line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package CGI::Info; |
2
|
|
|
|
|
|
|
|
3
|
|
|
|
|
|
|
# TODO: remove the expect argument |
4
|
|
|
|
|
|
|
|
5
|
22
|
|
|
22
|
|
3325196
|
use warnings; |
|
22
|
|
|
|
|
238
|
|
|
22
|
|
|
|
|
725
|
|
6
|
22
|
|
|
22
|
|
120
|
use strict; |
|
22
|
|
|
|
|
64
|
|
|
22
|
|
|
|
|
415
|
|
7
|
22
|
|
|
22
|
|
110
|
use Carp; |
|
22
|
|
|
|
|
62
|
|
|
22
|
|
|
|
|
1222
|
|
8
|
22
|
|
|
22
|
|
143
|
use File::Spec; |
|
22
|
|
|
|
|
55
|
|
|
22
|
|
|
|
|
692
|
|
9
|
22
|
|
|
22
|
|
12403
|
use Socket; # For AF_INET |
|
22
|
|
|
|
|
80273
|
|
|
22
|
|
|
|
|
9110
|
|
10
|
22
|
|
|
22
|
|
467
|
use 5.008; |
|
22
|
|
|
|
|
80
|
|
11
|
22
|
|
|
22
|
|
9674
|
use Log::Any qw($log); |
|
22
|
|
|
|
|
181986
|
|
|
22
|
|
|
|
|
133
|
|
12
|
|
|
|
|
|
|
# use Cwd; |
13
|
|
|
|
|
|
|
# use JSON::Parse; |
14
|
22
|
|
|
22
|
|
59230
|
use List::MoreUtils; # Can go when expect goes |
|
22
|
|
|
|
|
304396
|
|
|
22
|
|
|
|
|
143
|
|
15
|
|
|
|
|
|
|
# use Sub::Private; |
16
|
22
|
|
|
22
|
|
31837
|
use Sys::Path; |
|
22
|
|
|
|
|
598542
|
|
|
22
|
|
|
|
|
814
|
|
17
|
|
|
|
|
|
|
|
18
|
22
|
|
|
22
|
|
10250
|
use namespace::clean; |
|
22
|
|
|
|
|
348122
|
|
|
22
|
|
|
|
|
160
|
|
19
|
|
|
|
|
|
|
|
20
|
|
|
|
|
|
|
sub _sanitise_input($); |
21
|
|
|
|
|
|
|
|
22
|
|
|
|
|
|
|
=head1 NAME |
23
|
|
|
|
|
|
|
|
24
|
|
|
|
|
|
|
CGI::Info - Information about the CGI environment |
25
|
|
|
|
|
|
|
|
26
|
|
|
|
|
|
|
=head1 VERSION |
27
|
|
|
|
|
|
|
|
28
|
|
|
|
|
|
|
Version 0.78 |
29
|
|
|
|
|
|
|
|
30
|
|
|
|
|
|
|
=cut |
31
|
|
|
|
|
|
|
|
32
|
|
|
|
|
|
|
our $VERSION = '0.78'; |
33
|
|
|
|
|
|
|
|
34
|
|
|
|
|
|
|
=head1 SYNOPSIS |
35
|
|
|
|
|
|
|
|
36
|
|
|
|
|
|
|
All too often Perl programs have information such as the script's name |
37
|
|
|
|
|
|
|
hard-coded into their source. |
38
|
|
|
|
|
|
|
Generally speaking, hard-coding is bad style since it can make programs |
39
|
|
|
|
|
|
|
difficult to read and it reduces readability and portability. |
40
|
|
|
|
|
|
|
CGI::Info attempts to remove that. |
41
|
|
|
|
|
|
|
|
42
|
|
|
|
|
|
|
Furthermore, to aid script debugging, CGI::Info attempts to do sensible |
43
|
|
|
|
|
|
|
things when you're not running the program in a CGI environment. |
44
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
use CGI::Info; |
46
|
|
|
|
|
|
|
my $info = CGI::Info->new(); |
47
|
|
|
|
|
|
|
# ... |
48
|
|
|
|
|
|
|
|
49
|
|
|
|
|
|
|
=head1 SUBROUTINES/METHODS |
50
|
|
|
|
|
|
|
|
51
|
|
|
|
|
|
|
=head2 new |
52
|
|
|
|
|
|
|
|
53
|
|
|
|
|
|
|
Creates a CGI::Info object. |
54
|
|
|
|
|
|
|
|
55
|
|
|
|
|
|
|
It takes four optional arguments allow, logger, expect and upload_dir, |
56
|
|
|
|
|
|
|
which are documented in the params() method. |
57
|
|
|
|
|
|
|
|
58
|
|
|
|
|
|
|
Takes an optional parameter syslog, to log messages to |
59
|
|
|
|
|
|
|
L. |
60
|
|
|
|
|
|
|
It can be a boolean to enable/disable logging to syslog, or a reference |
61
|
|
|
|
|
|
|
to a hash to be given to Sys::Syslog::setlogsock. |
62
|
|
|
|
|
|
|
|
63
|
|
|
|
|
|
|
Takes optional parameter logger, an object which is used for warnings |
64
|
|
|
|
|
|
|
|
65
|
|
|
|
|
|
|
Takes optional parameter cache, an object which is used to cache IP lookups. |
66
|
|
|
|
|
|
|
This cache object is an object that understands get() and set() messages, |
67
|
|
|
|
|
|
|
such as a L object. |
68
|
|
|
|
|
|
|
|
69
|
|
|
|
|
|
|
Takes optional parameter max_upload, which is the maximum file size you can upload |
70
|
|
|
|
|
|
|
(-1 for no limit), the default is 512MB. |
71
|
|
|
|
|
|
|
|
72
|
|
|
|
|
|
|
=cut |
73
|
