www/63551: Lack of DTD in cgi scripts
Vladimir Chukharev
chu at h33.erkki.ton.tut.fi
Sun Mar 7 10:10:25 PST 2004
The following reply was made to PR www/63551; it has been noted by GNATS.
From: Vladimir Chukharev <chu at h33.erkki.ton.tut.fi>
To: freebsd-gnats-submit at FreeBSD.org, chu at gpi.ru
Cc:
Subject: Re: www/63551: Lack of DTD in cgi scripts
Date: Sun, 07 Mar 2004 20:02:00 +0200
------------Uhs3OFMlWL4JgNmzCTo3OV
Content-Type: text/plain; format=flowed; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Attached is a new patch, which includes the previous one (sorry for that).
With this patch the of parameter separator in URI '&' should become
interchangeable with ';', so that both should work.
The change is made in one script only, namely query-pr-summary.cgi
Please review and check. I have no possibility for extensive tests
at the moment (no GNATS and no time as always:).
Are the changes OK to continue?
Best regards,
V.Chukharev
------------Uhs3OFMlWL4JgNmzCTo3OV
Content-Disposition: attachment; filename=cgi1.patch
Content-Type: application/octet-stream; name=cgi1.patch
Content-Transfer-Encoding: 8bit
--- /usr/www/en/cgi/cgi-style.pl.orig Fri Dec 29 11:24:40 2000
+++ /usr/www/en/cgi/cgi-style.pl Sun Mar 7 14:56:01 2004
@@ -47,8 +47,10 @@
local ($title) = @_;
return "Content-type: text/html\n\n" .
+ '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">' .
"<html>\n<head><title>$title</title>\n" .
- "<meta name=\"robots\" content=\"nofollow\">\n</head>\n$t_body\n" .
+ '<meta http-equiv="CONTENT-TYPE" content="text/html; charset=ISO-8859-1">' .
+ "<meta name=\"robots\" content=\"nofollow\">\n</head>\n$t_body\n" .
"$i_topbar <h1><font color=\"#660000\">$title</font></h1>\n";
}
--- /usr/www/en/cgi/query-pr-summary.cgi.orig Sun Mar 7 16:00:00 2004
+++ /usr/www/en/cgi/query-pr-summary.cgi Sun Mar 7 17:07:02 2004
@@ -165,7 +165,7 @@
$self_ref1 = $self_ref . '?';
$self_ref1 .= 'sort=' . $input{'sort'} if $input{'sort'};
print '<P>You may view summaries by <A HREF="', $self_ref1, '">Severity</A>, ';
-$self_ref1 .= '&' if ($self_ref1 !~/\?$/);
+$self_ref1 .= ';' if ($self_ref1 !~/\?$/);
print '<A HREF="', $self_ref1, 'state=summary">State</A>, ';
print '<A HREF="', $self_ref1, 'category=summary">Category</A>, or ';
print '<A HREF="', $self_ref1, 'responsible=summary">Responsible Party</A>.';
@@ -174,22 +174,22 @@
foreach ("category", "originator", "priority", "class", "responsible",
"severity", "state", "submitter", "text", "multitext", "closedtoo") {
if ($input{$_}) {
- $self_ref2 .= '&' if ($self_ref2 !~/\?$/);
+ $self_ref2 .= ';' if ($self_ref2 !~/\?$/);
$self_ref2 .= $_ . '=' . cgiparam($input{$_});
}
}
print 'You may also sort by ';
-print '<A HREF="', $self_ref2, '&sort=lastmod">Last-Modified</A>, ';
-print '<A HREF="', $self_ref2, '&sort=category">Category</A>, or ';
-print '<A HREF="', $self_ref2, '&sort=responsible">Responsible Party</A>.', "\n";
+print '<A HREF="', $self_ref2, ';sort=lastmod">Last-Modified</A>, ';
+print '<A HREF="', $self_ref2, ';sort=category">Category</A>, or ';
+print '<A HREF="', $self_ref2, ';sort=responsible">Responsible Party</A>.', "\n";
print 'Or <A HREF="', $self_ref, '?query">formulate a specific query</A>.', "\n";
$self_ref3 = $self_ref . '?';
foreach ("category", "originator", "priority", "class", "responsible",
"severity", "state", "submitter", "text", "multitext", "sort") {
if ($input{$_}) {
- $self_ref3 .= '&' if ($self_ref2 !~/\?$/);
+ $self_ref3 .= ';' if ($self_ref2 !~/\?$/);
$self_ref3 .= $_ . '=' . cgiparam($input{$_});
}
}
@@ -197,7 +197,7 @@
if ($input{"closedtoo"}) {
print '<A HREF="', $self_ref3, '">Don',"'",'t show closed reports</A>.';
} else {
- print '<A HREF="', $self_ref3, '&closedtoo=on">Include closed reports too</A>.';
+ print '<A HREF="', $self_ref3, ';closedtoo=on">Include closed reports too</A>.';
}
}
--- /usr/www/en/cgi/cgi-lib.pl.orig Sun Mar 7 19:46:18 2004
+++ /usr/www/en/cgi/cgi-lib.pl Sun Mar 7 19:03:27 2004
@@ -47,7 +47,7 @@
} elsif ($ENV{'REQUEST_METHOD'} eq "POST") {
read(STDIN,$in,$ENV{'CONTENT_LENGTH'});
}
- @in = split(/&/,$in);
+ @in = split(/&|;/,$in);
foreach $i (0 .. $#in) {
# Convert plus's to spaces
$in[$i] =~ s/\+/ /g;
@@ -67,7 +67,8 @@
# PrintHeader
# Returns the magic line which tells WWW that we're an HTML document
sub PrintHeader {
- return "Content-type: text/html\n\n";
+ return "Content-type: text/html\n\n" .
+ '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">\n' ;
}
# MethGet
# Return true if this cgi call was using the GET request, false otherwise
------------Uhs3OFMlWL4JgNmzCTo3OV--
More information about the freebsd-www
mailing list