Provided by:
manpages-zh_1.5.2-1_all 
NAME
perlfaq9 - (2003/01/31 17:36:57 )
DESCRIPTION
web
What is the correct form of response from a CGI script?
(Alan Flavell <flavell+www@a5.ph.gla.ac.uk> answers...)
The Common Gateway Interface (CGI) specifies a software interface
between a program ("CGI script") and a web server (HTTPD). It is not
specific to Perl, and has its own FAQs and tutorials, and usenet group,
comp.infosystems.www.authoring.cgi
The original CGI specification is at: http://hoohoo.ncsa.uiuc.edu/cgi/
Current best-practice RFC draft at: http://CGI-Spec.Golux.Com/
Other relevant documentation listed in:
http://www.perl.org/CGI_MetaFAQ.html
These Perl FAQs very selectively cover some CGI issues. However, Perl
programmers are strongly advised to use the CGI.pm module, to take care
of the details for them.
The similarity between CGI response headers (defined in the CGI
specification) and HTTP response headers (defined in the HTTP
specification, RFC2616) is intentional, but can sometimes be confusing.
The CGI specification defines two kinds of script: the "Parsed Header"
script, and the "Non Parsed Header" (NPH) script. Check your server
documentation to see what it supports. "Parsed Header" scripts are
simpler in various respects. The CGI specification allows any of the
usual newline representations in the CGI response (it's the server's
job to create an accurate HTTP response based on it). So "\n" written
in text mode is technically correct, and recommended. NPH scripts are
more tricky: they must put out a complete and accurate set of HTTP
transaction response headers; the HTTP specification calls for records
to be terminated with carriage-return and line-feed, i.e ASCII \015\012
written in binary mode.
Using CGI.pm gives excellent platform independence, including EBCDIC
systems. CGI.pm selects an appropriate newline representation
($CGI::CRLF) and sets binmode as appropriate.
CGI (500 Server Error)
"Troubleshooting Perl CGI scripts" guide,
http://www.perl.org/troubleshooting_CGI.html
FAQ post comp.infosystems.www.authoring.cgi HTTP HTML CGI Perl CGI
post comp.lang.perl.misc
FAQ CGI Meta FAQ
http://www.perl.org/CGI_MetaFAQ.html
CGI
Use the CGI::Carp module. It replaces "warn" and "die", plus the
normal Carp modules "carp", "croak", and "confess" functions with more
verbose and safer versions. It still sends them to the normal server
error log.
use CGI::Carp;
warn "This is a complaint";
die "But this one is serious";
The following use of CGI::Carp also redirects errors to a file of your
choice, placed in a BEGIN block to catch compile-time warnings as well:
BEGIN {
use CGI::Carp qw(carpout);
open(LOG, ">>/var/local/cgi-logs/mycgi-log")
or die "Unable to append to mycgi-log: $!\n";
carpout(*LOG);
}
You can even arrange for fatal errors to go back to the client browser,
which is nice for your own debugging, but might confuse the end user.
use CGI::Carp qw(fatalsToBrowser);
die "Bad error here";
Even if the error happens before you get the HTTP header out, the
module will try to take care of this to avoid the dreaded server 500
errors. Normal warnings still go out to the server error log (or
wherever you've sent them with "carpout") with the application name and
date stamp prepended.
HTML
HTML::Parse CPAN Web libwww-perl HTML::FormatText HTML
"s/<.*?>//g" quote HTML comment < entities "<"
#!/usr/bin/perl -p0777
s/<(?:[^>'"]*|(['"]).*?\1)*>//gs
striphtml
http://www.cpan.org/authors/Tom_Christiansen/scripts/striphtml.gz .
Here are some tricky cases that you should think about when picking a
solution:
<IMG SRC = "foo.gif" ALT = "A > B">
<IMG SRC = "foo.gif"
ALT = "A > B">
<!-- <A comment> -->
<script>if (a<b && a>c)</script>
<# Just data #>
<![INCLUDE CDATA [ >>>>>>>>>>>> ]]>
If HTML comments include other tags, those solutions would also break
on text like this:
<!-- This section commented out.
<B>You can't see me!</B>
-->
URL?
HTML URL "HTML::SimpleLinkExtor" URL "HTML::LinkExtor"
"HTML::Parser". "HTML::SimpleLinkExtor"
You can use URI::Find to extract URLs from an arbitrary text document.
