CGi parameters lost

Discussion in 'Perl Misc' started by Damu Zhang, Feb 17, 2004.

  1. Damu Zhang

    Damu Zhang Guest

    We are having a CGI issue, our clients send parameters via form POST, but
    sporadically the values turn be to empty, and it happened all of sunden
    since early last week. Anyone has the same issue?
     
    Damu Zhang, Feb 17, 2004
    #1
    1. Advertising

  2. Damu Zhang <> wrote:

    > We are having a CGI issue,



    Then you are in the wrong newsgroup.

    We discuss Perl here in the Perl newsgroup.

    They discuss CGI over in the CGI newsgroup:

    comp.infosystems.www.authoring.cgi


    --
    Tad McClellan SGML consulting
    Perl programming
    Fort Worth, Texas
     
    Tad McClellan, Feb 17, 2004
    #2
    1. Advertising

  3. Damu Zhang wrote:

    > We are having a CGI issue, our clients send parameters via form POST, but
    > sporadically the values turn be to empty, and it happened all of sunden
    > since early last week. Anyone has the same issue?


    Yes, it happens to me every Monday.

    gtoomey
     
    Gregory Toomey, Feb 17, 2004
    #3
  4. On Tue, 17 Feb 2004, Gregory Toomey wrote:

    > Damu Zhang wrote:
    >
    > > We are having a CGI issue, our clients send parameters via form POST, but
    > > sporadically the values turn be to empty, and it happened all of sunden
    > > since early last week. Anyone has the same issue?

    >
    > Yes, it happens to me every Monday.


    You've got an error on line 37.

    SCNR
     
    Alan J. Flavell, Feb 17, 2004
    #4
  5. Damu Zhang

    Uri Guttman Guest

    >>>>> "AJF" == Alan J Flavell <> writes:

    AJF> On Tue, 17 Feb 2004, Gregory Toomey wrote:
    >> Damu Zhang wrote:
    >>
    >> > We are having a CGI issue, our clients send parameters via form POST, but
    >> > sporadically the values turn be to empty, and it happened all of sunden
    >> > since early last week. Anyone has the same issue?

    >>
    >> Yes, it happens to me every Monday.


    AJF> You've got an error on line 37.

    please to be updating your version of PSI::ESP. it is clearly an error
    on line 42.

    uri

    --
    Uri Guttman ------ -------- http://www.stemsystems.com
    --Perl Consulting, Stem Development, Systems Architecture, Design and Coding-
    Search or Offer Perl Jobs ---------------------------- http://jobs.perl.org
     
    Uri Guttman, Feb 18, 2004
    #5
  6. Damu Zhang

    James Guest

    "Damu Zhang" <> wrote in message
    news:c0tjl7$6u1m$...
    > We are having a CGI issue, our clients send parameters via form POST, but
    > sporadically the values turn be to empty, and it happened all of sunden
    > since early last week. Anyone has the same issue?
    >


    Yeah, see it all the time where I work... Bet you are using IE & you have
    installed that latest IE cumulative security upgrade patch [Released early
    Feb '04]. We have found that a side effect of this patch is sporadic posts
    where no data is made. In some case it appears the connection times out by
    the browser immediately after clicking the button. Don't seem to know a way
    around it; but know how to suppress it effect in some windows systems.
    Netscape browsers is unaffected, just IE users after they installed that new
    patch.

    Here is the important part of what we tell our customers at work about this
    issue & is just about as much as we know at this time...
    -------------------------------------------------------------
    .... It appears a side effect of applying this recent critical update has
    caused many IE browsers fail to correctly post data within some html forms
    to the scripts on servers. Netscape browser users are unaffected by this
    recent IE patch.

    Difficulties with Internet Explorer are also likely caused by Microsoft's
    patch for Internet Explorer, as it can alter your security settings,
    restrict the browser to allow only certain types of login methods & fail to
    post info from a web page to some servers.

    Microsoft said the IE update [Cumulative Security Update for Internet
    Explorer (KB832894)] eliminates three vulnerabilities, including a
    URL-spoofing flaw being exploited by scammers. Details of the URL-spoofing
    flaw have been circulating for several months and, Microsoft explained that
    the IE patch released in February 2004 would return error messages on Web
    sites that use/allow clear text to authenticate user names and passwords.

    Microsoft's Internet Explorer (IE) modification to fix security holes in the
    browser could disrupt e-commerce sites that use/allow clear text to
    authenticate user names and passwords. A lead product manager in
    Microsoft's Windows division said that e-commerce Web sites that use/allow
    clear text for authentication may will return an "invalid syntax error" on
    Web pages once a user applies the IE patch. That's because the updated
    browser will remove support for handling user names and passwords in both
    HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs. The withdrawn
    support for clear text authentication effectively provides a workaround for
    the URL-spoofing flaws that are commonly used by scammers to mask fake sites
    and trick users into giving up sensitive information including credit card
    and social security numbers.

    In advance & response of the patch, Microsoft made the unusual move of
    releasing a knowledge base article to provide details and workarounds for
    applications and Web site developers that still use clear text
    authentication.
    (http://support.microsoft.com/default.aspx?scid=kb;[LN];834489)

    For maximum compatibility with our system, we recommend that you set the
    following in IE to resolve some common issues.

