it's missing the $.
> Thanks any and all for your help.
> Luke
>
> sub get_submission {
> my %ENTRY = ();
> my $GetPost = '';
> my $GetGet = $ENV{'QUERY_STRING'};
>
> my $cl = $ENV{'CONTENT_LENGTH'};
> if (defined{$cl}) {
> binmode(STDIN);
> while ($cl > 0 && read(STDIN, $_, $cl) > 0) {
> $GetPost .= $_;
> $cl -= length($_);
> }
> close STDIN;
> }
>
> my $submission = $GetGet . $GetPost;
> chomp $submission;
>
> # Split the name-value pairs
> foreach my $pair (split(/[&;]/, $submission)) { #LINE 57 - the one
> that has a poor loop variable that needs $
> # Convert plus to space
> $pair =~ y/+/ /;
>
> # Split into key and value.
> my ($name, $value) = split(/=/, $pair, 2); # splits on the first
=.
>
> # Convert %XX from hex numbers to character
> $name =~ s/%([A-Fa-f0-9]{2})/pack("c", hex($1))/ge;
> $value =~ s/%([A-Fa-f0-9]{2})/pack("c", hex($1))/ge;
>
> # Associate key and value
> $ENTRY{$name} .= "\0" if (defined($ENTRY{$name}));
> $ENTRY{$name} .= $value;
> }
> return %ENTRY;
> }
>
>
> > 1. You *MUST* examine the server's error log. "Prematue end of script
> > headers" is just a generic message put out by Apache when it couldn't
find
> > the response header your script should have put out. Any error messages
> > output by Perl or your script will be found in the error log. Until you
> can
> > see those logs, we're just guessing.
>
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: The very un-useful 'premature end of script headers' error message
> "Cool" == Cool Hand Luke <[EMAIL PROTECTED]> writes:
Cool> Hello All,
Cool> I think I figured it out, (so far). I 'm pretty sure that it has to do
Cool> with perl 5.003 disliking the looping with the "my $pair" syntax.
Cool> As a work around, I changed this
Cool> foreach my $pair (split(/[&;]/, $submission)) {
Cool> # Convert plus to space
Cool> $pair =~ y/+/ /;
Please don't use this code. "use CGI qw(param)".
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: The very un-useful 'premature end of script headers' error message
On Fri, Mar 28, 2003 at 09:33:19PM -0500, Bill Burke ([EMAIL PROTECTED]) said
something similar to:
> I added a chat room at my site http://www.speakerscorner.us . You are
> welcome there and we can discuss PERL in real time. Don't quit the user
> group though, you won't want to miss anything
That's what IRC is for :)
Cheers,
Kevin
>
> -Original Message-
> From: Randal L. Schwartz [mailto:[EMAIL PROTECTED]
> Sent: Friday, March 28, 2003 8:44 PM
> To: [EMAIL PROTECTED]; Cool Hand Luke
> Subject: Re: The very un-useful 'premature end of script headers' error
> message
>
>
> >>>>> "Cool" == Cool Hand Luke <[EMAIL PROTECTED]> writes:
>
> Cool> Hello All,
> Cool> I think I figured it out, (so far). I 'm pretty sure that it has
> to do
> Cool> with perl 5.003 disliking the looping with the "my $pair" syntax.
> Cool> As a work around, I changed this
>
> Cool> foreach my $pair (split(/[&;]/, $submission)) {
> Cool> # Convert plus to space
> Cool> $pair =~ y/+/ /;
>
> Please don't use this code. "use CGI qw(param)".
>
> --
> Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
> <[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/>
> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
> See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl
> training!
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
--
[Writing CGI Applications with Perl - http://perlcgi-book.com]
"What is the sound of Perl? Is it not the sound of a wall that
people have stopped banging their heads against?"
--Larry Wall in <[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: The very un-useful 'premature end of script headers' error message
Thanks for reminding me. I didn't even think of that. Wish I had before I
opened this can of worms.
