This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Path: nntp.stanford.edu!newsfeed.stanford.edu!sn-xit-03!supernews.com!sn-inject-01!corp.supernews.com!news.victoria.tc.ca!vtn1!yf110 From: yf110@vtn1.victoria.tc.ca (Malcolm Dew-Jones) Newsgroups: comp.lang.perl.misc Subject: Re: My "replace a word in an HTML file" problem (CGI) Date: 4 Jul 2000 14:40:27 -0800 Organization: Victoria Telecommunity Network Lines: 21 Message-ID: <396259cb@news.victoria.tc.ca> References: <9971ms8qk1fcn0k5erdfkuqfb6uarlgp94@4ax.com> <3960B904.2EDF8984@imaginative-creations.com> <bkf1ms4hq5me8lo3p484a8ar9bviv85aii@4ax.com> <874s672mw6.fsf@limey.hpcc.uh.edu> X-Complaints-To: newsabuse@supernews.com X-Newsreader: TIN [version 1.2 PL2] X-Original-NNTP-Posting-Host: 199.60.222.3 XPident: yf110 Xref: nntp.stanford.edu comp.lang.perl.misc:323358 Tony Curtis (tony_curtis32@yahoo.com) wrote: : >> On Mon, 03 Jul 2000 17:28:16 +0100, : >> Magic <Magic@mattnet.freeserve.co.uk> said: : > Thanks for the suggestion Ozette, but I've received : > mixed advise about "CGI.pl". Some people say it's good : > because it makes things simple, but others say there are : > a lot of errors in it and it isn't "standardised" so : CGI.pm comes with perl, so I'd say that makes it : "standard". : If you look at the code you posted, you'll notice that it : handles POST by blithely reading data of length : $ENV{CONTENT_LENGTH} without checking to see how much it : will read. That's only one problem with it. Which is exactly what CGI.pm does by default. (the default $POST_MAX is -1 which allows any CONTENT_LENGTH, and CGI.pm reads() it all into memory on regular POST input.) Path: nntp.stanford.edu!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!cs.utexas.edu!news.uh.edu!not-for-mail From: Tony Curtis <tony_curtis32@yahoo.com> Newsgroups: comp.lang.perl.misc Subject: Re: My "replace a word in an HTML file" problem (CGI) Date: 04 Jul 2000 17:43:50 -0500 Organization: Usually not before 11am Lines: 21 Message-ID: <8766qla53t.fsf@limey.hpcc.uh.edu> References: <9971ms8qk1fcn0k5erdfkuqfb6uarlgp94@4ax.com> <3960B904.2EDF8984@imaginative-creations.com> <bkf1ms4hq5me8lo3p484a8ar9bviv85aii@4ax.com> <874s672mw6.fsf@limey.hpcc.uh.edu> <396259cb@news.victoria.tc.ca> NNTP-Posting-Host: limey.hpcc.uh.edu X-Trace: Masala.CC.UH.EDU 962750643 32419 129.7.1.178 (4 Jul 2000 22:44:03 GMT) X-Complaints-To: abuse@UH.EDU NNTP-Posting-Date: 4 Jul 2000 22:44:03 GMT X-Newsreader: Gnus v5.7/Emacs 20.7 Xref: nntp.stanford.edu comp.lang.perl.misc:323369 >> On 4 Jul 2000 14:40:27 -0800, >> yf110@vtn1.victoria.tc.ca (Malcolm Dew-Jones) said: >> [ unrestricted uploads ] > Which is exactly what CGI.pm does by default. (the > default $POST_MAX is -1 which allows any CONTENT_LENGTH, > and CGI.pm reads() it all into memory on regular POST > input.) Yes, but it is easy to restrict it, and without modifying code (well, obviously you have to modify code, but not the actual code that does the CGI stuff. The module abstracts and provides an interface to shield you from the dirty details). hth t -- "With $10,000, we'd be millionaires!" Homer Simpson Path: nntp.stanford.edu!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!telocity-west!TELOCITY!sn-xit-01!supernews.com!sn-inject-01!corp.supernews.com!news.victoria.tc.ca!vtn1!yf110 From: yf110@vtn1.victoria.tc.ca (Malcolm Dew-Jones) Newsgroups: comp.lang.perl.misc Subject: Re: My "replace a word in an HTML file" problem (CGI) Date: 4 Jul 2000 21:45:28 -0800 Organization: Victoria Telecommunity Network Lines: 26 Message-ID: <3962bd68@news.victoria.tc.ca> References: <9971ms8qk1fcn0k5erdfkuqfb6uarlgp94@4ax.com> <3960B904.2EDF8984@imaginative-creations.com> <bkf1ms4hq5me8lo3p484a8ar9bviv85aii@4ax.com> <874s672mw6.fsf@limey.hpcc.uh.edu> <396259cb@news.victoria.tc.ca> <8766qla53t.fsf@limey.hpcc.uh.edu> X-Complaints-To: newsabuse@supernews.com X-Newsreader: TIN [version 1.2 PL2] X-Original-NNTP-Posting-Host: 199.60.222.3 XPident: yf110 Xref: nntp.stanford.edu comp.lang.perl.misc:323388 Tony Curtis (tony_curtis32@yahoo.com) wrote: : >> On 4 Jul 2000 14:40:27 -0800, : >> yf110@vtn1.victoria.tc.ca (Malcolm Dew-Jones) said: : >> [ unrestricted uploads ] : > Which is exactly what CGI.pm does by default. (the : > default $POST_MAX is -1 which allows any CONTENT_LENGTH, : > and CGI.pm reads() it all into memory on regular POST : > input.) : Yes, but it is easy to restrict it, and without modifying : code (well, obviously you have to modify code, but not the : actual code that does the CGI stuff. The module abstracts : and provides an interface to shield you from the dirty : details). Sure its easy ** if you think to do it **. It would be just as easy to add it to the code we were shown. In many ways its easier, since CONTENT_LENGTH is a broader standard so easier to learn about. (By broader I mean that anyone working on any CGI related project has likely seen it, not just someone who's worked with Perl/CGI.pm).