|
|
|
|
|
|
|
74
|
|
|
|
|
|
|
our $stdin_data; # Class variable storing STDIN in case the class |
75
|
|
|
|
|
|
|
# is instantiated more than once |
76
|
|
|
|
|
|
|
|
77
|
|
|
|
|
|
|
sub new { |
78
|
155
|
|
|
155
|
1
|
107895
|
my $class = $_[0]; |
79
|
|
|
|
|
|
|
|
80
|
155
|
|
|
|
|
244
|
shift; |
81
|
155
|
100
|
|
|
|
541
|
my %args = (ref($_[0]) eq 'HASH') ? %{$_[0]} : @_; |
|
3
|
|
|
|
|
13
|
|
82
|
|
|
|
|
|
|
|
83
|
155
|
100
|
100
|
|
|
687
|
if($args{expect} && (ref($args{expect}) ne 'ARRAY')) { |
84
|
1
|
|
|
|
|
13
|
warn __PACKAGE__, ': expect must be a reference to an array'; |
85
|
1
|
|
|
|
|
75
|
return; |
86
|
|
|
|
|
|
|
} |
87
|
|
|
|
|
|
|
|
88
|
154
|
100
|
|
|
|
578
|
if(!defined($class)) { |
|
|
100
|
|
|
|
|
|
89
|
|
|
|
|
|
|
# Using CGI::Info->new(), not CGI::Info::new() |
90
|
|
|
|
|
|
|
# carp(__PACKAGE__, ' use ->new() not ::new() to instantiate'); |
91
|
|
|
|
|
|
|
# return; |
92
|
|
|
|
|
|
|
|
93
|
|
|
|
|
|
|
# FIXME: this only works when no arguments are given |
94
|
1
|
|
|
|
|
2
|
$class = __PACKAGE__; |
95
|
|
|
|
|
|
|
} elsif(ref($class)) { |
96
|
|
|
|
|
|
|
# clone the given object |
97
|
4
|
|
|
|
|
12
|
return bless { %{$class}, %args }, ref($class); |
|
4
|
|
|
|
|
51
|
|
98
|
|
|
|
|
|
|
} |
99
|
|
|
|
|
|
|
|
100
|
150
|
|
|
|
|
528
|
my %defaults = ( |
101
|
|
|
|
|
|
|
max_upload_size => 512 * 1024, |
102
|
|
|
|
|
|
|
allow => undef, |
103
|
|
|
|
|
|
|
expect => undef, |
104
|
|
|
|
|
|
|
upload_dir => undef |
105
|
|
|
|
|
|
|
); |
106
|
|
|
|
|
|
|
|
107
|
150
|
|
|
|
|
878
|
return bless { %defaults, %args }, $class; |
108
|
|
|
|
|
|
|
} |
109
|
|
|
|
|
|
|
|
110
|
|
|
|
|
|
|
=head2 script_name |
111
|
|
|
|
|
|
|
|
112
|
|
|
|
|
|
|
Returns the name of the CGI script. |
113
|
|
|
|
|
|
|
This is useful for POSTing, thus avoiding putting hardcoded paths into forms |
114
|
|
|
|
|
|
|
|
115
|
|
|
|
|
|
|
use CGI::Info; |
116
|
|
|
|
|
|
|
|
117
|
|
|
|
|
|
|
my $info = CGI::Info->new(); |
118
|
|
|
|
|
|
|
my $script_name = $info->script_name(); |
119
|
|
|
|
|
|
|
# ... |
120
|
|
|
|
|
|
|
print " |
121
|
|
|
|
|
|
|
|
122
|
|
|
|
|
|
|
=cut |
123
|
|
|
|
|
|
|
|
124
|
|
|
|
|
|
|
sub script_name { |
125
|
15
|
|
|
15
|
1
|
561
|
my $self = shift; |
126
|
|
|
|
|
|
|
|
127
|
15
|
100
|
|
|
|
41
|
unless($self->{script_name}) { |
128
|
9
|
|
|
|
|
20
|
$self->_find_paths(); |
129
|
|
|
|
|
|
|
} |
130
|
15
|
|
|
|
|
130
|
return $self->{script_name}; |
131
|
|
|
|
|
|
|
} |
132
|
|
|
|
|
|
|
|
133
|
|
|
|
|
|
|
sub _find_paths { |
134
|
15
|
|
|
15
|
|
24
|
my $self = shift; |
135
|
|
|
|
|
|
|
|
136
|
15
|
|
|
|
|
82
|
require File::Basename; |
137
|
15
|
|
|
|
|
468
|
File::Basename->import(); |
138
|
|
|
|
|
|
|
|
139
|
15
|
100
|
|
|
|
55
|
if($ENV{'SCRIPT_NAME'}) { |
140
|
11
|
|
|
|
|
326
|
$self->{script_name} = File::Basename::basename($ENV{'SCRIPT_NAME'}); |
141
|
|
|
|
|
|
|
} else { |
142
|
4
|
|
|
|
|
220
|
$self->{script_name} = File::Basename::basename($0); |
143
|
|
|
|
|
|
|
} |
144
|
|
|
|
|
|
|
$self->{script_name} = $self->_untaint_filename({ |
145
|
|
|
|
|
|
|
filename => $self->{script_name} |
146
|
15
|
|
|
|
|
87
|
}); |
147
|
|
|
|
|
|
|
|
148
|
15
|
100
|
66
|
|
|
137
|
if($ENV{'SCRIPT_FILENAME'}) { |
|
|
100
|
66
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
149
|
1
|
|
|
|
|
5
|
$self->{script_path} = $ENV{'SCRIPT_FILENAME'}; |
150
|
|
|
|
|
|
|
} elsif($ENV{'SCRIPT_NAME'} && $ENV{'DOCUMENT_ROOT'}) { |
151
|
5
|
|
|
|
|
11
|
my $script_name = $ENV{'SCRIPT_NAME'}; |
152
|
5
|
100
|
|
|
|
18
|
if($script_name =~ /^\/(.+)/) { |
153
|
|
|
|
|
|
|
# It's usually the case, e.g. /cgi-bin/foo.pl |
154
