Outcomes

• Know what are CGI Environment Variables • Know how to use environment variables • How to process A simple Query Form • Able to use URL Encoding rules in your perl program • Able to use Split function to extract information • Understand what is CGIWRAP

CGI Environment Variables

• Environment variables is a set of hidden values that Web server sends to every CGI you run.

• You CGI program can parse them, and use the data you send • Environment variables are stored in a hash called %ENV • The %ENV hash is automatically set for every CGI, and you can use any or all of it as needed

• • • • • • • • • • •

CGI Environment variables

Environment variables are a series of hidden values that the web server sends to every CGI you run. Your CGI can parse them, and use the data they send.

Variable Name Value

DOCUMENT_ROOT HTTP_COOKIE HTTP_HOST The root directory of your server The visitor’s cookie, if one is set The hostname of your server HTTP_REFERER HTTP_USER_AGENT HTTPS The URL of the page that called your script The browser type of the visitor "on" if the script is being called through a secure server PATH QUERY_STRING REMOTE_ADDR The system path your server is running under The query string (see GET, below) The IP address of the visitor

• • • • • • • • • • • •

CGI Environment variables

REMOTE_HOST REMOTE_PORT REMOTE_USER REQUEST_METHOD REQUEST_URI The hostname of the visitor (if your server has reversename-lookups on; otherwise this is the IP address again) The port the visitor is connected to on the web server The visitor’s username (for .htaccess-protected pages) GET or POST The interpreted pathname of the requested document or CGI SCRIPT_FILENAME (relative to the document root) The full pathname of the current CGI SCRIPT_NAME SERVER_ADMIN SERVER_NAME The interpreted pathname of the current CGI (relative to the document root) The email address for your server’s webmaster Your server’s fully qualified domain name SERVER_PORT The port number your server is listening on SERVER_SOFTWARE The server software you’re using (such as Apache 1.3)

Examples of useful Environment variables

(env.cgi)

#!/usr/bin/perl print "Content-type:text/html\n\n";

print < EndOfHTML foreach $key (sort(keys %ENV)) { print "$key = $ENV{$key}
\n"; } print "";

DOCUMENT_ROOT = /users/csd/csd/spider/sbu GATEWAY_INTERFACE = CGI/1.1

HTTP_ACCEPT = image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */* HTTP_ACCEPT_LANGUAGE = en-gb HTTP_CACHE_CONTROL = max-age=259200 HTTP_CONNECTION = keep-alive HTTP_HOST = www.sbu.ac.uk

HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) HTTP_VIA = 1.0 cache2-eth0.sbu.ac.uk:8080 (Squid/2.3.STABLE4) HTTP_X_FORWARDED_FOR = unknown PATH = /usr/local/etc/httpd:/sbin:/usr/sbin:/usr/bin PATH_INFO = PATH_TRANSLATED = /users/eee/eee/zhaoza/.public_html/cgi-bin/env.pl

QUERY_STRING = REMOTE_ADDR = 136.148.1.94

REMOTE_HOST = cache2-eth0.sbu.ac.uk

REMOTE_PORT = 2833 REQUEST_METHOD = GET REQUEST_URI = /cgi-bin/cgiwrap/~zhaoza/env.pl

SCRIPT_FILENAME = /usr/local/apache/share/cgi-bin/cgiwrap SCRIPT_NAME = /cgi-bin/cgiwrap/zhaoza/env.pl

SERVER_ADDR = 136.148.1.1

SERVER_ADMIN = [email protected]

SERVER_NAME = www.sbu.ac.uk

SERVER_PORT = 80 SERVER_PROTOCOL = HTTP/1.0

zSERVER_SIGNATURE = SERVER_SOFTWARE = Apache/1.3.12 (Unix)

Remote Host ID

(rhost.cgi) #!/usr/bin/perl print "Content-type:text/html\n\n"; print <

Hello!

Welcome, visitor from $ENV{'REMOTE_HOST'}!

EndHTML

#!/usr/bin/perl print "Content-type:text/html\n\n"; print <

Hello!

Welcome, visitor from $ENV{'REMOTE_ADDR'}!

EndHTML

Checking Browser Type

(browser.cgi) #!/usr/bin/perl print "Content-type:text/html\n\n"; print "\n"; print "\n"; print "Browser: $ENV{'HTTP_USER_AGENT'}

\n"; if ($ENV{'HTTP_USER_AGENT'}

=~

/MSIE/) { print "You seem to be using Internet Explorer!

\n"; } elsif ($ENV{'HTTP_USER_AGENT'}

=~

/Mozilla/) { print "You seem to be using Netscape!

\n"; } else {print "You seem to be using a browser other than Netscape or IE.

\n"; } print "\n";

A simple Query Form

• When GET method is used to send data from an HTML form to CGI, the input values from the form are saved in the QUERY_STRING environment variable.

• In the Get method, the input values from the form are sent as part of the URL. The values ( saved in query_string) appears after the question mark in the URL itself.

• The query_string is organised in some way called URL encoding.

• If I include the form in my html document in the following way

Enter some test here

My name is

• When click on the submit query button, the URL should look like this: http://www.sbu.ac.uk/cgi-bin/cgiwrap/~zhaoza/test.cgi?sample_text= This+is+a+22%test22%&myname=zhao

URL Encoding rules

• Values appears immediately after a ? Mark • Items(values) are separated by & .

• For each item(value), the value on the left of = is the actual name of the form field. The value on the right is whatever you typed into the input box.

• Space is replaced with +. Other special non alphanumeric characters aer escaped out with a % code

Normal Character URL \t (tab) \n (return) / ~ : ; @ & Encoded String %09 %0A %2F %7E %3A %3B %40 %26

Split function

In this example $ENV{‘QUERY_STRING’}= sample_text= This+is+a+22%test22%&myname=zhao Example to use split function: @values = split(/&/,$ENV{'QUERY_STRING'}); foreach $i (@values) { ($varname, $mydata) = split(/=/,$i); print "$varname = $mydata\n"; }

CGIWrap

• CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms without compromising the security of the http server. Scripts are run with the permissions of the user who owns the script. In addition, several security checks are performed on the script, which will not be executed if any checks fail.