Less complete solutions involving regular expressions can save you a
lot of processing time if you know that the input is simple. One
solution from Tom Christiansen runs 100 times faster than most module
based approaches but only extracts URLs from anchors where the first
attribute is HREF and there are no other attributes.
#!/usr/bin/perl -n00
# qxurl - tchrist@perl.com
print "$2\n" while m{
< \s*
A \s+ HREF \s* = \s* (["']) (.*?) \1
\s* >
}gsix;
In this case, download means to use the file upload feature of HTML
forms. You allow the web surfer to specify a file to send to your web
server. To you it looks like a download, and to the user it looks like
an upload. No matter what you call it, you do it with what's known as
multipart/form-data encoding. The CGI.pm module (which comes with Perl
as part of the Standard Library) supports this in the
start_multipart_form() method, which isn't the same as the startform()
method.
See the section in the CGI.pm documentation on file uploads for code
examples and details.
HTML ?
<SELECT> <OPTION> CGI.pm CPAN widget
HTML ?
lynx HTML
$html_code = `lynx -source $url`;
$text_data = `lynx -dump $url`;
CPAN libwww-perl (LWP) proxies lynx
# simplest version
use LWP::Simple;
$content = get($URL);
# or print HTML from a URL
use LWP::Simple;
getprint "http://www.linpro.no/lwp/";
# or print ASCII from HTML from a URL
# also need HTML-Tree package from CPAN
use LWP::Simple;
use HTML::Parser;
use HTML::FormatText;
my ($html, $ascii);
$html = get("http://www.perl.com/");
defined $html
or die "Can't fetch HTML from http://www.perl.com/";
$ascii = HTML::FormatText->new->format(parse_html($html));
print $ascii;
HTML ?
If you're submitting values using the GET method, create a URL and
encode the form using the "query_form" method:
use LWP::Simple;
use URI::URL;
my $url = url('http://www.perl.com/cgi-bin/cpan_mod');
$url->query_form(module => 'DB_File', readme => 1);
$content = get($url);
If you're using the POST method, create your own user agent and encode
the content appropriately.
use HTTP::Request::Common qw(POST);
use LWP::UserAgent;
$ua = LWP::UserAgent->new();
my $req = POST 'http://www.perl.com/cgi-bin/cpan_mod',
[ module => 'DB_File', readme => 1 ];
$content = $ua->request($req)->as_string;
web %-encoding?
If you are writing a CGI script, you should be using the CGI.pm module
that comes with perl, or some other equivalent module. The CGI module
automatically decodes queries for you, and provides an escape()
function to handle encoding.
The best source of detailed information on URI encoding is RFC 2396.
Basically, the following substitutions do it:
s/([^\w()'*~!.-])/sprintf '%%%02x', ord $1/eg; # encode
s/%([A-Fa-f\d]{2})/chr hex $1/eg; # decode
However, you should only apply them to individual URI components, not
the entire URI, otherwise you'll lose information and generally mess
things up. If that didn't explain it, don't worry. Just go read
section 2 of the RFC, it's probably the best explanation there is.
RFC 2396 also contains a lot of other useful information, including a
regexp for breaking any arbitrary URI into components (Appendix B).
Specify the complete URL of the destination (even if it is on the same
server). This is one of the two different kinds of CGI "Location:"
responses which are defined in the CGI specification for a Parsed
Headers script. The other kind (an absolute URLpath) is resolved
internally to the server without any HTTP redirection. The CGI
specifications do not allow relative URLs in either case.
Use of CGI.pm is strongly recommended. This example shows redirection
with a complete URL. This redirection is handled by the web browser.
use CGI qw/:standard/;
my $url = 'http://www.cpan.org/';
print redirect($url);
This example shows a redirection with an absolute URLpath. This
redirection is handled by the local web server.
my $url = '/CPAN/index.html';
print redirect($url);
But if coded directly, it could be as follows (the final "\n" is shown
separately, for clarity), using either a complete URL or an absolute
URLpath.
print "Location: $url\n"; # CGI response header
print "\n"; # end of headers
web web ---apache iPlanet IIS web
Perl .htpasswd .htgroup ?
