Re: problem when submitting a string through a form

Here is index.pl as it is now: you can view it at http://nikos.no-ip.org
if you want

#!/usr/bin/perl -w
use strict;
use CGI::Carp qw(fatalsToBrowser);
use CGI qw(:standard);
use DBI;
use POSIX qw(strftime);
use Encode;


my ($select, $article, $row, $data);

my $date = strftime('%y-%m-%d %H:%M:%S', localtime);
my $display_date = strftime('%a %d %b, %I:%M %p', localtime);
Encode::from_to($display_date, 'ISO-8859-7', 'utf8');

my $host = gethostbyaddr (pack ("C4", split (/\./,
$ENV{'REMOTE_ADDR'})), 2) || $ENV{REMOTE_ADDR};
$host = "Administrator" if ( ($host =~ /dell/) or ($host =~ /
localhost/) );

#===============================================================================
my $db = ( $ENV{'SERVER_NAME'} !~ /varsa/ )
? DBI->connect('DBI:mysql:orthodox;localhost', 'root', '*****',
{RaiseError=>1})
: DBI->connect('DBI:mysql:nikosva_orthodox;www.freegreece.net',
'nikosva_nikos', '****', {RaiseError=>1});
#===============================================================================

print header( -charset=>'utf-8' );
my $article = param('select') || "Αρχική Σελίδα!";

my @files = glob "$ENV{'DOCUMENT_ROOT'}/data/text/*.txt";
my @display_files = map m{([^/]+)\.txt}, @files;
Encode::from_to($_, 'ISO-8859-7', 'utf8') for @display_files;


if ( param('select') ) { #If user selected an item from the drop
down menu
unless ( grep { $_ eq param('select') } @display_files ) #Unless
user selection doesn't match one of the valid filenames within
@display_files
{
if( param('select') =~ /\0/ )
{
$article = "*Null Byte Injection* attempted & logged!";
print br() x 2, h1( {class=>'big'}, $article );
}
if( param('select') =~ /\/\.\./ )
{
$article = "*Backwards Directory Traversal* attempted &
logged!";
print br() x 2, h1( {class=>'big'}, $article );
}

$select = $db->prepare( "UPDATE guestlog SET article=?, date=?,
counter=counter+1 WHERE host=?" );
$select->execute( $article, $date, $host );

exit 0;
}

$article = decode('utf8', param('select' ));
Encode::from_to($article, 'utf8', 'ISO-8859-7');

open FILE, "<$ENV{'DOCUMENT_ROOT'}/data/text/$article.txt" or die
$!;
local $/;
$data = <FILE>;
close FILE;

$select = $db->prepare( "UPDATE guestlog SET article=?, date=?,
counter=counter+1 WHERE host=?" );
$select->execute( $article, $date, $host );
}
else {
$select = $db->prepare( "SELECT host FROM guestlog WHERE host=?" );
$select->execute( $host );

if ($select->rows)
{
$select = $db->prepare( "SELECT host, DATE_FORMAT(date, '%a %d
%b, %h:%i') AS date, counter, article FROM guestlog WHERE host=?" );
$select->execute( $host );
$row = $select->fetchrow_hashref;

$data = "Καλώς ήλθες $host! Χαίρομαι που βρίσκεις την σελίδα
ενδιαφέρουσα.
Τελευταία φορά ήρθες εδώ ως $row->{host} στις $row-
{date} !
Προηγούμενος αριθμών επισκέψεων => $row->{counter}
Τελευταία είδες το κείμενο [ $row->{article} ]
Ποιό κείμενο θα μελετήσεις αυτήν την φορά !?";

$select = $db->prepare( "UPDATE guestlog SET date=?,
counter=counter+1 WHERE host=?" );
$select->execute( $date, $host );
}
else
{
if ($host eq "Administrator") {
$data = "Γειά σου Νικόλα! Πώς πάνε τα κέφια? ;-)";
}
else {
$data = "Γειά σου $host!
Έρχεσαι για 1η φορά εδώ !!
Ελπίζω να βρείς τα κείμενα ενδιαφέροντα :-)";
}

unless ($host eq "Administrator") {
$select = $db->prepare( "INSERT INTO guestlog (host, date,
article, counter) VALUES (?, ?, ?, ?)" );
$select->execute( $host, $date, $article, 1 );
}
}
}

for ($data) {
s/\n/\\n/g;
s/"/\\"/g;
tr/\cM//d;
}

#======OK, $data set up. Now print header, start_html and JavaScript
stuff======

print
start_html(
-script => [
"var textToShow = '$data';",
{
-language => 'JAVASCRIPT',
-src => '/data/scripts/char_by_char.js'
}
],
-style => '/data/scripts/style.css',
-title => 'Ορθόδοξα Πνευματικά Θέματα!',
-onload => 'init();'
),

a({href=>'/cgi-bin/register.pl'}, img{src=>'/data/images/reg.jpg'}),

start_form(action=>'/cgi-bin/index.pl'),
h1({class=>'lime'}, "Επέλεξε το κείμενο που σε ενδιαφέρει => ",
popup_menu( -name=>'select', -values=>
\@display_files ),
submit(-label=>'ok')),
end_form,

div({id => "DivText"}),
end_html;

#===============================================================================

The problem is that when the user selects something from my popup
menu(one string) and then submits it, the returned string being sent
back to my index.pl ain't matching this line: unless ( grep { $_ eq
param('select') } @display_files )

and that fact led to believe that the browser or something else
somehow malformes the original value(the one selected before
submission)

I though that this line would take care of the problem coverting it
properly to utf8 but it doesnt :(
$article = decode('utf8', param('select' ));

please help
.

Relevant Pages

  • Re: REMOTE DESKTOP NOT WORKING ANY LONGER PLEASE HELP!
    ... Vera Noest ... "This computer can't connect to the remote computer. ... owner of the remote computer or your network administrator." ... Have you checked the EventLog on the host PC? ...
    (microsoft.public.windows.terminal_services)
  • Re: how to share a host computer using "remote desktop connection"?
    ... the host site, his/her session will be terminated without his/her ... administrator users mutually exclusively dominates the host ... administrator can connect to that console session remotely ... "How a Remote Desktop Connection Affects Windows XP Professional ...
    (microsoft.public.windowsxp.basics)
  • Re: PCI Compliance - Encryption of all non-console administrative access.
    ... administrator or not). ... We use Passport PC to Host and Web to Host as ... For secure FTP we use WS FTP Pro. ... PCI Compliance - Encryption of all non-console ...
    (bit.listserv.ibm-main)
  • Re: how to share a host computer using "remote desktop connection"?
    ... Another article I just read implies that two different administrator users mutually exclusively dominates the host computer. ... But it also says "If an administrator attempts to connect and is currently logged on to the console, the administrator can connect to that console session remotely immediately". ...
    (microsoft.public.windowsxp.basics)
Loading