-Original Message-
From: Kevin Meltzer [mailto:[EMAIL PROTECTED]
Sent: Friday, March 28, 2003 10:21 PM
To: Bill Burke
Cc: Randal L. Schwartz; [EMAIL PROTECTED]; Cool Hand Luke
Subject: Re: The very un-useful 'premature end of script headers' error
message
On Fri, Mar 28, 2003 at 09:33:19PM -0500, Bill Burke
([EMAIL PROTECTED]) said something similar to:
> I added a chat room at my site http://www.speakerscorner.us . You are
> welcome there and we can discuss PERL in real time. Don't quit the user
> group though, you won't want to miss anything
That's what IRC is for :)
Cheers,
Kevin
>
> -Original Message-
> From: Randal L. Schwartz [mailto:[EMAIL PROTECTED]
> Sent: Friday, March 28, 2003 8:44 PM
> To: [EMAIL PROTECTED]; Cool Hand Luke
> Subject: Re: The very un-useful 'premature end of script headers' error
> message
>
>
> >>>>> "Cool" == Cool Hand Luke <[EMAIL PROTECTED]> writes:
>
> Cool> Hello All,
> Cool> I think I figured it out, (so far). I 'm pretty sure that it
has
> to do
> Cool> with perl 5.003 disliking the looping with the "my $pair" syntax.
> Cool> As a work around, I changed this
>
> Cool> foreach my $pair (split(/[&;]/, $submission)) {
> Cool> # Convert plus to space
> Cool> $pair =~ y/+/ /;
>
> Please don't use this code. "use CGI qw(param)".
>
> --
> Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777
0095
> <[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/>
> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
> See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl
> training!
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
--
[Writing CGI Applications with Perl - http://perlcgi-book.com]
"What is the sound of Perl? Is it not the sound of a wall that
people have stopped banging their heads against?"
--Larry Wall in <[EMAIL PROTECTED]>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: The very un-useful 'premature end of script headers' error message
I added a chat room at my site http://www.speakerscorner.us . You are
welcome there and we can discuss PERL in real time. Don't quit the user
group though, you won't want to miss anything
-Original Message-
From: Randal L. Schwartz [mailto:[EMAIL PROTECTED]
Sent: Friday, March 28, 2003 8:44 PM
To: [EMAIL PROTECTED]; Cool Hand Luke
Subject: Re: The very un-useful 'premature end of script headers' error
message
>>>>> "Cool" == Cool Hand Luke <[EMAIL PROTECTED]> writes:
Cool> Hello All,
Cool> I think I figured it out, (so far). I 'm pretty sure that it has
to do
Cool> with perl 5.003 disliking the looping with the "my $pair" syntax.
Cool> As a work around, I changed this
Cool> foreach my $pair (split(/[&;]/, $submission)) {
Cool> # Convert plus to space
Cool> $pair =~ y/+/ /;
Please don't use this code. "use CGI qw(param)".
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl
training!
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: The very un-useful 'premature end of script headers' error message
> "Bill" == Bill Burke <[EMAIL PROTECTED]> writes: Bill> I added a chat room at my site http://www.speakerscorner.us . You are Bill> welcome there and we can discuss PERL in real time. Don't quit the user Bill> group though, you won't want to miss anything And there's no such thing as "PERL". It's "Perl" for the language, "perl" for the engine. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: The very un-useful 'premature end of script headers' error message
Thanks for the edification. You have been one of the most prolific contributors to the group, so I take no umbrage. Truly, you write it as perl, but the books label it PERL (Practical Extraction and Reporting Language). Please remember this is a beginners group which shares your enthusiasm, but not your expertise. -Original Message- From: Randal L. Schwartz [mailto:[EMAIL PROTECTED] Sent: Friday, March 28, 2003 9:29 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; Cool Hand Luke Subject: Re: The very un-useful 'premature end of script headers' error message >>>>> "Bill" == Bill Burke <[EMAIL PROTECTED]> writes: Bill> I added a chat room at my site http://www.speakerscorner.us . You are Bill> welcome there and we can discuss PERL in real time. Don't quit the user Bill> group though, you won't want to miss anything And there's no such thing as "PERL". It's "Perl" for the language, "perl" for the engine. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: The very un-useful 'premature end of script headers' error message
> "Bill" == Bill Burke <[EMAIL PROTECTED]> writes: Bill> Thanks for the edification. You have been one of the most prolific Bill> contributors to the group, so I take no umbrage. Truly, you write it as Bill> perl, but the books label it PERL (Practical Extraction and Reporting Bill> Language). Please remember this is a beginners group which shares your Bill> enthusiasm, but not your expertise. Actually, that's one of our clues that it's a *bad book*. If you see it spelled that way, they are less than clueful, and probably don't hang out with the experts. Put another way, when *you* spell it "PERL", we know you aren't part of the "cool crowd". :) -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: The very un-useful 'premature end of script headers' error message
