This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Path: nntp.stanford.edu!newsfeed.stanford.edu!sn-xit-03!supernews.com!sn-inject-01!corp.supernews.com!news.victoria.tc.ca!vtn1!yf110
From: yf110@vtn1.victoria.tc.ca (Malcolm Dew-Jones)
Newsgroups: comp.lang.perl.misc
Subject: Re: My "replace a word in an HTML file" problem (CGI)
Date: 4 Jul 2000 14:40:27 -0800
Organization: Victoria Telecommunity Network
Lines: 21
Message-ID: <396259cb@news.victoria.tc.ca>
References: <9971ms8qk1fcn0k5erdfkuqfb6uarlgp94@4ax.com> <3960B904.2EDF8984@imaginative-creations.com> <bkf1ms4hq5me8lo3p484a8ar9bviv85aii@4ax.com> <874s672mw6.fsf@limey.hpcc.uh.edu>
X-Complaints-To: newsabuse@supernews.com
X-Newsreader: TIN [version 1.2 PL2]
X-Original-NNTP-Posting-Host: 199.60.222.3
XPident: yf110
Xref: nntp.stanford.edu comp.lang.perl.misc:323358
Tony Curtis (tony_curtis32@yahoo.com) wrote:
: >> On Mon, 03 Jul 2000 17:28:16 +0100,
: >> Magic <Magic@mattnet.freeserve.co.uk> said:
: > Thanks for the suggestion Ozette, but I've received
: > mixed advise about "CGI.pl". Some people say it's good
: > because it makes things simple, but others say there are
: > a lot of errors in it and it isn't "standardised" so
: CGI.pm comes with perl, so I'd say that makes it
: "standard".
: If you look at the code you posted, you'll notice that it
: handles POST by blithely reading data of length
: $ENV{CONTENT_LENGTH} without checking to see how much it
: will read. That's only one problem with it.
Which is exactly what CGI.pm does by default. (the default $POST_MAX is
-1 which allows any CONTENT_LENGTH, and CGI.pm reads() it all into memory
on regular POST input.)
Path: nntp.stanford.edu!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!cs.utexas.edu!news.uh.edu!not-for-mail
From: Tony Curtis <tony_curtis32@yahoo.com>
Newsgroups: comp.lang.perl.misc
Subject: Re: My "replace a word in an HTML file" problem (CGI)
Date: 04 Jul 2000 17:43:50 -0500
Organization: Usually not before 11am
Lines: 21
Message-ID: <8766qla53t.fsf@limey.hpcc.uh.edu>
References: <9971ms8qk1fcn0k5erdfkuqfb6uarlgp94@4ax.com> <3960B904.2EDF8984@imaginative-creations.com> <bkf1ms4hq5me8lo3p484a8ar9bviv85aii@4ax.com> <874s672mw6.fsf@limey.hpcc.uh.edu> <396259cb@news.victoria.tc.ca>
NNTP-Posting-Host: limey.hpcc.uh.edu
X-Trace: Masala.CC.UH.EDU 962750643 32419 129.7.1.178 (4 Jul 2000 22:44:03 GMT)
X-Complaints-To: abuse@UH.EDU
NNTP-Posting-Date: 4 Jul 2000 22:44:03 GMT
X-Newsreader: Gnus v5.7/Emacs 20.7
Xref: nntp.stanford.edu comp.lang.perl.misc:323369
>> On 4 Jul 2000 14:40:27 -0800,
>> yf110@vtn1.victoria.tc.ca (Malcolm Dew-Jones) said:
>> [ unrestricted uploads ]
> Which is exactly what CGI.pm does by default. (the
> default $POST_MAX is -1 which allows any CONTENT_LENGTH,
> and CGI.pm reads() it all into memory on regular POST
> input.)
Yes, but it is easy to restrict it, and without modifying
code (well, obviously you have to modify code, but not the
actual code that does the CGI stuff. The module abstracts
and provides an interface to shield you from the dirty
details).
hth
t
--
"With $10,000, we'd be millionaires!"
Homer Simpson
Path: nntp.stanford.edu!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!telocity-west!TELOCITY!sn-xit-01!supernews.com!sn-inject-01!corp.supernews.com!news.victoria.tc.ca!vtn1!yf110
From: yf110@vtn1.victoria.tc.ca (Malcolm Dew-Jones)
Newsgroups: comp.lang.perl.misc
Subject: Re: My "replace a word in an HTML file" problem (CGI)
Date: 4 Jul 2000 21:45:28 -0800
Organization: Victoria Telecommunity Network
Lines: 26
Message-ID: <3962bd68@news.victoria.tc.ca>
References: <9971ms8qk1fcn0k5erdfkuqfb6uarlgp94@4ax.com> <3960B904.2EDF8984@imaginative-creations.com> <bkf1ms4hq5me8lo3p484a8ar9bviv85aii@4ax.com> <874s672mw6.fsf@limey.hpcc.uh.edu> <396259cb@news.victoria.tc.ca> <8766qla53t.fsf@limey.hpcc.uh.edu>
X-Complaints-To: newsabuse@supernews.com
X-Newsreader: TIN [version 1.2 PL2]
X-Original-NNTP-Posting-Host: 199.60.222.3
XPident: yf110
Xref: nntp.stanford.edu comp.lang.perl.misc:323388
Tony Curtis (tony_curtis32@yahoo.com) wrote:
: >> On 4 Jul 2000 14:40:27 -0800,
: >> yf110@vtn1.victoria.tc.ca (Malcolm Dew-Jones) said:
: >> [ unrestricted uploads ]
: > Which is exactly what CGI.pm does by default. (the
: > default $POST_MAX is -1 which allows any CONTENT_LENGTH,
: > and CGI.pm reads() it all into memory on regular POST
: > input.)
: Yes, but it is easy to restrict it, and without modifying
: code (well, obviously you have to modify code, but not the
: actual code that does the CGI stuff. The module abstracts
: and provides an interface to shield you from the dirty
: details).
Sure its easy ** if you think to do it **.
It would be just as easy to add it to the code we were shown.
In many ways its easier, since CONTENT_LENGTH is a broader standard so
easier to learn about. (By broader I mean that anyone working on any CGI
related project has likely seen it, not just someone who's worked with
Perl/CGI.pm).