3.0.1.3 – Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 1 3.0.1.3 Introduction to CGI...

of 24/24
4/1/2004 3.0.1.3 - Introduction to CGI 1 0.1.3 – Introduction to CGI 3.0.1.3 Introduction to CGI – Session 1 · Introduction to CGI: HTML elements Sending Data: GET vs POST CGI.pm module Setting up a cgi script
  • date post

    21-Dec-2015
  • Category

    Documents

  • view

    225
  • download

    6

Embed Size (px)

Transcript of 3.0.1.3 – Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 1 3.0.1.3 Introduction to CGI...

  • Slide 1
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 1 3.0.1.3 Introduction to CGI Session 1 Introduction to CGI: HTML elements Sending Data: GET vs POST CGI.pm module Setting up a cgi script
  • Slide 2
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 2 CGI: Common Gateway Interface CGI definition: Dont get confused with other CGIs CGI stands for common gateway interface and is designed to allow Web To do things. The other kind of CGI: computer- generated image (we are going to discuss totally different CGI !!!) NOT THIS CGI !
  • Slide 3
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 3 Support of CGI for computer programming languages Scripting Languages other than Perl may be used for CGI: Unix SH KSH CSH C Alternatives to CGI: ASP (Microsoft) PHP ColdFusion Java Servlets/JSP FastCGI Mod_perl
  • Slide 4
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 4 Where you can see CGI at work Wide range of government, scientific and commercial websites use CGI
  • Slide 5
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 5 HTML stuff URLs HTTP Request Methods PUTAsk the server to create or replace a resource on the server DELETEAsk the server to delete a resource on the server CONNECTUsed to allow secure SSL connection to tunnel through HTTP OPTIONSAsk the server to list the request methods available for resource TRACEAsk the server to echo back the request headers as it receives them HEADUsed as GET, but returns only HTTP headers GETAsk the server for a resource POSTInstructs the server to modify the information on the server
  • Slide 6
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 6 Forms on the Web Form tags: Starts the Form
  • Slide 7
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 7 Two examples of using GET and POST Testing CGI Your Name: Testing CGI Weather Report: Vancouver Burnaby Coquitlam
  • Slide 8
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 8 GET vs POST GET: Most common http request. Used to retrieve information from the server, does not have a body passes request inside URL Clicking on hyperlink typing location into browser URL box clicking on bookmarks POST: Used to submit information which alters data on the server (passes the data through STDIN) May be used for just retrieving information Post more secure than GET because it doesnt pass data inside URL and therefore, users can not modify this data: not true as it is legal to construct URLs and pass information with POST The resources received via POST cannot be bookmarked or hyperlinked (and this is preferred behaviour)
  • Slide 9
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 9 CGI.pm module: Why Perl? Why Perl is good for writing CGI applications? Multiple OS support Interpreted language no need to recompile Great set of features (arguably the best reg. Expressions) Short development time May be used for full-scale backend support
  • Slide 10
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 10 Namespace of your script and CGI.pm Use CGI qw(:standard); :cgi Import all CGI-handling methods, such as param(), path_info() and the like. :form Import all fill-out form generating methods, such as textfield(). :html2 Import all methods that generate HTML 2.0 standard elements. :html3 Import all methods that generate HTML 3.0 proposed elements (such as, and ). :netscape Import all methods that generate Netscape-specific HTML extensions. :html Import all HTML-generating shortcuts (i.e. 'html2' + 'html3' + 'netscape')... :standard Import "standard" features, 'html2', 'html3', 'form' and 'cgi'. :all Import all the available methods. For the full list, see the CGI.pm code, where the variable %EXPORT_TAGS is defined.Use CGI;
  • Slide 11
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 11 Ways to generate HTML code: as always, more than one #!/usr/local/bin/perl -wT use strict; print HTMLstart_html(Test HTML page), $q->h1(Some Really Huge Letters), $q->br, $q->end_html; Using here printing Or object-oriented CGI:
  • Slide 12
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 12 Using CGI.pm: basic syntax Standard HTML elements Printing tags without closing tags: Printing opening and closing tags: Setting attributes for HTML element: print $q->br; print $q->p( This is a paragraph); print $q->p(My homepage is, $q->em($q- >server_name)); This is a paragraph My homepage is localhost print $q->a({-href => /downloads}, Download Area); Download Area
  • Slide 13
