Re: mod_perl caching form data?
This appears to be the classic global variable/uninitialized variable issue with your script. Mod_perl will load that script once and never reload it again unless you tell it too, even when different users access that script. If you have written a CGI script that doesn't lead itself to a ready rewrite to run under mod_perl, try running it under the PerlRun mode of mod_perl, it works great for this situation. Go here to read up on the issue: http://perl.apache.org/docs/1.0/guide/porting.html#Sometimes_it_Works__Sometimes_it_Doesn_t dale - Original Message - From: David Ressman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 29, 2003 1:19 PM Subject: mod_perl caching form data? Hi all, I'm having a problem with mod_perl 1.2.7 that's baffling me completely, and I've been searching and reading for days, but I still can't figure it out. My apologies if this comes up frequently. I did try rather lengthy searches through the mailing list archives. Right now, I'm using mod_perl 1.2.7 compiled into an apache 1.3.27 server running on a Solaris 9 (semi-current patches, though I can't imagine that that's relevant) server. I've written some fairly straight-forward mod_perl scripts (using CGI.pm). They take form data from the user, process it, and stick it in a database (through DBI). So far, so good. Everything works pretty well... Except that something's caching previously entered form data and displaying it back to me as the default values in those same forms. As an example, this form has a text field that asks for IP addresses, and the text input will occasionally be filled out with the IP address of a system that you had entered a few minutes ago. Naturally, I suspected that my browser was the guilty party, even though I had specified '-1d' as the expiration time in the CGI header() command. It turns out that this is not the case. The forms will occasionally be pre-filled out with IP addresses that other people have given! I even went so far as to set up a network sniffer to verify that the server was indeed setting (in the HTML it sent to the client) the value parameter of the text fields to an IP address that another user had previously entered. Needless to say, my script is *not* setting the default or value parameters for these text fields. As an uneducated guess, I'd say that each httpd child-process is automatically filling out forms with data that it itself has previously received, but that's only a guess, and it still doesn't get me any closer to figuring out why it's happening. Can anyone offer any assistance or point me somewhere that I could find some documentation on what's happening? I'm completely baffled. Thanks! David
Re: mod_perl caching form data?
Perrin == Perrin Harkins [EMAIL PROTECTED] writes:
Perrin On Thu, 2003-05-29 at 17:26, [EMAIL PROTECTED] wrote:
A simple $cgi-delete('ipaddress') to delete the value when I create
the field has done the trick. Thanks very much to the both of you.
Perrin I'm glad to hear that worked, but it's still worrisome that you were
Perrin seeing data leak between different users. The form widgets are only
Perrin supposed to be sticky for values submitted on the current request. It
Perrin indicates either a bug in the way CGI.pm clears its variables under
Perrin mod_perl or a bug in your script that could surface again later.
OK, throwing my hat into the ring here...
maybe *I* wasn't hallucinating then. I just had a recent
fix to a longstanding bug in the picture section of my website...
I had been using CGI.pm (through Template::Plugin::CGI), and was
mystified because *occasionally* the wrong picture would show, but a
simple reload fixed it.
I fixed the bug by avoiding CGI.pm, and using Apache::Template's
param variable directly instead.
So maybe there is a CGI.pm bug with regarding to clearing out the
values in a mod_perl environment. I wonder how simple of a test we
can concoct to determine that?
Lincoln, are you listening?
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
[EMAIL PROTECTED] URL:http://www.stonehenge.com/merlyn/
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Re: mod_perl caching form data?
On Fri, 2003-05-30 at 10:42, Randal L. Schwartz wrote: I had been using CGI.pm (through Template::Plugin::CGI), and was mystified because *occasionally* the wrong picture would show, but a simple reload fixed it. I fixed the bug by avoiding CGI.pm, and using Apache::Template's param variable directly instead. So maybe there is a CGI.pm bug with regarding to clearing out the values in a mod_perl environment. I wonder how simple of a test we can concoct to determine that? Let's not jump to conclusions. We don't have a test case yet, and no one has seen David's code so he might have a simple global variables problem. Many people are using CGI.pm successfully with mod_perl, so if there's a problem it only happens in specific circumstances. If someone has a test case, by all means, post it. - Perrin
Re: mod_perl caching form data?
Thus spake Perrin Harkins ([EMAIL PROTECTED]): Let's not jump to conclusions. We don't have a test case yet, and no one has seen David's code so he might have a simple global variables problem. I suspect that the more likely explanation of this particular problem is that I goofed up. Anyway, the script is a thousand or so lines long, so it doesn't make a whole lot of sense to post it here. I'll go through it all with a fine-toothed comb and try to see if I can make the problem go away without having to call delete() to wipe out the parameters. If I'm able to do it, I'll certainly send something back to the list.
mod_perl caching form data?
