1 Environment Variables

#!/usr/local/bin/perl -w

use CGI qw(:standard);
print header();
print "<html><head><title> Environment Variables </title></head><body>";
print "<h3>Environment variables script</h3>";
print "<p> Here are the environment variables that this CGI script has been called with<p><hr>";
print "
<pre>
SERVER_SOFTWARE = $ENV{'SERVER_SOFTWARE'}
SERVER_NAME = $ENV{'SERVER_NAME'}
GATEWAY_INTERFACE = $ENV{'GATEWAY_INTERFACE'}
SERVER_PROTOCOL = $ENV{'SERVER_PROTOCOL'}
SERVER_PORT = $ENV{'SERVER_PORT'}
REQUEST_METHOD = $ENV{'REQUEST_METHOD'}
HTTP_ACCEPT = '$ENV{'HTTP_ACCEPT'}'
PATH_INFO = $ENV{'PATH_INFO'}
PATH_TRANSLATED = $ENV{'PATH_TRANSLATED'}
SCRIPT_NAME = $ENV{'SCRIPT_NAME'}
QUERY_STRING = $ENV{'QUERY_STRING'}
REMOTE_HOST = $ENV{'REMOTE_HOST'}
REMOTE_ADDR = $ENV{'REMOTE_ADDR'}
REMOTE_USER = $ENV{'REMOTE_USER'}
CONTENT_TYPE = $ENV{'CONTENT_TYPE'}
CONTENT_LENGTH = $ENV{'CONTENT_LENGTH'}
DOCUMENT_ROOT= $ENV{'DOCUMENT_ROOT'}
HTTP_USER_AGENT =$ENV{'HTTP_USER_AGENT'}
HTTP_REFERER =$ENV{'HTTP_REFERER'}
</pre>";
print "<hr></body></html>";

1.1 Exercises

1) You can also print all environment variables using the following code (try it).
foreach $elem (keys %ENV) {
print "$elem $ENV{$elem}<br>";
}

2) Use one of the CGI scripts that you have created earlier in this semester. Include a print statement in the CGI script that prints the environment variables REQUEST_METHOD, QUERY_STRING and CONTENT_LENGTH. Note: that some of these are only available if the method for sending the form is "get", others are only available if the method is "post". (Check the
<form action=... method=... > tag in your form.) REQUEST_METHOD and CONTENT_LENGTH can be used to increase the security of your script. CONTENT_LENGTH should not be longer than a predefined maximum length.

2 Customize Pages with CGI

CGI can show different pages to different users depending on user preferences.

2.1 Exercises

3) Ask a user to input their name into a textfield and to choose a color from a popup menu. Then display a page with a short message (e.g. "Thank you $name for your request") in that color.

3 Security on CGI Pages

There are several security problems and error sources for CGI scripts such as the one above.

Here are some security tips:

More information is available for security of CGI scripts, Perl/CGI and general WWW security

3.1 Exercises

4) In the previous script check whether the input is reasonable and not empty:
- check whether the name and color contain only word characters or -.
- check that neither name nor color is longer than 100 chars (use the {100,} multiplier).
If the criteria are not fulfilled, do not display the results page but instead show an error message.

5) For the $name variable replace HTML characters "<" and ">" with &#60; and &#62; before printing the name.