Web Images Videos Maps News Shopping Gmail more »
Recently Visited Groups | Help | Sign in
Google Groups Home
perl.beginners.cgi
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Message from discussion perl-CGI module - post method
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Scott R. Godin  
View profile  
 More options Feb 8 2005, 9:01 pm
Newsgroups: perl.beginners.cgi
From: nos...@webdragon.net (Scott R. Godin)
Date: Tue, 08 Feb 2005 21:01:52 -0500
Local: Tues, Feb 8 2005 9:01 pm
Subject: Re: perl-CGI module - post method
Reply to author | Forward | Print | View thread | Show original | Report this message | Find messages by this author

Ovid wrote:
> --- "Scott R. Godin" <nos...@webdragon.net> wrote:

>>his example and in which case you want to get the params AFTER
>>creating
>>the cgi-object

>>my %params = $cgi->Vars;

>>which ensures that you also get multi-value <select>s as separate
>>values. too.

> $cgi->Vars separates multiple values with a null byte, thus increasing
> the risk of the person using this being vulnerable to a null-byte hack.
>  I would only use this if you're migrating from the Perl 4 cgi-lib.pl.

> Also. having to do "@foo = split "\0",$params->{foo};" is not fun and
> it's easy to get wrong.

> If someone needs multiple values, they should just take advantage of
> list context:

>   my $foo = $cgi->param('foo'); # single value
>   # versus
>   my @foo = $cgi->param('foo'); # multiple values

> Cheers,
> Ovid

You raise a good point, m'friend, and one that I pondered for quite a
while before sending an RFE to Lincoln Stein regarding possibly adding a
pragma to indicate that you want the multi-value params as an anonymous
array within the hash, thereby avoiding the potential problems of the
poison null-byte.

along the lines of

%hash = $cgi->Vars();
@foo = @{ $hash{foo} };

 From what I can see from the code it looks like the \0-packing is being
done artificially after the fact, and internally the object data IS
being stored within an arrayref in the object's structure, so this may
be a simple thing to implement. I don't know myself. I got brain-freeze
trying to follow the flow within CGI.pm :-)

We'll have to wait and see what Lincoln says, but I brainstormed a bit
and even came up with a sensible pragma name.. either -presplit or
:presplit.

Very very good point though, and one I'm going to drill on until I can't
forget it again.

--
Scott R. Godin
Laughing Dragon Services
www.webdragon.net


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google