I'm writing a CGI to install/update XOOPS cores/modules. It means you will be free from "uploading/overwriting massive files via ftp" or "chmod some directories before installing".
There are too many shared web servers like: PHP: apache module (run as apache/nobody) CGI: suExec (run as the file's owner) Such users must be lucky
But, I don't write the CGI by perl but bash, because perl can cause some errors depending on modules/environments.
These are Tips/Problems to write CGI by bash.
- echo HTTP response headers Without HTTP headers, the CGI returns 500 error
- how to get requests GET variables: parse $QUERY_STRING POST variables: parse <stdin> This is a sample of the parser.
query="$QUERY_STRING&"
until [ -z "$query" ] ; do
k_v=${query%%&*}
query=${query#*&}
key=${k_v%%=*}
value=${k_v#*=}
done
- how to use associated arrays We have to use para-assoc-arrays like: REQUEST_(key)=(value)
- easy to create big holes... We have to write the code very carefully.
- use severe "white list" We don't have a method like htmlspecialchars() Then we never get characters other than [a-zA-Z0-9._-]. All requests must be constructed with /^[a-zA-Z0-9._-]*$/
I produce the CGI in the next entry. Just a moment.