The jig is up, I'm not part of the "cool crowd". You're not the first to say that and I shan't engage in semantics with, but will still read your posts. Let's drop this. -Original Message- From: Randal L. Schwartz [mailto:[EMAIL PROTECTED] Sent: Saturday, March 29, 2003 12:18 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; Cool Hand Luke Subject: Re: The very un-useful 'premature end of script headers' error message >>>>> "Bill" == Bill Burke <[EMAIL PROTECTED]> writes: Bill> Thanks for the edification. You have been one of the most prolific Bill> contributors to the group, so I take no umbrage. Truly, you write it as Bill> perl, but the books label it PERL (Practical Extraction and Reporting Bill> Language). Please remember this is a beginners group which shares your Bill> enthusiasm, but not your expertise. Actually, that's one of our clues that it's a *bad book*. If you see it spelled that way, they are less than clueful, and probably don't hang out with the experts. Put another way, when *you* spell it "PERL", we know you aren't part of the "cool crowd". :) -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: The very un-useful 'premature end of script headers' error message
Somebody better tell Nathan Patwardhan, Ellen Siever, & Stephen Spainhour then. I'm looking at the 2nd edition of PERL IN A NUTSHELL (and that is exactly how it's printed) right now. I knew the difference but just had to throw that in there. :) -Original Message- From: Randal L. Schwartz [mailto:[EMAIL PROTECTED] Sent: Friday, March 28, 2003 11:18 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; Cool Hand Luke Subject: Re: The very un-useful 'premature end of script headers' error message >>>>> "Bill" == Bill Burke <[EMAIL PROTECTED]> writes: Bill> Thanks for the edification. You have been one of the most prolific Bill> contributors to the group, so I take no umbrage. Truly, you write it as Bill> perl, but the books label it PERL (Practical Extraction and Reporting Bill> Language). Please remember this is a beginners group which shares your Bill> enthusiasm, but not your expertise. Actually, that's one of our clues that it's a *bad book*. If you see it spelled that way, they are less than clueful, and probably don't hang out with the experts. Put another way, when *you* spell it "PERL", we know you aren't part of the "cool crowd". :) -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: The very un-useful 'premature end of script headers' error message
Ah, another "uncool". Thanks Scot. I don't write the books,I read them -Original Message- From: Scot Robnett [mailto:[EMAIL PROTECTED] Sent: Saturday, March 29, 2003 12:48 AM To: Randal L. Schwartz; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; Cool Hand Luke Subject: RE: The very un-useful 'premature end of script headers' error message Somebody better tell Nathan Patwardhan, Ellen Siever, & Stephen Spainhour then. I'm looking at the 2nd edition of PERL IN A NUTSHELL (and that is exactly how it's printed) right now. I knew the difference but just had to throw that in there. :) -Original Message- From: Randal L. Schwartz [mailto:[EMAIL PROTECTED] Sent: Friday, March 28, 2003 11:18 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; Cool Hand Luke Subject: Re: The very un-useful 'premature end of script headers' error message >>>>> "Bill" == Bill Burke <[EMAIL PROTECTED]> writes: Bill> Thanks for the edification. You have been one of the most prolific Bill> contributors to the group, so I take no umbrage. Truly, you write it as Bill> perl, but the books label it PERL (Practical Extraction and Reporting Bill> Language). Please remember this is a beginners group which shares your Bill> enthusiasm, but not your expertise. Actually, that's one of our clues that it's a *bad book*. If you see it spelled that way, they are less than clueful, and probably don't hang out with the experts. Put another way, when *you* spell it "PERL", we know you aren't part of the "cool crowd". :) -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: The very un-useful 'premature end of script headers' error message
> "Scot" == Scot Robnett <[EMAIL PROTECTED]> writes: Scot> Somebody better tell Nathan Patwardhan, Ellen Siever, & Stephen Scot> Spainhour then. I'm looking at the 2nd edition of PERL IN A Scot> NUTSHELL (and that is exactly how it's printed) right now. I don't have a copy of the book at hand, but in Safari, the only time it's spelled all caps is on the front cover, and I can certainly imagine that it was done that way for aesthetic reasons. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: The very un-useful 'premature end of script headers' error message
Well, this is gone to far. Some books say Perl some say PERL. I say potatoe, you say tamato. If the biggest issue we have is the caps the on a name then we're lucky. We all agree it's #!/usr/bin/perl or whatever path when scripting. Cheers. -Original Message- From: Randal L. Schwartz [mailto:[EMAIL PROTECTED] Sent: Saturday, March 29, 2003 12:34 AM To: Scot Robnett Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Cool Hand Luke Subject: Re: The very un-useful 'premature end of script headers' error message >>>>> "Scot" == Scot Robnett <[EMAIL PROTECTED]> writes: Scot> Somebody better tell Nathan Patwardhan, Ellen Siever, & Stephen Scot> Spainhour then. I'm looking at the 2nd edition of PERL IN A Scot> NUTSHELL (and that is exactly how it's printed) right now. I don't have a copy of the book at hand, but in Safari, the only time it's spelled all caps is on the front cover, and I can certainly imagine that it was done that way for aesthetic reasons. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: The very un-useful 'premature end of script headers' error message
Now, why not? Also, notice that the code I used is not what you have quoted.