HTTPD::UserAdmin HTTPD::GroupAdmin dbmBerkeley DB DBI (drivers)
HTTPD::UserAdmin`Basic' `Digest'
use HTTPD::UserAdmin ();
HTTPD::UserAdmin
->new(DB => "/foo/.htpasswd")
->add($username => $password);
CGI
CGI Meta FAQ
http://www.perl.org/CGI_MetaFAQ.html
perlfunc "split"
$/ = '';
$header = <MSG>;
$header =~ s/\n\s+/ /g; #
%head = ( UNIX_FROM_LINE, split /^([-\w]+):\s*/m, $header );
Received Received CPAN Mail::Header MailTools
CGI
CGI.pm
STDIN $ENV{CONTENT_LENGTH} $ENV{QUERY_STRING} GET read() HEAD They
don't deal with GET/POST combinations where query fields are in more
than one place. They don't deal with keywords in the query string.
In short, they're bad hacks. Resist them at all costs. Please do not
be tempted to reinvent the wheel. Instead, use the CGI.pm or
CGI_Lite.pm (available from CPAN), or if you're trapped in the module-
free land of perl1 .. perl4, you might look into cgi-lib.pl (available
from http://cgi-lib.stanford.edu/cgi-lib/ ).
Make sure you know whether to use a GET or a POST in your form. GETs
should only be used for something that doesn't update the server.
Otherwise you can get mangled databases and repeated feedback mail
messages. The fancy word for this is ``idempotency''. This simply
means that there should be no difference between making a GET request
for a particular URL once or multiple times. This is because the HTTP
protocol definition says that a GET request may be cached by the
browser, or server, or an intervening proxy. POST requests cannot be
cached, because each request is independent and matters. Typically,
POST requests change or depend on state on the server (query or update
a database, send mail, or purchase a computer).
email RFC-822
You can use the Email::Valid or RFC::RFC822::Address which check the
format of the address, although they cannot actually tell you if it is
a deliverable address (i.e. that mail to the address will not bounce).
Modules like Mail::CheckUser and Mail::EXPN try to interact with the
domain name system or particular mail servers to learn even more, but
their methods do not work everywhere---especially for security
conscious administrators.
"/^[\w.-]+\@(?:[\w-]+\.)+\w+$/" email
http://www.cpan.org/authors/Tom_Christiansen/scripts/ckaddr.gz ,
script RFC comments, Bill Clinton postmaster DNS script
Our best advice for verifying a person's mail address is to have them
enter their address twice, just as you normally do to change a
password. This usually weeds out typos. If both versions match, send
mail to that address with a personal message that looks somewhat like:
Dear someuser@host.com,
Please confirm the mail address you gave us Wed May 6 09:38:41
MDT 1998 by replying to this message. Include the string
"Rumpelstiltskin" in that reply, but spelled in reverse; that is,
start with "Nik...". Once this is done, your confirmed address will
be entered into our records.
If you get the message back and they've followed your directions, you
can be reasonably assured that it's real.
A related strategy that's less open to forgery is to give them a PIN
(personal ID number). Record the address and PIN (best that it be a
random one) for later processing. In the mail you send, ask them to
include the PIN in their reply. But if it bounces, or the message is
included via a ``vacation'' script, it'll be there anyway. So it's
best to ask them to mail back a slight alteration of the PIN, such as
with the characters reversed, one added or subtracted to each digit,
etc.
MIME/BASE64 ?
MIME-tools CPAN BASE64
use MIME::Base64;
$decoded = decode_base64($encoded);
The MIME-Tools package (available from CPAN) supports extraction with
decoding of BASE64 encoded attachments and content directly from email
messages.
unpack() ``u''
tr#A-Za-z0-9+/##cd; # remove non-base64 chars
tr#A-Za-z0-9+/# -_#; # convert to uuencoded format
$len = pack("c", 32 + 0.75*length); # compute length byte
print unpack("u", $len . $_); # uudecode and print
On systems that support getpwuid, the $< variable, and the
Sys::Hostname module (which is part of the standard perl distribution),
you can probably try using something like this:
use Sys::Hostname;
$address = sprintf('%s@%s', scalar getpwuid($<), hostname);
Company policies on mail address can mean that this generates addresses
that the company's mail system will not accept, so you should ask for
users' mail addresses when this matters. Furthermore, not all systems
on which Perl runs are so forthcoming with this information as is Unix.
The Mail::Util module from CPAN (part of the MailTools package)
provides a mailaddress() function that tries to guess the mail address
of the user. It makes a more intelligent guess than the code above,
using information given when the module was installed, but it could
still be incorrect. Again, the best way is often just to ask the user.
