#!/usr/bin/perl -wT
#
# cgi-example.cgi - Example #1 of a CGI perl script
#
# This CGI script that creates a fill-out form and echoes back its values.
#
# If when you run this tool you see an error of the form:
#
# Can't locate __something__ in @INC (you may need to install the __something__ module) ...
# Undefined subroutine &__something__ called at ...
#
# Run, as root:
#
# cpanm CGI::Tiny Text::Xslate Data::Section::Simple HTML::Entities
#
# or if you do not have the cpanm tool:
#
# cpan CGI::Tiny Text::Xslate Data::Section::Simple HTML::Entities
#
# If needed, adjust the path from the line to be the directory under where the file,
# CGI/Tiny/Multipart.pm is found:
#
# use lib "/usr/local/perl/perl5/lib/perl5";
#
# You may have to add this directive to your apache configuration:
#
#
#
# # The directory where CGI/Tiny/Multipart.pm is found
# #
# SetEnv PERL5LIB /usr/local/perl/perl5/lib/perl5
#
#
#
# Copyright (c) 2024 by Landon Curt Noll. All Rights Reserved.
#
# Permission to use, copy, modify, and distribute this software and
# its documentation for any purpose and without fee is hereby granted,
# provided that the above copyright, this permission notice and text
# this comment, and the disclaimer below appear in all of the following:
#
# supporting documentation
# source copies
# source works derived from this source
# binaries derived from this source or from derived source
#
# LANDON CURT NOLL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO
# EVENT SHALL LANDON CURT NOLL BE LIABLE FOR ANY SPECIAL, INDIRECT OR
# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
# USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
# OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
#
# chongo (Landon Curt Noll, http://www.isthe.com/chongo/index.html) /\oo/\
#
# Share and enjoy! :-)
# requirements
#
use strict;
use warnings;
use utf8;
#
# dir where perl modules such as CGI/Tiny/Multipart.pm are found
use lib "/usr/local/perl/perl5/lib/perl5";
#
use CGI::Tiny;
use Text::Xslate;
use Data::Section::Simple 'get_data_section';
use HTML::Entities 'encode_entities';
# CGI block
#
cgi {
my $cgi = $_; # our CGI object
# set up error handling on $cgi
#
$cgi->set_error_handler(sub {
my ($cgi, $error, $rendered) = @_;
warn $error;
unless ($rendered) {
if ($cgi->response_status_code == 413) {
$cgi->render(json => {error => 'Request body limit exceeded'});
} elsif ($cgi->response_status_code == 400) {
$cgi->render(json => {error => 'Bad request'});
} else {
$cgi->render(json => {error => 'Internal server error'});
}
}
});
# Construct page from __DATA__
#
my $tx = xss(Text::Xslate->new(path => [get_data_section]));
# set response values
#
my $h1 = "CGI Example #1";
my $h2 = "Fizzbin ...";
my $script_name = $cgi->script_name;
my $yourname;
# determine method - GET or HEAD or POST of 405 error
#
my $method = $cgi->method;
if ($method eq 'GET' or $method eq 'HEAD') {
$yourname = $cgi->query_param('yourname');
} elsif ($method eq 'POST') {
$yourname = $cgi->body_param('yourname');
} else {
$cgi->set_response_status(405)->render;
exit;
}
if (! defined $yourname) {
$yourname = "Your name here";
}
# render response with $cgi->render or $cgi->render_chunk
#
$cgi->render(html => $tx->render('webpage.tx', {
h1 => xss($h1),
h2 => xss($h2),
script_name => xss($script_name),
yourname => xss($yourname),
}));
};
# All Done!!! -- Jessica Noll, Age 2
#
exit(0);
# xss - remove or encode cross site scripting chars and non-printable chars
#
# given:
# $string string to strip and encode or undef
#
# returns:
# a safer string or an empty string if string was undef
#
sub xss($)
{
my $string = $_[0]; # get arg
# firewall - undef returns undef
#
if (! defined $string) {
return "";
}
# paranoia - remove % & to avoid substitution recursion
#
$string =~ s/[%&]+//g;
# encode anything else unsafe
#
$string = encode_entities($string, "\000-\037\%\&\<\>\"\177-\377");
# return the safe string
#
return $string;
}
__DATA__
@@ webpage.tx
Simple CGI Example #0
<: $h1 :>
<: $h2 :>
You can view the source code to this program.