|
3
|
|
|
|
|
7
|
$script_name = $1; |
155
|
|
|
|
|
|
|
} |
156
|
5
|
|
|
|
|
49
|
$self->{script_path} = File::Spec->catfile($ENV{'DOCUMENT_ROOT' }, $script_name); |
157
|
|
|
|
|
|
|
} elsif($ENV{'SCRIPT_NAME'} && !$ENV{'DOCUMENT_ROOT'}) { |
158
|
5
|
100
|
100
|
|
|
239
|
if(File::Spec->file_name_is_absolute($ENV{'SCRIPT_NAME'}) && |
159
|
|
|
|
|
|
|
(-r $ENV{'SCRIPT_NAME'})) { |
160
|
|
|
|
|
|
|
# Called from a command line with a full path |
161
|
1
|
|
|
|
|
5
|
$self->{script_path} = $ENV{'SCRIPT_NAME'}; |
162
|
|
|
|
|
|
|
} else { |
163
|
4
|
|
|
|
|
24
|
require Cwd; |
164
|
4
|
|
|
|
|
97
|
Cwd->import; |
165
|
|
|
|
|
|
|
|
166
|
4
|
|
|
|
|
12
|
my $script_name = $ENV{'SCRIPT_NAME'}; |
167
|
4
|
100
|
|
|
|
19
|
if($script_name =~ /^\/(.+)/) { |
168
|
|
|
|
|
|
|
# It's usually the case, e.g. /cgi-bin/foo.pl |
169
|
2
|
|
|
|
|
6
|
$script_name = $1; |
170
|
|
|
|
|
|
|
} |
171
|
|
|
|
|
|
|
|
172
|
4
|
|
|
|
|
101
|
$self->{script_path} = File::Spec->catfile(Cwd::abs_path(), $script_name); |
173
|
|
|
|
|
|
|
} |
174
|
|
|
|
|
|
|
} elsif(File::Spec->file_name_is_absolute($0)) { |
175
|
|
|
|
|
|
|
# Called from a command line with a full path |
176
|
0
|
|
|
|
|
0
|
$self->{script_path} = $0; |
177
|
|
|
|
|
|
|
} else { |
178
|
4
|
|
|
|
|
159
|
$self->{script_path} = File::Spec->rel2abs($0); |
179
|
|
|
|
|
|
|
} |
180
|
|
|
|
|
|
|
|
181
|
|
|
|
|
|
|
$self->{script_path} = $self->_untaint_filename({ |
182
|
|
|
|
|
|
|
filename => $self->{script_path} |
183
|
15
|
|
|
|
|
92
|
}); |
184
|
|
|
|
|
|
|
} |
185
|
|
|
|
|
|
|
|
186
|
|
|
|
|
|
|
=head2 script_path |
187
|
|
|
|
|
|
|
|
188
|
|
|
|
|
|
|
Finds the full path name of the script. |
189
|
|
|
|
|
|
|
|
190
|
|
|
|
|
|
|
use CGI::Info; |
191
|
|
|
|
|
|
|
|
192
|
|
|
|
|
|
|
my $info = CGI::Info->new(); |
193
|
|
|
|
|
|
|
my $fullname = $info->script_path(); |
194
|
|
|
|
|
|
|
my @statb = stat($fullname); |
195
|
|
|
|
|
|
|
|
196
|
|
|
|
|
|
|
if(@statb) { |
197
|
|
|
|
|
|
|
my $mtime = localtime $statb[9]; |
198
|
|
|
|
|
|
|
print "Last-Modified: $mtime\n"; |
199
|
|
|
|
|
|
|
# TODO: only for HTTP/1.1 connections |
200
|
|
|
|
|
|
|
# $etag = Digest::MD5::md5_hex($html); |
201
|
|
|
|
|
|
|
printf "ETag: \"%x\"\n", $statb[9]; |
202
|
|
|
|
|
|
|
} |
203
|
|
|
|
|
|
|
=cut |
204
|
|
|
|
|
|
|
|
205
|
|
|
|
|
|
|
sub script_path { |
206
|
22
|
|
|
22
|
1
|
13477
|
my $self = shift; |
207
|
|
|
|
|
|
|
|
208
|
22
|
100
|
|
|
|
68
|
unless($self->{script_path}) { |
209
|
5
|
|
|
|
|
15
|
$self->_find_paths(); |
210
|
|
|
|
|
|
|
} |
211
|
22
|
|
|
|
|
220
|
return $self->{script_path}; |
212
|
|
|
|
|
|
|
} |
213
|
|
|
|
|
|
|
|
214
|
|
|
|
|
|
|
=head2 script_dir |
215
|
|
|
|
|
|
|
|
216
|
|
|
|
|
|
|
Returns the file system directory containing the script. |
217
|
|
|
|
|
|
|
|
218
|
|
|
|
|
|
|
use CGI::Info; |
219
|
|
|
|
|
|
|
use File::Spec; |
220
|
|
|
|
|
|
|
|
221
|
|
|
|
|
|
|
my $info = CGI::Info->new(); |
222
|
|
|
|
|
|
|
|
223
|
|
|
|
|
|
|
print 'HTML files are normally stored in ', $info->script_dir(), '/', File::Spec->updir(), "\n"; |
224
|
|
|
|
|
|
|
|
225
|
|
|
|
|
|
|
=cut |
226
|
|
|
|
|
|
|
|
227
|
|
|
|
|
|
|
sub script_dir { |
228
|
11
|
|
|
11
|
1
|
35
|
my $self = shift; |
229
|
|
|
|
|
|
|
|
230
|
11
|
100
|
|
|
|
32
|
unless($self->{script_path}) { |
231
|
1
|
|
|
|
|
3
|
$self->_find_paths(); |
232
|
|
|
|
|
|
|
} |
233
|
|
|
|
|
|
|
|
234
|
|
|
|
|
|
|
# Don't use File::Spec->splitpath() since that can leave the trailing slash |
235
|
11
|
50
|
|
|
|
35
|
if($^O eq 'MSWin32') { |
236
|
0
|
0
|
|
|
|
0
|
if($self->{script_path} =~ /(.+)\\.+?$/) { |