    Microsoft's patch for Internet Explorer may have altered your security
    settings. You should do the following to reset them:

    - open IE,
    - click Tools
    - click Internet Options.

    In the 'Security' tab, reset the levels for each zone to the program's
    default. This is done by clicking a zone icon & then clicking the 'Default
    Level' button. Repeat for each zone icon.

    The zone levels should look like this when you are done:

    Internet - medium
    Local intranet - medium-low
    Trusted sites - low
    Restricted sites - high

    In the 'Privacy' tab, reset level to the program's default. This is done by
    clicking the 'Default' button. This should set the slider to medium.

    In the 'Advanced' tab, at the bottom of that window, all check boxes should
    be checked under Security section, except for "Do not save encrypted pages
    to disk", "Empty Temporary Internet Files folder when browser is closed",
    and optionally "Warn if changing between secure and not secure mode".

    Make sure you click "Apply" and "OK". Then, reboot the computer so the full
    changes can take effect.


    NOTE: This may no fix the posting issues with all IE browsers. If you
    continue to see this situation happening, refreshing the existing page you
    are on may get the browser to post the data to the script correctly. Some
    clients have reported that uninstalling/disabling the above noted patch has
    fixed the issue. Additionally switching to the Netscape browser is known to
    fix the problem 100%.

    Currently Microsoft has not yet issues a patch/fix to this situation &
    because it is out of our hands, we can only make some suggestions as slight
    workarounds. Hopefully Microsoft will issue a patch to fix the issue during
    their next normal patch release cycle. ...
    -------------------------------------------------------------

    I hope this helps...
    --
    James

    (Remove NOSPAM When Emailing)
     
    James, Feb 18, 2004
    #6
  7. Damu Zhang

    Phil Connors Guest

    James wrote:
    > "Damu Zhang" <> wrote in message
    > news:c0tjl7$6u1m$...
    >
    >>We are having a CGI issue, our clients send parameters via form POST, but
    >>sporadically the values turn be to empty, and it happened all of sunden
    >>since early last week. Anyone has the same issue?
    >>

    >
    >
    > Yeah, see it all the time where I work... Bet you are using IE & you have
    > installed that latest IE cumulative security upgrade patch [Released early
    > Feb '04]. We have found that a side effect of this patch is sporadic posts
    > where no data is made. In some case it appears the connection times out by
    > the browser immediately after clicking the button. Don't seem to know a way
    > around it; but know how to suppress it effect in some windows systems.
    > Netscape browsers is unaffected, just IE users after they installed that new
    > patch...


    Even though this post got toasted a bit earlier, I'm glad you responded as you did. I have
    a client who about once every two months has an order with incomplete information.
    In a way that it could not be the customer who is messing it up. If this is not the
    answer, it's a very good clue.

    Thanks for the post.

    cheers
     
    Phil Connors, Feb 18, 2004
    #7
  8. Damu Zhang

    James Guest

    "Phil Connors" <> wrote in message
    news:...
    > James wrote:
    > > "Damu Zhang" <> wrote in message
    > > news:c0tjl7$6u1m$...
    > >
    > >>We are having a CGI issue, our clients send parameters via form POST,

    but
    > >>sporadically the values turn be to empty, and it happened all of sunden
    > >>since early last week. Anyone has the same issue?
    > >>

    > >
    > >
    > > Yeah, see it all the time where I work... Bet you are using IE & you

    have
    > > installed that latest IE cumulative security upgrade patch [Released

    early
    > > Feb '04]. We have found that a side effect of this patch is sporadic

    posts
    > > where no data is made. In some case it appears the connection times out

    by
    > > the browser immediately after clicking the button. Don't seem to know a

    way
    > > around it; but know how to suppress it effect in some windows systems.
    > > Netscape browsers is unaffected, just IE users after they installed that

    new
    > > patch...

    >
    > Even though this post got toasted a bit earlier, I'm glad you responded as

    you did. I have
    > a client who about once every two months has an order with incomplete

    information.
    > In a way that it could not be the customer who is messing it up. If this

    is not the
    > answer, it's a very good clue.
    >
    > Thanks for the post.
    >
    > cheers
    >


    With additional research time today by our staff today has located an
    offical Microsoft patch which fixes this IE issue. It apears it was
    released on 02/07/04. After extensive testing of the patch, we have foudnt
    his patch doe sinfact work to fix the issue.

    Here is what we are sending out to our known clients which have this
    problem.
    ---------------------------------------------------------------------
    As currently known, the new IE patch [Cumulative Security Update for
    Internet Explorer (KB832894)] which released in early Feb '04 may cause
    faults in some user's IE browsers when working with our SSL secure servers.

    The identified issue causes errors when Internet Explorer attempts to renew
    a connection to a server. Typically seen when doing a POST to a CGI script,
    but it does not send any data to our SSL secured servers. You should apply
    the below patch if you receive errors connecting to our servers after you
    have applied the Q832894 security update to Internet Explorer or if you are
    seeing unusual behavior in our secured administration areas.

