Re: Question about Javascript and Perl form

From: A. Sinan Unur (usa1_at_llenroc.ude.invalid)
Date: 11/01/04 

Date: 1 Nov 2004 18:15:00 GMT

"Scott Medaugh" <medaugh@bellsouth.net> wrote in
news:cm5r6r$otf$1@inntp-m1.news.aol.com:

> From: "Scott Medaugh" <medaugh@bellsouth.net>
> Subject: Question about Javascript and Perl form
> Date: Monday, November 01, 2004 12:15 PM

No need to repeat this information in the body of your post.

> I am trying to do something unusual and it has me stumped. I am
> looking to change the Env variable for RemoteUser essentially.

Your question is related to CGI and web server configuration and not to
Perl specifically. You should post in the appropriate groups.

Incidentally, I am not sure what you mean by RemoteUser. There is an
environment variable REMOTE_USER set by the web server upon successful
basic authentication. See:

http://cgi-spec.golux.com/draft-coar-cgi-v11-03-clean.html#6.1.12

> would like to happen is that the user would choose a name from the
> dropdown box populated by the list in test.txt. Once the user chooses
> that name, the home directory is then pointed to the chosen name and
> the user is able to see the files listed in the new directory.

You'll need to partition/explain your problem better.

use strict;
use warnings;

> #my $user_file = "/Volumes/data01/cgi-bin/rem_user.txt";
> my $user_file = "test.txt";

...

In the code below, I do not see any effort to untaint the incoming
variable.

perldoc perlsec

> open (REMUSER, "$user_file") || Error('open','file');

perldoc -q always quote

Found in C:\Perl\lib\pod\perlfaq4.pod
  What's wrong with always quoting "$vars"?

> sub Error {
> print "Content type: text/html\n\n";
> print "The server cannot $_[0] the $_[1]: $! \n";
> exit;
> }

This is really, really not necessary or even useful:

1. You have already sent a header above.

2. die together with CGI::Carp does this right

> #######################################################################
> ##### ##########################
>
> print <<END_HTML;
> </td><td>
> <input type="button" name="test" value="Change User!"
> onClick="changeUser(document.dataBuild.uname.options[document.dataBuild
> .unam e.selectedIndex].value)">
> </td></tr>

This whole mixing HTML, Javascript and Perl together thing is making it
very hard (at least for me) to follow what you are trying to accomplish. I
am going to suggest HTML::Template.

> # This code generates a list of files in their home directory for the
> file pulldown box
>
> opendir(DIRHANDLE, "$homedir");
> while ($name = readdir(DIRHANDLE)) {
> open(FILEHANDLE, "$homedir/$name");
> if ((-f FILEHANDLE) and ($name ne ".htaccess") and ($name ne
> ".DS_Store"))

Again, you are trying to deal with something that should be a web server
configuration issue. Also, since you have not untainted the $name variable,
this will pretty much echo any file on your server.

Sinan.