237
|
0
|
|
|
|
|
0
|
return $1; |
238
|
|
|
|
|
|
|
} |
239
|
|
|
|
|
|
|
} else { |
240
|
11
|
50
|
|
|
|
76
|
if($self->{script_path} =~ /(.+)\/.+?$/) { |
241
|
11
|
|
|
|
|
124
|
return $1; |
242
|
|
|
|
|
|
|
} |
243
|
|
|
|
|
|
|
} |
244
|
0
|
|
|
|
|
0
|
return $self->{script_path}; |
245
|
|
|
|
|
|
|
} |
246
|
|
|
|
|
|
|
|
247
|
|
|
|
|
|
|
=head2 host_name |
248
|
|
|
|
|
|
|
|
249
|
|
|
|
|
|
|
Return the host-name of the current web server, according to CGI. |
250
|
|
|
|
|
|
|
If the name can't be determined from the web server, the system's host-name |
251
|
|
|
|
|
|
|
is used as a fall back. |
252
|
|
|
|
|
|
|
This may not be the same as the machine that the CGI script is running on, |
253
|
|
|
|
|
|
|
some ISPs and other sites run scripts on different machines from those |
254
|
|
|
|
|
|
|
delivering static content. |
255
|
|
|
|
|
|
|
There is a good chance that this will be domain_name() prepended with either |
256
|
|
|
|
|
|
|
'www' or 'cgi'. |
257
|
|
|
|
|
|
|
|
258
|
|
|
|
|
|
|
use CGI::Info; |
259
|
|
|
|
|
|
|
|
260
|
|
|
|
|
|
|
my $info = CGI::Info->new(); |
261
|
|
|
|
|
|
|
my $host_name = $info->host_name(); |
262
|
|
|
|
|
|
|
my $protocol = $info->protocol(); |
263
|
|
|
|
|
|
|
# ... |
264
|
|
|
|
|
|
|
print "Thank you for visiting our Website!"; |
265
|
|
|
|
|
|
|
|
266
|
|
|
|
|
|
|
=cut |
267
|
|
|
|
|
|
|
|
268
|
|
|
|
|
|
|
sub host_name { |
269
|
8
|
|
|
8
|
1
|
912
|
my $self = shift; |
270
|
|
|
|
|
|
|
|
271
|
8
|
100
|
|
|
|
23
|
unless($self->{site}) { |
272
|
2
|
|
|
|
|
6
|
$self->_find_site_details(); |
273
|
|
|
|
|
|
|
} |
274
|
|
|
|
|
|
|
|
275
|
8
|
|
|
|
|
48
|
return $self->{site}; |
276
|
|
|
|
|
|
|
} |
277
|
|
|
|
|
|
|
|
278
|
|
|
|
|
|
|
sub _find_site_details { |
279
|
7
|
|
|
7
|
|
13
|
my $self = shift; |
280
|
|
|
|
|
|
|
|
281
|
7
|
100
|
|
|
|
20
|
if($self->{logger}) { |
282
|
4
|
|
|
|
|
14
|
$self->{logger}->trace('Entering _find_site_details'); |
283
|
|
|
|
|
|
|
} |
284
|
7
|
50
|
66
|
|
|
39
|
if($self->{site} && $self->{cgi_site}) { |
285
|
2
|
|
|
|
|
3
|
return; |
286
|
|
|
|
|
|
|
} |
287
|
|
|
|
|
|
|
|
288
|
5
|
|
|
|
|
519
|
require URI::Heuristic; |
289
|
5
|
|
|
|
|
2010
|
URI::Heuristic->import; |
290
|
|
|
|
|
|
|
|
291
|
5
|
100
|
|
|
|
20
|
if($ENV{'HTTP_HOST'}) { |
|
|
100
|
|
|
|
|
|
292
|
1
|
|
|
|
|
4
|
$self->{cgi_site} = URI::Heuristic::uf_uristr($ENV{'HTTP_HOST'}); |
293
|
|
|
|
|
|
|
# Remove trailing dots from the name. They are legal in URLs |
294
|
|
|
|
|
|
|
# and some sites link using them to avoid spoofing (nice) |
295
|
1
|
50
|
|
|
|
32
|
if($self->{cgi_site} =~ /(.*)\.+$/) { |
296
|
1
|
|
|
|
|
3
|
$self->{cgi_site} = $1; |
297
|
|
|
|
|
|
|
} |
298
|
|
|
|
|
|
|
} elsif($ENV{'SERVER_NAME'}) { |
299
|
3
|
|
|
|
|
10
|
$self->{cgi_site} = URI::Heuristic::uf_uristr($ENV{'SERVER_NAME'}); |
300
|
3
|
100
|
66
|
|
|
61
|
if(defined($self->protocol()) && ($self->protocol() ne 'http')) { |
301
|
1
|
|
|
|
|
12
|
$self->{cgi_site} =~ s/^http//; |
302
|
1
|
|
|
|
|
4
|
$self->{cgi_site} = $self->protocol() . $self->{cgi_site}; |
303
|
|
|
|
|
|
|
} |
304
|
|
|
|
|
|
|
} else { |
305
|
1
|
|
|
|
|
6
|
require Sys::Hostname; |
306
|
1
|
|
|
|
|
24
|
Sys::Hostname->import; |
307
|
|
|
|
|
|
|
|
308
|
1
|
50
|
|
|
|
8
|
if($self->{logger}) { |
309
|
1
|
|
|
|
|
8
|
$self->{logger}->debug('Falling back to using hostname'); |
310
|
|
|
|
|
|
|
} |
311
|
|
|
|
|
|
|
|
312
|
1
|
|
|
|
|
7
|
$self->{cgi_site} = Sys::Hostname::hostname(); |
313
|
|
|
|
|
|
|
} |
314
|
|
|
|
|
|
|
|
315
|
5
|
50
|
|
|
|
18
|
unless($self->{site}) { |
316
|
5
|
|
|
|
|
10
|