Use the "sendmail" program directly:
open(SENDMAIL, "|/usr/lib/sendmail -oi -t -odq")
or die "Can't fork for sendmail: $!\n";
print SENDMAIL <<"EOF";
From: User Originating Mail <me\@host>
To: Final Destination <you\@otherhost>
Subject: A relevant subject line
Body of the message goes here after the blank line
in as many lines as you like.
EOF
close(SENDMAIL) or warn "sendmail didn't close nicely";
The -oi option prevents sendmail from interpreting a line consisting of
a single dot as "end of message". The -t option says to use the
headers to decide who to send the message to, and -odq says to put the
message into the queue. This last option means your message won't be
immediately delivered, so leave it out if you want immediate delivery.
Alternate, less convenient approaches include calling mail (sometimes
called mailx) directly or simply opening up port 25 have having an
intimate conversation between just you and the remote SMTP daemon,
probably sendmail.
Or you might be able use the CPAN module Mail::Mailer:
use Mail::Mailer;
$mailer = Mail::Mailer->new();
$mailer->open({ From => $from_address,
To => $to_address,
Subject => $subject,
})
or die "Can't open: $!\n";
print $mailer $body;
$mailer->close();
The Mail::Internet module uses Net::SMTP which is less Unix-centric
than Mail::Mailer, but less reliable. Avoid raw SMTP commands. There
are many reasons to use a mail transport agent like sendmail. These
include queuing, MX records, and security.
MIME
This answer is extracted directly from the MIME::Lite documentation.
Create a multipart message (i.e., one with attachments).
use MIME::Lite;
### Create a new multipart message:
$msg = MIME::Lite->new(
From =>'me@myhost.com',
To =>'you@yourhost.com',
Cc =>'some@other.com, some@more.com',
Subject =>'A message with 2 parts...',
Type =>'multipart/mixed'
);
### Add parts (each "attach" has same arguments as "new"):
$msg->attach(Type =>'TEXT',
Data =>"Here's the GIF file you wanted"
);
$msg->attach(Type =>'image/gif',
Path =>'aaa000123.gif',
Filename =>'logo.gif'
);
$text = $msg->as_string;
MIME::Lite also includes a method for sending these things.
$msg->send;
This defaults to using sendmail but can be customized to use SMTP via
Net::SMTP.
While you could use the Mail::Folder module from CPAN (part of the
MailFolder package) or the Mail::Internet module from CPAN (part of the
MailTools package), often a module is overkill. Here's a mail sorter.
#!/usr/bin/perl
my(@msgs, @sub);
my $msgno = -1;
$/ = ''; # paragraph reads
while (<>) {
if (/^From /m) {
/^Subject:\s*(?:Re:\s*)*(.*)/mi;
$sub[++$msgno] = lc($1) || '';
}
$msgs[$msgno] .= $_;
}
for my $i (sort { $sub[$a] cmp $sub[$b] || $a <=> $b } (0 .. $#msgs)) {
print $msgs[$i];
}
Or more succinctly,
#!/usr/bin/perl -n00
# bysub2 - awkish sort-by-subject
BEGIN { $msgno = -1 }
$sub[++$msgno] = (/^Subject:\s*(?:Re:\s*)*(.*)/mi)[0] if /^From/m;
$msg[$msgno] .= $_;
END { print @msg[ sort { $sub[$a] cmp $sub[$b] || $a <=> $b } (0 .. $#msg) ] }
//IP
code `hostname`
Sys::Hostname perl gethostbyname() IP DNS
use Socket;
use Sys::Hostname;
my $host = hostname();
my $addr = inet_ntoa(scalar gethostbyname($host || 'localhost'));
Unix DNS /etc/resolv.conf resolv.conf
(Perl Unix)
Net::NNTP News::NNTPClient CPAN
perl -MNews::NNTPClient
-e 'print News::NNTPClient->new->list("newsgroups")'
/ FTP ?
LWP::Simple CPAN Net::FTP CPAN
RPC ?
DCE::RPC () DCE-Perl ( CPAN ) rpcgen CPAN/authors/id/JAKE/ RPC
RPC::ONC
AUTHOR AND COPYRIGHT
Copyright (c) 1997-2002 Tom Christiansen and Nathan Torkington. All
rights reserved.
This documentation is free; you can redistribute it and/or modify it
under the same terms as Perl itself.
Irrespective of its distribution, all code examples in this file are
hereby placed into the public domain. You are permitted and encouraged
to use this code in your own programs for fun or for profit as you see
fit. A simple comment in the code giving credit would be courteous but
is not required.