[Sorry if an identical message comes through later. I don't think the list manager liked my address the first time I sent it through.] Hi all, I'm having a problem with mod_perl 1.2.7 that's baffling me completely, and I've been searching and reading for days, but I still can't figure it out. My apologies if this comes up frequently. I did try rather lengthy searches through the mailing list archives. Right now, I'm using mod_perl 1.2.7 compiled into an apache 1.3.27 server running on a Solaris 9 (semi-current patches, though I can't imagine that that's relevant) server. I've written some fairly straight-forward mod_perl scripts (using CGI.pm). They take form data from the user, process it, and stick it in a database (through DBI). So far, so good. Everything works pretty well... Except that something's caching previously entered form data and displaying it back to me as the default values in those same forms. As an example, this form has a text field that asks for IP addresses, and the text input will occasionally be filled out with the IP address of a system that you had entered a few minutes ago. Naturally, I suspected that my browser was the guilty party, even though I had specified '-1d' as the expiration time in the CGI header() command. It turns out that this is not the case. The forms will occasionally be pre-filled out with IP addresses that other people have given! I even went so far as to set up a network sniffer to verify that the server was indeed setting (in the HTML it sent to the client) the value parameter of the text fields to an IP address that another user had previously entered. Needless to say, my script is *not* setting the default or value parameters for these text fields. As an uneducated guess, I'd say that each httpd child-process is automatically filling out forms with data that it itself has previously received, but that's only a guess, and it still doesn't get me any closer to figuring out why it's happening. Can anyone offer any assistance or point me somewhere that I could find some documentation on what's happening? I'm completely baffled. Thanks! David
Re: mod_perl caching form data?
Quoting David Ressman [EMAIL PROTECTED]: something's caching previously entered form data and displaying it back to me as the default values in those same forms. As an example, this form has a text field that asks for IP addresses, and the text input will occasionally be filled out with the IP address of a system that you had entered a few minutes ago. If you do a view source in the browser, and check the form fields, do they have the VALUE=... paramters set? ie do you see something like this: input type=text name=ipaddress value=192.168.1.1 If that value=192.168.1.1 is set in any of your form fields, then your script is the cuprit. If your form fields don't have the value=192.168.1.1 set, or it is set to value=, then your browser is the culprit. Most modern browsers will offer to remember values you have entered into a form. On subsequent visits to the same URL, the values will be prefilled by the browser for you. mod_perl itself will never prefill form values for you. It is completely up to your script (or the modules it uses) to munge the data coming through. It is possible that you are creating your form fields with CGI.pm, which will use the currently POSTed parameters to prefill the form, or if you are using a module like HTML::FillInForm, which will also prefill form fields. But you would have to explicitly use these features in your script. HTH Cees,
Re: mod_perl caching form data?
Thus spake Cees Hek ([EMAIL PROTECTED]): input type=text name=ipaddress value=192.168.1.1 If that value=192.168.1.1 is set in any of your form fields, then your script is the cuprit. If your form fields don't have the value=192.168.1.1 set, or it is set to value=, then your browser is the culprit. That's just the problem. The value= parameter *is* filled out (and it is being done at the server end as evidenced by the network sniffer.) Unfortunately, my script is not doing it. Here's what I have in the script: print IP Address: , $cgi-textfield(-name='ipaddress', -size=20, -maxlength=20), $cgi-p; But yet the form is filled out when I go to it with a web browser. Most modern browsers will offer to remember values you have entered into a form. On subsequent visits to the same URL, the values will be prefilled by the browser for you. I was certain that that's what it was, but it just can't be. I've even used browsers on computers that have never been to the site before and the data is still pre-filled out. mod_perl itself will never prefill form values for you. It is completely up to your script (or the modules it uses) to munge the data coming through. That's good to know. Thanks very much. It is possible that you are creating your form fields with CGI.pm, which will use the currently POSTed parameters to prefill the form, or This sounds like the most likely culprit, even though I haven't explicitly turned anything on. It's possible that I've done it inadvertently. I'll check it out. Thanks again for your help. David
Re: mod_perl caching form data?
Quoting David Ressman [EMAIL PROTECTED]: It is possible that you are creating your form fields with CGI.pm, which will use the currently POSTed parameters to prefill the form, or This sounds like the most likely culprit, even though I haven't explicitly turned anything on. It's possible that I've done it inadvertently. I'll check it out. Read the CGI.pm docs and you will find the cause of your problem: http://search.cpan.org/author/JHI/perl-5.8.0/lib/CGI.pm#CREATING_FILL_OUT_FORMS_ Cheers, Cees
Re: mod_perl caching form data?