$self->{site} = $self->{cgi_site}; |
317
|
|
|
|
|
|
|
} |
318
|
5
|
100
|
|
|
|
22
|
if($self->{site} =~ /^https?:\/\/(.+)/) { |
319
|
4
|
|
|
|
|
11
|
$self->{site} = $1; |
320
|
|
|
|
|
|
|
} |
321
|
5
|
100
|
|
|
|
18
|
unless($self->{cgi_site} =~ /^https?:\/\//) { |
322
|
1
|
|
|
|
|
3
|
my $protocol = $self->protocol(); |
323
|
|
|
|
|
|
|
|
324
|
1
|
50
|
|
|
|
4
|
unless($protocol) { |
325
|
0
|
|
|
|
|
0
|
$protocol = 'http'; |
326
|
|
|
|
|
|
|
} |
327
|
1
|
|
|
|
|
9
|
$self->{cgi_site} = "$protocol://" . $self->{cgi_site}; |
328
|
|
|
|
|
|
|
} |
329
|
5
|
50
|
33
|
|
|
22
|
unless($self->{site} && $self->{cgi_site}) { |
330
|
0
|
|
|
|
|
0
|
$self->_warn('Could not determine site name'); |
331
|
|
|
|
|
|
|
} |
332
|
5
|
100
|
|
|
|
13
|
if($self->{logger}) { |
333
|
3
|
|
|
|
|
11
|
$self->{logger}->trace('Leaving _find_site_details'); |
334
|
|
|
|
|
|
|
} |
335
|
|
|
|
|
|
|
} |
336
|
|
|
|
|
|
|
|
337
|
|
|
|
|
|
|
=head2 domain_name |
338
|
|
|
|
|
|
|
|
339
|
|
|
|
|
|
|
Domain_name is the name of the controlling domain for this website. |
340
|
|
|
|
|
|
|
Usually it will be similar to host_name, but will lack the http:// prefix. |
341
|
|
|
|
|
|
|
|
342
|
|
|
|
|
|
|
=cut |
343
|
|
|
|
|
|
|
|
344
|
|
|
|
|
|
|
sub domain_name { |
345
|
5
|
|
|
5
|
1
|
15
|
my $self = shift; |
346
|
|
|
|
|
|
|
|
347
|
5
|
100
|
|
|
|
14
|
if($self->{domain}) { |
348
|
3
|
|
|
|
|
12
|
return $self->{domain}; |
349
|
|
|
|
|
|
|
} |
350
|
2
|
|
|
|
|
5
|
$self->_find_site_details(); |
351
|
|
|
|
|
|
|
|
352
|
2
|
50
|
|
|
|
9
|
if($self->{site}) { |
353
|
2
|
|
|
|
|
14
|
$self->{domain} = $self->{site}; |
354
|
2
|
100
|
|
|
|
11
|
if($self->{domain} =~ /^www\.(.+)/) { |
355
|
1
|
|
|
|
|
5
|
$self->{domain} = $1; |
356
|
|
|
|
|
|
|
} |
357
|
|
|
|
|
|
|
} |
358
|
|
|
|
|
|
|
|
359
|
2
|
|
|
|
|
9
|
return $self->{domain}; |
360
|
|
|
|
|
|
|
} |
361
|
|
|
|
|
|
|
|
362
|
|
|
|
|
|
|
=head2 cgi_host_url |
363
|
|
|
|
|
|
|
|
364
|
|
|
|
|
|
|
Return the URL of the machine running the CGI script. |
365
|
|
|
|
|
|
|
|
366
|
|
|
|
|
|
|
=cut |
367
|
|
|
|
|
|
|
|
368
|
|
|
|
|
|
|
sub cgi_host_url { |
369
|
7
|
|
|
7
|
1
|
36
|
my $self = shift; |
370
|
|
|
|
|
|
|
|
371
|
7
|
100
|
|
|
|
21
|
unless($self->{cgi_site}) { |
372
|
3
|
|
|
|
|
7
|
$self->_find_site_details(); |
373
|
|
|
|
|
|
|
} |
374
|
|
|
|
|
|
|
|
375
|
7
|
|
|
|
|
52
|
return $self->{cgi_site}; |
376
|
|
|
|
|
|
|
} |
377
|
|
|
|
|
|
|
|
378
|
|
|
|
|
|
|
=head2 params |
379
|
|
|
|
|
|
|
|
380
|
|
|
|
|
|
|
Returns a reference to a hash list of the CGI arguments. |
381
|
|
|
|
|
|
|
|
382
|
|
|
|
|
|
|
CGI::Info helps you to test your script prior to deployment on a website: |
383
|
|
|
|
|
|
|
if it is not in a CGI environment (e.g. the script is being tested from the |
384
|
|
|
|
|
|
|
command line), the program's command line arguments (a list of key=value pairs) |
385
|
|
|
|
|
|
|
are used, if there are no command line arguments then they are read from stdin |
386
|
|
|
|
|
|
|
as a list of key=value lines. Also you can give one of --tablet, --search-engine, |
387
|
|
|
|
|
|
|
--mobile and --robot to mimic those agents. For example: |
388
|
|
|
|
|
|
|
|
389
|
|
|
|
|
|
|
./script.cgi --mobile name=Nigel |
390
|
|
|
|
|
|
|
|
391
|
|
|
|
|
|
|
Returns undef if the parameters can't be determined or if none were given. |
392
|
|
|
|
|
|
|
|
393
|
|
|
|
|
|
|
If an argument is given twice or more, then the values are put in a comma |
394
|
|
|
|
|
|
|
separated string. |
395
|
|
|
|
|
|
|
|
396
|
|
|
|
|
|
|
The returned hash value can be passed into L. |
397
|
|
|
|
|
|
|
|
398
|
|
|
|
|
|
|