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 13 Using CGI.pm: basic syntax Printing Lists: More complex example: print $q->ol($q->li( [First,Second,Third] ) ); First Second Third print $q->table( {-border => 1, -width => 100% }, $q->Tr( [ $q->th( {-bgolor => #cccccc }, [Name, Occupation ] ), $q->td( [Frodo, Hobbit] ), $q->td( [Gandalf, Wizard] ), $q->td( [Gollum, Frodos friend] ) ] ) ); Name Occupation Frodo Hobbit Gandalf Wizard Gollum Frodos friend
  • Slide 14
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 14 CGI syntax allows to do new things easily Expandability This will produce the following nonstandard HTTP header: HTTP/1.0 200 OK Cost: Three smackers Annoyance-level: high Complaints-to: bit bucket Content-type: text/html print $q->header(-type => 'text/html', -cost => 'Three smackers', -annoyance_level => 'high', -complaints_to => 'bit bucket');
  • Slide 15
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 15 Form tags in CGI.pm Syntax for Forms in CGI is different from syntax for other elements start_form end_form textfield password_field filefield button submit radio_group textarea my $q=new CGI; print $q->textfield(-name => username, -default => Anonymous ); Generates:
  • Slide 16
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 16 Tainted data Examples: Potentially dangerous things: $foo = @ARGV; $bar = $foo; $file = ; $foo = Hello; Tainted (came from outside) Tainted (because $foo is tainted) Tainted (obtained with operator) Ok, as we set $foo inside unlink $foo; open(FOO, $foo); exec cat $foo; exec cat, $foo; Insecure Ok as it is read-only access Insecure as it uses sub-shell Ok, as we do not use the shell
  • Slide 17
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 17 Using Carp module: your scripts will leave a suicide note Using Perl -T option: -T option instructs Perl to monitor data for potential use in code, modifying something outside the script. Data considered to be tainted: Command line arguments File input Various system calls Environment variables Carp module: Catches fatal calls and shows the messages in the browser Use CGI::Carp qw( fatalsToBrowser );
  • Slide 18
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 18 Complaining in your browser window No Carp: [an error occurred while processing this directive] Internal Server Error If you did not expect this error contact our webmaster. This error is due to either a script or server misconfiguration. [an error occurred while processing this directive] With CGI::Carp qw(fatalsToBrowser): Software error: syntax error at /usr/local/web/apache/cgi-bin/intranet/people/pruzanov/quicktests/test2.cgi line 15, near "Name:" Execution of /usr/local/web/apache/cgi-bin/intranet/people/pruzanov/quicktests/test2.cgi aborted due to compilation errors. For help, please send mail to the webmaster ([email protected]), giving this error message and the time and date of the error.
  • Slide 19
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 19 Getting values into script: param() Source of a test.cgi script: param() takes an id for variable and returns the value of this variable #!/usr/bin/perl -wT use strict; use CGI qw(:standard); use CGI::Carp qw(fatalsToBrowser); print header; print start_html(-title=>"Testing CGI"); print "Your name is ".param('Y_name')."\ "; print end_html;
  • Slide 20
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 20 Say Hello to World Source of form_test.html: Output: Form Tester Enter Your name: Note that we are using POST here. GET, however, will work in this situation just as well
  • Slide 21
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 21 Using cgi to process HTML form CGI.pm at work: Here we are typing in some name At this point we are pressing Send
  • Slide 22 "test", -action=>"", -method=>"post"), textfield(-name =>"Y_name", -default=>"Enter Your name"), submit(-name =>"Send_it", -value=>"Send"), end_form; } print end_html; That is what we see when the script first starts That is what we see when we pass a name to THE VERY SAME script">
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 22 Self-processing script Doing it all at once in one place: #!/usr/bin/perl -wT use strict; use CGI qw(:standard); use CGI::Carp qw(fatalsToBrowser); print header; print start_html(-title=>"Testing CGI"); if(my $name = param('Y_name')){ print "Your name is ".$name."\ "; }else{ print start_form(-name =>"test", -action=>"", -method=>"post"), textfield(-name =>"Y_name", -default=>"Enter Your name"), submit(-name =>"Send_it", -value=>"Send"), end_form; } print end_html; That is what we see when the script first starts That is what we see when we pass a name to THE VERY SAME script
  • Slide 23 Testing CGI Enter Your Name:">
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 23 HTML code produced by.cgi scripts: Output from test2.cgi: What we see in a browser: Testing CGI Enter Your Name:
  • Slide 24
  • 3.0.1.3 Introduction to CGI 4/1/20043.0.1.3 - Introduction to CGI 24 3.0.1.3 Introduction to CGI Session 1 Common gateway interface CGI.pm usage: use POST to change data on a server use GET to get the data strict and Carp are good for CGI monitor your data with -T