On Thu, 2003-05-29 at 16:40, David Ressman wrote: That's just the problem. The value= parameter *is* filled out (and it is being done at the server end as evidenced by the network sniffer.) Unfortunately, my script is not doing it. Here's what I have in the script: print IP Address: , $cgi-textfield(-name='ipaddress', -size=20, -maxlength=20), $cgi-p; CGI.pm uses sticky widgets by default. These are supposed to be cleared between requests though, by a cleanup handler that CGI.pm uses. Are you using mod_perl 2, by any chance? I think I see a bug in CGI.pm's handling of this for mod_perl 2. It's looking for Apache-request, which doesn't work unless you have Apache::compat on. You might also run into problems if you are copying the CGI object into a global or accidentally creating a closure with it. If you can post a very small test case that exhibits the problem, we can probably tell you if you have either of those issues. - Perrin
Re: mod_perl caching form data?
Thus spake Perrin Harkins ([EMAIL PROTECTED]):
CGI.pm uses sticky widgets by default. These are supposed to be cleared
between requests though, by a cleanup handler that CGI.pm uses. Are you
using mod_perl 2, by any chance? I think I see a bug in CGI.pm's
Nope. mod_perl 1.27
But... you and Cees are beautiful people. I'd read almost completely
through the CGI.pm documentation, but I didn't remember that it was
significant that each http child only compiles the code once, so these
cgi parameters might stay in memory as new clients hit the children.
A simple $cgi-delete('ipaddress') to delete the value when I create
the field has done the trick. Thanks very much to the both of you.
Re: mod_perl caching form data?
On Thu, 2003-05-29 at 17:26, [EMAIL PROTECTED] wrote:
A simple $cgi-delete('ipaddress') to delete the value when I create
the field has done the trick. Thanks very much to the both of you.
I'm glad to hear that worked, but it's still worrisome that you were
seeing data leak between different users. The form widgets are only
supposed to be sticky for values submitted on the current request. It
indicates either a bug in the way CGI.pm clears its variables under
mod_perl or a bug in your script that could surface again later.
- Perrin
mod_perl caching form data?
Hi all, I'm having a problem with mod_perl 1.2.7 that's baffling me completely, and I've been searching and reading for days, but I still can't figure it out. My apologies if this comes up frequently. I did try rather lengthy searches through the mailing list archives. Right now, I'm using mod_perl 1.2.7 compiled into an apache 1.3.27 server running on a Solaris 9 (semi-current patches, though I can't imagine that that's relevant) server. I've written some fairly straight-forward mod_perl scripts (using CGI.pm). They take form data from the user, process it, and stick it in a database (through DBI). So far, so good. Everything works pretty well... Except that something's caching previously entered form data and displaying it back to me as the default values in those same forms. As an example, this form has a text field that asks for IP addresses, and the text input will occasionally be filled out with the IP address of a system that you had entered a few minutes ago. Naturally, I suspected that my browser was the guilty party, even though I had specified '-1d' as the expiration time in the CGI header() command. It turns out that this is not the case. The forms will occasionally be pre-filled out with IP addresses that other people have given! I even went so far as to set up a network sniffer to verify that the server was indeed setting (in the HTML it sent to the client) the value parameter of the text fields to an IP address that another user had previously entered. Needless to say, my script is *not* setting the default or value parameters for these text fields. As an uneducated guess, I'd say that each httpd child-process is automatically filling out forms with data that it itself has previously received, but that's only a guess, and it still doesn't get me any closer to figuring out why it's happening. Can anyone offer any assistance or point me somewhere that I could find some documentation on what's happening? I'm completely baffled. Thanks! David
RE: mod_perl caching form data?
David Ressman wrote:
something's caching previously entered form data and
displaying it back to me as the default values in those same forms
This is most likely a variable scoping problem as described here:
http://perl.apache.org/docs/1.0/guide/frequent.html
As a rule of thumb, variables which are 'local' to a subroutine
should be declared with 'my' and variables which should be
visible to all routines in a file should be declared with 'our'.
eg:
use CGI;
our $cgi = new CGI;
...
sub do_something {
my($arg1, $arg2) = @_;
...
}
If your script has global variables which are declared with 'my',
they will cause problems.
Regards
Grant
Re: mod_perl caching form data?
Hi!
On Thu, May 29, 2003 at 12:19:49PM -0500, David Ressman wrote:
So far, so good. Everything works pretty well... Except that
something's caching previously entered form data and displaying it back
to me as the default values in those same forms. As an example, this
form has a text field that asks for IP addresses, and the text input
will occasionally be filled out with the IP address of a system that
you had entered a few minutes ago.
Sounds to me like you are storing your values in global variables which
won't get reset between requests.
Do you declare you vars with 'my' ?
Are you running with
use strict;
use warnings;
? If not, turn them on, as thos pragmas will help you catch this kind of
error.
See here:
http://perl.apache.org/docs/1.0/guide/porting.html#Global_Variables_Persistence
--
#!/usr/bin/perl http://domm.zsi.at
for(ref bless{},just'another'perl'hacker){s-:+-$-gprint$_.$/}