Takes four optional parameters: allow, expect, logger and upload_dir. |
399
|
|
|
|
|
|
|
The parameters are passed in a hash, or a reference to a hash. |
400
|
|
|
|
|
|
|
The latter is more efficient since it puts less on the stack. |
401
|
|
|
|
|
|
|
|
402
|
|
|
|
|
|
|
Allow is a reference to a hash list of CGI parameters that you will allow. |
403
|
|
|
|
|
|
|
The value for each entry is a regular expression of permitted values for |
404
|
|
|
|
|
|
|
the key. |
405
|
|
|
|
|
|
|
A undef value means that any value will be allowed. |
406
|
|
|
|
|
|
|
Arguments not in the list are silently ignored. |
407
|
|
|
|
|
|
|
This is useful to help to block attacks on your site. |
408
|
|
|
|
|
|
|
|
409
|
|
|
|
|
|
|
Expect is a reference to a list of arguments that you expect to see and pass on. |
410
|
|
|
|
|
|
|
Arguments not in the list are silently ignored. |
411
|
|
|
|
|
|
|
This is useful to help to block attacks on your site. |
412
|
|
|
|
|
|
|
Its use is deprecated, use allow instead. |
413
|
|
|
|
|
|
|
Expect will be removed in a later version. |
414
|
|
|
|
|
|
|
|
415
|
|
|
|
|
|
|
Upload_dir is a string containing a directory where files being uploaded are to |
416
|
|
|
|
|
|
|
be stored. |
417
|
|
|
|
|
|
|
|
418
|
|
|
|
|
|
|
Takes optional parameter logger, an object which is used for warnings and |
419
|
|
|
|
|
|
|
traces. |
420
|
|
|
|
|
|
|
This logger object is an object that understands warn() and trace() messages, |
421
|
|
|
|
|
|
|
such as a L or L object. |
422
|
|
|
|
|
|
|
|
423
|
|
|
|
|
|
|
The allow, expect, logger and upload_dir arguments can also be passed to the |
424
|
|
|
|
|
|
|
constructor. |
425
|
|
|
|
|
|
|
|
426
|
|
|
|
|
|
|
use CGI::Info; |
427
|
|
|
|
|
|
|
use CGI::Untaint; |
428
|
|
|
|
|
|
|
# ... |
429
|
|
|
|
|
|
|
my $info = CGI::Info->new(); |
430
|
|
|
|
|
|
|
my %params; |
431
|
|
|
|
|
|
|
if($info->params()) { |
432
|
|
|
|
|
|
|
%params = %{$info->params()}; |
433
|
|
|
|
|
|
|
} |
434
|
|
|
|
|
|
|
# ... |
435
|
|
|
|
|
|
|
foreach(keys %params) { |
436
|
|
|
|
|
|
|
print "$_ => $params{$_}\n"; |
437
|
|
|
|
|
|
|
} |
438
|
|
|
|
|
|
|
my $u = CGI::Untaint->new(%params); |
439
|
|
|
|
|
|
|
|
440
|
|
|
|
|
|
|
use CGI::Info; |
441
|
|
|
|
|
|
|
use CGI::IDS; |
442
|
|
|
|
|
|
|
# ... |
443
|
|
|
|
|
|
|
my $info = CGI::Info->new(); |
444
|
|
|
|
|
|
|
my $allowed = { |
445
|
|
|
|
|
|
|
'foo' => qr(^\d*$), # foo must be a number, or empty |
446
|
|
|
|
|
|
|
'bar' => undef, |
447
|
|
|
|
|
|
|
'xyzzy' => qr(^[\w\s-]+$), # must be alphanumeric |
448
|
|
|
|
|
|
|
# to prevent XSS, and non-empty |
449
|
|
|
|
|
|
|
# as a sanity check |
450
|
|
|
|
|
|
|
}; |
451
|
|
|
|
|
|
|
my $paramsref = $info->params(allow => $allowed); |
452
|
|
|
|
|
|
|
# or |
453
|
|
|
|
|
|
|
my @expected = ('foo', 'bar'); |
454
|
|
|
|
|
|
|
my $paramsref = $info->params({ |
455
|
|
|
|
|
|
|
expect => \@expected, |
456
|
|
|
|
|
|
|
upload_dir = $info->tmpdir() |
457
|
|
|
|
|
|
|
}); |
458
|
|
|
|
|
|
|
if(defined($paramsref)) { |
459
|
|
|
|
|
|
|
my $ids = CGI::IDS->new(); |
460
|
|
|
|
|
|
|
$ids->set_scan_keys(scan_keys => 1); |
461
|
|
|
|
|
|
|
if($ids->detect_attacks(request => $paramsref) > 0) { |
462
|
|
|
|
|
|
|
die 'horribly'; |
463
|
|
|
|
|
|
|
} |
464
|
|
|
|
|
|
|
} |
465
|
|
|
|
|
|
|
|
466
|
|
|
|
|
|
|
If the request is an XML request (i.e. the content type of the POST is text/xml), |
467
|
|
|
|
|
|
|
CGI::Info will put the request into the params element 'XML', thus: |
468
|
|
|
|
|
|
|
|
469
|
|
|
|
|
|
|
use CGI::Info; |
470
|
|
|
|
|
|
|
# ... |
471
|
|
|
|
|
|
|
my $info = CGI::Info->new(); |
472
|
|
|
|
|
|
|