    The patch can be downloaded from:
    http://www.microsoft.com/downloads/...28-5053-48A7-8526-BD38215C74B2&displaylang=en

    In addition, for maximum compatibility with our system, we recommend that
    you set the following in IE before applying the above patch to resolve
    most common IE browser issues.

    Microsoft's patches for Internet Explorer may have altered the browser's
    security settings. You should do the following to reset them:

    - open IE,
    - click Tools
    - click Internet Options.

    In the 'Security' tab, reset the levels for each zone to the program's
    default. This is done by clicking a zone icon & then clicking the 'Default
    Level' button. Repeat for each zone icon.

    The zone levels should look like this when you are done:

    Internet - medium
    Local intranet - medium-low
    Trusted sites - low
    Restricted sites - high

    In the 'Privacy' tab, reset level to the program's default. This is done by
    clicking the 'Default' button. This should set the slider to medium.

    In the 'Advanced' tab, at the bottom of that window, all check boxes should
    be checked under

    Security section, except for "Do not save encrypted pages to disk", "Empty
    Temporary Internet Files folder when browser is closed", and optionally
    "Warn if changing between secure and not secure mode".

    Be sure to click "Apply" and then "OK".

    Reboot the computer so the full changes can take effect.
    ---------------------------------------------------------------------

    This should fix your issue in full. It has for all of our customers thus
    far & with our windows desktops at work.
    --
    James

    (Remove NOSPAM When Emailing)
     
    James, Feb 19, 2004
    #8
  9. Damu Zhang

    Phil Conners Guest

    James wrote:
    > "Phil Conners" <> wrote in message
    > news:...


    > With additional research time today by our staff today has located an
    > offical Microsoft patch which fixes this IE issue. It apears it was
    > released on 02/07/04. After extensive testing of the patch, we have foudnt
    > his patch doe sinfact work to fix the issue.


    > This should fix your issue in full. It has for all of our customers thus
    > far & with our windows desktops at work.


    Thanks for the update!
    I just got another call today from this client complaining that part of the data to a
    transaction was missing. I plan on talking with him about an email to all clients.

    Thanks again!

    - Way OT, Way helpful. You put the misc in comp.lang.perl.MISC!
     
    Phil Conners, Feb 19, 2004
    #9
  10. Damu Zhang

    James Guest

    "Phil Conners" <> wrote in message
    news:RkXYb.27539$...
    > James wrote:
    > > "Phil Conners" <> wrote in message
    > > news:...

    >
    > > With additional research time today by our staff today has located an
    > > offical Microsoft patch which fixes this IE issue. It apears it was
    > > released on 02/07/04. After extensive testing of the patch, we have

    foudnt
    > > his patch doe sinfact work to fix the issue.

    >
    > > This should fix your issue in full. It has for all of our customers

    thus
    > > far & with our windows desktops at work.

    >
    > Thanks for the update!
    > I just got another call today from this client complaining that part of

    the data to a
    > transaction was missing. I plan on talking with him about an email to all

    clients.
    >
    > Thanks again!
    >
    > - Way OT, Way helpful. You put the misc in comp.lang.perl.MISC!
    >


    Thanks for the comment. I simply post on issues I know the most about &
    know I can answer correctly (I still got a lot to learn, but I try... :).
    This one I can safely state that I know more then I probably needed to
    about.

    At my job, with the huge number of clients we support & types of business
    they are, it was imperative we find a solution ASAP to fix this situation.
    We simply could not believe the number of clients this was effecting; so
    finding a fix or workaround to this issue became priority one a few days ago
    for our IT staff. Our handful of support techs got flooded with helpdesk
    issues on this situation. I'm just glad Microsoft has officially recognized
    this issue as a true problem this time around & rolled out a patch for it.
    With some past IE updates, we noted the same symptoms, but Microsoft noticed
    it as a true problem & simply kept telling our company it was with all of
    our clients computers (typical M$ BS - pawn off the problems/blame due to a
    crappy patch onto the user). Anyway, I hope that helps.. If your client's
    issue is truely is what I think it is, then this should fix the problem in
    full.
    --
    James

    (Remove NOSPAM When Emailing)
     
    James, Feb 19, 2004
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    655
    Laurent Bugnion
    Mar 9, 2006
  2. Jonck van der Kogel
    Replies:
    2
    Views:
    1,008
    Jonck van der Kogel
    May 27, 2004
  3. Mathieu Drapeau

    cgi parameters lost because os.exec!

    Mathieu Drapeau, Jun 3, 2004, in forum: Python
    Replies:
    0
    Views:
    322
    Mathieu Drapeau
    Jun 3, 2004
  4. Jason
    Replies:
    2
    Views:
    555
    Jonathan Mcdougall
    May 13, 2006
  5. Joseph Czapski

    CGI.pm and lost carriage returns

    Joseph Czapski, Jul 20, 2006, in forum: Perl Misc
    Replies:
    20
    Views:
    545
    Alan J. Flavell
    Jul 22, 2006
Loading...

Share This Page