Really am curious as to why not, though.
Cool Hand Luke
http://beatfreak.home.attbi.com
- Original Message -
From: "Randal L. Schwartz" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; "Cool Hand Luke" <[EMAIL PROTECTED]>
Sent: Friday, March 28, 2003 5:44 PM
Subject: Re: The very un-useful 'premature end of script headers' error
message
> >>>>> "Cool" == Cool Hand Luke <[EMAIL PROTECTED]> writes:
>
> Cool> Hello All,
> Cool> I think I figured it out, (so far). I 'm pretty sure that it
has to do
> Cool> with perl 5.003 disliking the looping with the "my $pair" syntax.
> Cool> As a work around, I changed this
>
> Cool> foreach my $pair (split(/[&;]/, $submission)) {
> Cool> # Convert plus to space
> Cool> $pair =~ y/+/ /;
>
> Please don't use this code. "use CGI qw(param)".
>
> --
> Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777
0095
> <[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/>
> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
> See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl
training!
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: The very un-useful 'premature end of script headers' error message
On Sun, 30 Mar 2003 at 12:53, Cool Hand Luke opined: CHL:Now, why not? Also, notice that the code I used is not what you have quoted. CHL:Really am curious as to why not, though. because someone else has already written a pretty solid module for parsing query strings, and it's been tried and tested and in production on many, many systems for quite some time. there's a saying amongst perl users, "don't reinvent the wheel." if you're a beginner cgi programmer, you should be using CGI.pm. and to offer one example as an answer to your question, how would you parse a binary file uploaded to your script using your split(/[&;]/, $submission) code? -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: The very un-useful 'premature end of script headers' error message
On Sun, 30 Mar 2003 at 22:43, Cool Hand Luke opined: [reply cc'd to group] CHL:> and to offer one example as an answer to your question, how would you CHL:> parse a binary file uploaded to your script using your split(/[&;]/, CHL:> $submission) code? CHL: CHL:Not parsing any binaries, just simple form data, so that doesn't really CHL:apply. just because you don't need to parse any binaries doesn't mean your users won't try to submit one. don't forget anyone can create any kind of form that posts to your cgi. so there's nothing stopping me from creating a form like this: http://coolhandlukesite/cgi-bin/script.cgi"; enctype="multipart/form-data"> and seeing what happens when it's submitted. of course, if you were using CGI.pm, then you'd probably have something like this: use CGI; $CGI::POST_MAX = 1024 * 5; # allow max post of 5 kilobytes $CGI::DISABLE_UPLOADS = 1; # no file uploads accepted here to handle this type of post. ps - don't forget to cc the group when you reply to a message so everyone can benefit from the discussion. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: The very un-useful 'premature end of script headers' error message
> just because you don't need to parse any binaries doesn't mean your users > won't try to submit one. > > don't forget anyone can create any kind of form that posts to your cgi. > so there's nothing stopping me from creating a form like this: > > http://coolhandlukesite/cgi-bin/script.cgi"; > enctype="multipart/form-data"> > > > Good point, I hadn't thought of that. My only question is now, what will happen? Is there a security risk I should worry about? Is this really dangerous? Thanks 4 the help. Luke -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: The very un-useful 'premature end of script headers' error message
I was out of the loop on this one for awhile, but isn't that why $CGI::POST_MAX and $CGI::DISABLE_UPLOADS were created? If you need to allow multipart (or any type) of uploads, use POST_MAX and set a size limit. That way, if something is - by your determination - excessively large, your script will exit cleanly with an error message. The answer to your question is: Be afraid, be very afraid. A wiley cracker may be able to run system commands if you allow him/her to upload code. Even without knowing that much, they could simply create a script that generates a big enough upload to cause DoS (denial of service) on your server. My advice is always to err on the side of caution. Never think "that would never happen on MY site." - Scot Robnett inSite Internet Solutions [EMAIL PROTECTED] -Original Message- From: Cool Hand Luke [mailto:[EMAIL PROTECTED] Sent: Monday, March 31, 2003 1:38 PM To: fliptop Cc: [EMAIL PROTECTED] Subject: Re: The very un-useful 'premature end of script headers' error message > just because you don't need to parse any binaries doesn't mean your users > won't try to submit one. > > don't forget anyone can create any kind of form that posts to your cgi. > so there's nothing stopping me from creating a form like this: > > http://coolhandlukesite/cgi-bin/script.cgi"; > enctype="multipart/form-data"> > > > Good point, I hadn't thought of that. My only question is now, what will happen? Is there a security risk I should worry about? Is this really dangerous? Thanks 4 the help. Luke -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: The very un-useful 'premature end of script headers' error message
The problem is that even after setting a max size or disabling the uploads, the file is still uploaded. On Unix the file is uploaded in the temporary partition and it can be limited, but on Windows it is fully uploaded so this perl way of denying doesn't work on all OS's. Teddy, Teddy's Center: http://teddy.fcc.ro/ Email: [EMAIL PROTECTED] - Original Message - From: "Scot Robnett" <[EMAIL PROTECTED]> To: "Cool Hand Luke" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, March 31, 2003 10:57 PM Subject: RE: The very un-useful 'premature end of script headers' error message I was out of the loop on this one for awhile, but isn't that why $CGI::POST_MAX and $CGI::DISABLE_UPLOADS were created? If you need to allow multipart (or any type) of uploads, use POST_MAX and set a size limit. That way, if something is - by your determination - excessively large, your script will exit cleanly with an error message. The answer to your question is: Be afraid, be very afraid. A wiley cracker may be able to run system commands if you allow him/her to upload code. Even without knowing that much, they could simply create a script that generates a big enough upload to cause DoS (denial of service) on your server. My advice is always to err on the side of caution. Never think "that would never happen on MY site." - Scot Robnett inSite Internet Solutions [EMAIL PROTECTED] -Original Message- From: Cool Hand Luke [mailto:[EMAIL PROTECTED] Sent: Monday, March 31, 2003 1:38 PM To: fliptop Cc: [EMAIL PROTECTED] Subject: Re: The very un-useful 'premature end of script headers' error message > just because you don't need to parse any binaries doesn't mean your users > won't try to submit one. > > don't forget anyone can create any kind of form that posts to your cgi. > so there's nothing stopping me from creating a form like this: > > http://coolhandlukesite/cgi-bin/script.cgi"; > enctype="multipart/form-data"> > > > Good point, I hadn't thought of that. My only question is now, what will happen? Is there a security risk I should worry about? Is this really dangerous? Thanks 4 the help. Luke -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: The very un-useful 'premature end of script headers' error message
> The answer to your question is: Be afraid, be very afraid. A wiley cracker > may be able to run system commands if you allow him/her to upload code. Even > without knowing that much, they could simply create a script that generates > a big enough upload to cause DoS (denial of service) on your server. My > advice is always to err on the side of caution. Never think "that would > never happen on MY site." Well, does it help that this code snippet we have been looking at is not in a file with a .cgi or .pl extension, but in a .pm file being used by the actual .cgi file that people would be posting to. Jes' curious.. Thanks 4 All Luke -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: The very un-useful 'premature end of script headers' error message
Not really. If your form allows uploads, your form allows uploads. That's where DoS comes into play. Disguising the location of your code is a start, but you still have to figure out what you're going to do if someone tries to paste rogue code into your form or hit you with an obnoxiously large upload. CGI.pm does have some provisions for this built in, and I highly recommend its use for web forms as opposed to home-grown CGI. I believe many others on the list recommend the same Scot R. Well, does it help that this code snippet we have been looking at is not in a file with a .cgi or .pl extension, but in a .pm file being used by the actual .cgi file that people would be posting to. Jes' curious.. Thanks 4 All Luke -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
