How to write CGI by bash

Date 2008-10-08 15:32:43 | Category: PHP
in englishin japanese
I'm writing a CGI to install/update XOOPS cores/modules.
It means you will be free from "uploading/overwriting massive files via ftp" or "chmod some directories before installing".

There are too many shared web servers like:
PHP: apache module (run as apache/nobody)
CGI: suExec (run as the file's owner)
Such users must be lucky

But, I don't write the CGI by perl but bash, because perl can cause some errors depending on modules/environments.

These are Tips/Problems to write CGI by bash.

- echo HTTP response headers
Without HTTP headers, the CGI returns 500 error

- how to get requests
GET variables: parse $QUERY_STRING
POST variables: parse <stdin>
This is a sample of the parser.

	query="$QUERY_STRING&"
	until [ -z "$query" ] ; do
		k_v=${query%%&*}
		query=${query#*&}
		key=${k_v%%=*}
		value=${k_v#*=}
	done


- how to use associated arrays
We have to use para-assoc-arrays like:
REQUEST_(key)=(value)

- easy to create big holes...
We have to write the code very carefully.

- use severe "white list"
We don't have a method like htmlspecialchars()
Then we never get characters other than [a-zA-Z0-9._-].
All requests must be constructed with /^[a-zA-Z0-9._-]*$/


I produce the CGI in the next entry.
Just a moment.


You can read more news at PEAK XOOPS.
http://xoops.peak.ne.jp

The URL for this story is:
http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=462