Help with perl array

[Nick]

I have a partial perl script that i want to understand and then be able
to change. It simply searches a text file for text and print that text
to a web page. I want to understand the array and be able to add
multiple more lines.

At the moment, it has two fields (surname and forename), i need to
expand that to around 6 or 7 fields.

Ultimately, i want to be able to search a text file for specific text
and have it output all matches (the complete line) to a web page.

Below is what i have so far:

#!/usr/bin/perl -w

use CGI;
use CGI::Carp qw(fatalsToBrowser); # Hook errors to browser

#search_file.pl
read(STDIN, $buffer,$ENV{'CONTENT_LENGTH'});
$buffer =~ tr/+/ /;
$buffer =~ s/\r/ /g;
$buffer =~ s/\n/ /g;
@pairs = split(/&/,$buffer);
foreach $pair(@pairs){
($key,$value)=split(/=/,$pair);
$formdata{$key}.="$value";
}
$search=$formdata{'search'};

open(INFO, "names_file.txt"); # Open db for reading
@array=<INFO>;
close (INFO);

print "Content-type:text/html\n\n"; #Content Header

print <<End_of_head;
<html>
<head><title>Display File Contents</title></head>
<body>
<h4>This script displays the contents of names_file.txt.</h4>
End_of_head

foreach $line (@array){
if ($line =~ /$search/){
($last,$first)=split(/\|/,$line);
print <<End_of_line;
Your search returned: $first $last<br>
End_of_line
}
}

print <<End_of_Doc;
</body>
</html>
End_of_Doc


Any help much appreciated.

Nick

 

[Vorxion]

I have a partial perl script that i want to understand and then be able
to change. It simply searches a text file for text and print that text

Oh, it -needs- changes.

use CGI;
use CGI::Carp qw(fatalsToBrowser); # Hook errors to browser

#search_file.pl
read(STDIN, $buffer,$ENV{'CONTENT_LENGTH'});
$buffer =~ tr/+/ /;
$buffer =~ s/\r/ /g;
$buffer =~ s/\n/ /g;
@pairs = split(/&/,$buffer);
foreach $pair(@pairs){
($key,$value)=split(/=/,$pair);
$formdata{$key}.="$value";
}

You bother to include CGI, but then write your own broken version? Why?

Your methodology -can- break--quite easily. If the input is large enough
and chunked or split by packet sizes, you won't get CONTENT_LENGTH all at
once, and you're not bothering to retry and append until you do. You're
also only handling POST with your methodology, where the module you include
but don't use is already fully capable of handling both. I happened to
nuke the rest, but I don't see you doing any urldecoding, either--at least
not in the quoted section where I'd expect at least a reference to a
function designed to do so. Pardon, you decoded spaces but none of the
other characters you're likely to need decoded. Very broken.

If you're going to work in this area, I suggest you fully embrace CGI.pm
and use it correctly. Everything else is superfluous because your engine
is more or less destined to break.

`perldoc CGI`

Actually, I suggest that you hire someone to actually work on your CGI for
you. If you're making mistakes this crucial, you're bound to overlook
even some of the most basic CGI security rules. This leads to compromised
systems, which are generally Not A Good Thing[tm].

No offense...I've just seen systems that are the result of people trying to
roll their own when they don't understand the basics. CGI is not an area
for beginners, from a security standpoint.

 

[Tad McClellan]

I have a partial perl script

It is a profoundly amateurish program.

You would be well-served to throw it away and start with code
that was writted by a *good* programmer instead.

that i want to understand and then be able
to change. It simply searches a text file for text and print that text
to a web page. I want to understand the array

The array does nothing more than hold all of the lines in memory,
only to process them line-by-line anyway.

A Real Programmer would not have written it that way.

and be able to add
multiple more lines.

The array has nothing to do with the number of fields.

At the moment, it has two fields (surname and forename), i need to
expand that to around 6 or 7 fields.

You need to change the split() line if you want to accomodate more fields.

Ultimately, i want to be able to search a text file for specific text
and have it output all matches (the complete line) to a web page.

Below is what i have so far:

#!/usr/bin/perl -w

use CGI;
use CGI::Carp qw(fatalsToBrowser); # Hook errors to browser

#search_file.pl
read(STDIN, $buffer,$ENV{'CONTENT_LENGTH'});
$buffer =~ tr/+/ /;
$buffer =~ s/\r/ /g;
$buffer =~ s/\n/ /g;
@pairs = split(/&/,$buffer);
foreach $pair(@pairs){
($key,$value)=split(/=/,$pair);
$formdata{$key}.="$value";
}
$search=$formdata{'search'};

This is buggy and has security holes.

You will be hacked if you attempt to use this code.

You are already pulling in the CGI module, so you should use
that for parsing the form values instead.

open(INFO, "names_file.txt"); # Open db for reading

You should always, yes *always*, check the return value from open():

open(INFO, 'names_file.txt') or die "could not open 'names_file.txt' $!";

@array=<INFO>;

foreach $line (@array){

It is script-kiddie form to read into an array only to process
line-by-line anyway.

Why not read a line a process a line, having only a single line
in memory instead?

print <<End_of_line;
Your search returned: $first $last<br>
End_of_line

More hokey code.

print "Your search returned: $first $last<br>";

does the same thing only it is easier to read.

Any help much appreciated.

Scrap that piece of crap and write a new program from scratch.

 

[Brian McCauley]

You bother to include CGI, but then write your own broken version? Why?

Your methodology -can- break--quite easily. If the input is large enough
and chunked or split by packet sizes, you won't get CONTENT_LENGTH all at
once, and you're not bothering to retry and append until you do.

While there are many ligitimate reasons to avoid broken hand-rolled CGI
decoders, that isn't one. Perl's read() is like C's fread(), in Perl
C's read() is called sysread().