my $paramsref = $info->params(); # See BUGS below |
473
|
|
|
|
|
|
|
my $xml = $$paramsref{'XML'}; |
474
|
|
|
|
|
|
|
# ... parse and process the XML request in $xml |
475
|
|
|
|
|
|
|
|
476
|
|
|
|
|
|
|
=cut |
477
|
|
|
|
|
|
|
|
478
|
|
|
|
|
|
|
sub params { |
479
|
162
|
|
|
162
|
1
|
6682
|
my $self = shift; |
480
|
|
|
|
|
|
|
|
481
|
162
|
100
|
|
|
|
449
|
my %args = (ref($_[0]) eq 'HASH') ? %{$_[0]} : @_; |
|
4
|
|
|
|
|
17
|
|
482
|
|
|
|
|
|
|
|
483
|
162
|
100
|
66
|
|
|
630
|
if((defined($self->{paramref})) && ((!defined($args{'allow'})) || defined($self->{allow}) && ($args{'allow'} eq $self->{allow}))) { |
|
|
|
66
|
|
|
|
|
484
|
93
|
|
|
|
|
440
|
return $self->{paramref}; |
485
|
|
|
|
|
|
|
} |
486
|
|
|
|
|
|
|
|
487
|
69
|
100
|
|
|
|
173
|
if(defined($args{allow})) { |
488
|
4
|
|
|
|
|
9
|
$self->{allow} = $args{allow}; |
489
|
|
|
|
|
|
|
} |
490
|
69
|
100
|
|
|
|
150
|
if(defined($args{expect})) { |
491
|
3
|
100
|
|
|
|
10
|
if(ref($args{expect}) eq 'ARRAY') { |
492
|
2
|
|
|
|
|
4
|
$self->{expect} = $args{expect}; |
493
|
|
|
|
|
|
|
} else { |
494
|
1
|
|
|
|
|
3
|
$self->_warn('expect must be a reference to an array'); |
495
|
|
|
|
|
|
|
} |
496
|
|
|
|
|
|
|
} |
497
|
69
|
100
|
|
|
|
811
|
if(defined($args{upload_dir})) { |
498
|
1
|
|
|
|
|
10
|
$self->{upload_dir} = $args{upload_dir}; |
499
|
|
|
|
|
|
|
} |
500
|
69
|
100
|
|
|
|
146
|
if(defined($args{logger})) { |
501
|
1
|
|
|
|
|
4
|
$self->{logger} = $args{logger}; |
502
|
|
|
|
|
|
|
} |
503
|
69
|
100
|
|
|
|
159
|
if($self->{logger}) { |
504
|
2
|
|
|
|
|
12
|
$self->{logger}->trace('Entering params'); |
505
|
|
|
|
|
|
|
} |
506
|
|
|
|
|
|
|
|
507
|
69
|
|
|
|
|
119
|
my @pairs; |
508
|
69
|
|
|
|
|
119
|
my $content_type = $ENV{'CONTENT_TYPE'}; |
509
|
69
|
|
|
|
|
125
|
my %FORM; |
510
|
|
|
|
|
|
|
|
511
|
69
|
100
|
66
|
|
|
479
|
if((!$ENV{'GATEWAY_INTERFACE'}) || (!$ENV{'REQUEST_METHOD'})) { |
|
|
100
|
100
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
512
|
6
|
100
|
|
|
|
17
|
if(@ARGV) { |
|
|
50
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
513
|
5
|
|
|
|
|
11
|
@pairs = @ARGV; |
514
|
5
|
50
|
|
|
|
12
|
if(defined($pairs[0])) { |
515
|
5
|
100
|
|
|
|
26
|
if($pairs[0] eq '--robot') { |
|
|
100
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
516
|
1
|
|
|
|
|
5
|
$self->{is_robot} = 1; |
517
|
1
|
|
|
|
|
3
|
shift @pairs; |
518
|
|
|
|
|
|
|
} elsif($pairs[0] eq '--mobile') { |
519
|
1
|
|
|
|
|
4
|
$self->{is_mobile} = 1; |
520
|
1
|
|
|
|
|
3
|
shift @pairs; |
521
|
|
|
|
|
|
|
} elsif($pairs[0] eq '--search-engine') { |
522
|
1
|
|
|
|
|
3
|
$self->{is_search_engine} = 1; |
523
|
1
|
|
|
|
|
2
|
shift @pairs; |
524
|
|
|
|
|
|
|
} elsif($pairs[0] eq '--tablet') { |
525
|
1
|
|
|
|
|
2
|
$self->{is_tablet} = 1; |
526
|
1
|
|
|
|
|
3
|
shift @pairs; |
527
|
|
|
|
|
|
|
} |
528
|
|
|
|
|
|
|
} |
529
|
|
|
|
|
|
|
} elsif($stdin_data) { |
530
|
0
|
|
|
|
|
0
|
@pairs = split(/\n/, $stdin_data); |
531
|
|
|
|
|
|
|
} elsif(!$self->{args_read}) { |
532
|
1
|
|
|
|
|
4
|
my $oldfh = select(STDOUT); |
533
|
1
|
|
|
|
|
309
|
print "Entering debug mode\n", |
534
|
|
|
|
|
|
|
"Enter key=value pairs - end with quit\n"; |
535
|
1
|
|
|
|
|
13
|
select($oldfh); |
536
|
|
|
|
|
|
|
|
537
|
|
|
|
|
|
|
# Avoid prompting for the arguments more than once |
538
|
|
|
|
|
|
|
# if just 'quit' is entered |
539
|
1
|
|
|
|
|
4
|
$self->{args_read} = 1; |
540
|
|
|
|
|
|
|
|
541
|
1
|
|
|
|
|
8
|
while() { |
542
|
2
|
|
|
|
|
29
|
chop(my $line = $_); |
543
|
2
|
|
|
|
|
6
|
$line =~ s/[\r\n]//g; |
544
|
2
|
100
|
|
|
|
10
|
last if $line eq 'quit'; |
545
|
1
|
|
|
|
|
4
|
push(@pairs, $line); |
546
|
1
|
|
|
|
|
5
|
$stdin_data .= "$line\n"; |
547
|
|
|
|
|
|
|
} |
548
|
|
|
|
|
|
|
} |
549
|
|
|
|
|
|
|
} elsif(($ENV{'REQUEST_METHOD'} eq 'GET') || ($ENV{'REQUEST_METHOD'} eq 'HEAD')) { |
550
|
44
|
100
|
|
|
|
129
|
if(my $query = $ENV{'QUERY_STRING'}) { |
551
|
41
|
100
|
66
|
|
|
119
|
if((defined($content_type)) && ($content_type =~ /multipart\/form-data/i)) { |
552
|
1
|
|
|
|
|
5
|
$self->_warn('Multipart/form-data not supported for GET'); |
553
|
|
|
|
|
|
|
} |
554
|
40
|
|
|
|
|
90
|
$query =~ s/\\u0026/\&/g; |
555
|
40
|
|
|
|
|
131
|
@pairs = split(/&/, $query); |
556
|
|
|
|
|
|
|
} else { |
557
|
3
|
|
|
|
|
22
|
return; |
558
|
|
|
|
|
|
|
} |
559
|
|
|
|
|
|
|
} elsif($ENV{'REQUEST_METHOD'} eq 'POST') { |
560
|
16
|
100
|
|
|
|
52
|
if(!defined($ENV{'CONTENT_LENGTH'})) { |
561
|
2
|
|
|
|
|
8
|
$self->{status} = 411; |
562
|
2
|
|
|
|
|
9
|
return; |
563
|
|
|
|
|
|
|
} |
564
|
14
|
|
|
|
|
33
|
my $content_length = $ENV{'CONTENT_LENGTH'}; |
565
|
14
|
50
|
33
|
|
|
140
|
if(($self->{max_upload_size} >= 0) && ($content_length > $self->{max_upload_size})) { # Set maximum posts |
566
|
|
|
|
|
|
|
# TODO: Design a way to tell the caller to send HTTP |
567
|
|
|
|
|
|
|
# status 413 |
568
|
0
|
|
|
|
|
0
|
$self->{status} = 413; |
569
|
0
|
|
|
|
|
0
|
$self->_warn('Large upload prohibited'); |
570
|
0
|
|
|
|
|
0
|
return; |
571
|
|
|
|
|
|
|
} |
572
|
|
|
|
|
|
|
|
573
|
14
|
100
|
66
|
|
|
119
|
if((!defined($content_type)) || ($content_type =~ /application\/x-www-form-urlencoded/)) { |
|
|
100
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
574
|
3
|
|
|
|
|
7
|
my $buffer; |
575
|
3
|
100
|
|
|
|
12
|
if($stdin_data) { |
576
|
1
|
|
|
|
|
10
|
$buffer = $stdin_data; |
577
|
|
|
|
|
|
|
} else { |
578
|
2
|
100
|
|
|
|
17
|
if(read(STDIN, $buffer, $content_length) != $content_length) { |
579
|
1
|
|
|
|
|
4
|
$self->_warn('POST failed: something else may have read STDIN'); |
580
|
|
|
|
|
|
|
} |
581
|
2
|
|
|
|
|
348
|
$stdin_data = $buffer; |
582
|
|
|
|
|
|
|
} |
583
|
3
|
|
|
|
|
19
|
@pairs = split(/&/, $buffer); |
584
|
|
|
|
|
|
|
|
585
|
|
|
|
|
|
|
# if($ENV{'QUERY_STRING'}) { |
586
|
|
|
|
|
|
|
# my @getpairs = split(/&/, $ENV{'QUERY_STRING'}); |
587
|
|
|
|
|
|
|
# push(@pairs, @getpairs); |
588
|
|
|
|
|
|
|
# } |
589
|
|
|
|
|
|
|
} elsif($content_type =~ /multipart\/form-data/i) { |
590
|
8
|
100
|
|
|
|
21
|
if(!defined($self->{upload_dir})) { |
591
|
1
|
|
|
|
|
5
|
$self->_warn({ |
592
|
|
|
|
|
|
|
warning => 'Attempt to upload a file when upload_dir has not been set' |
593
|
|
|
|
|
|
|
}); |
594
|
0
|
|
|
|
|
0
|
return; |
595
|
|
|
|
|
|
|
} |
596
|
7
|
100
|
|
|
|
52
|
if(!File::Spec->file_name_is_absolute($self->{upload_dir})) { |
597
|
1
|
|
|
|
|
16
|
$self->_warn({ |
598
|
|
|
|
|
|
|
warning => "upload_dir $self->{upload_dir} isn't a full pathname" |
599
|
|
|
|
|
|
|
}); |
600
|
0
|
|
|
|
|
0
|
delete $self->{upload_dir}; |
601
|
0
|
|
|
|
|
0
|
return; |
602
|
|
|
|
|
|
|
} |
603
|
6
|
100
|
|
|
|
216
|
if(!-d $self->{upload_dir}) { |
604
|
2
|
|
|
|
|
22
|
$self->_warn({ |
605
|
|
|
|
|
|
|
warning => "upload_dir $self->{upload_dir} isn't a directory" |
606
|
|
|
|
|
|
|
}); |
607
|
0
|
|
|
|
|
0
|
delete $self->{upload_dir}; |
608
|
0
|
|
|
|
|
0
|
return; |
609
|
|
|
|
|
|
|
} |
610
|
4
|
50
|
|
|
|
51
|
if(!-w $self->{upload_dir}) { |
611
|
0
|
|
|
|
|
0
|
delete $self->{paramref}; |
612
|
0
|
|
|
|
|
0
|
$self->_warn({ |
613
|
|
|
|
|
|
|
warning => "upload_dir $self->{upload_dir} isn't writeable" |
614
|
|
|
|
|
|
|
}); |
615
|
0
|
|
|
|
|
0
|
delete $self->{upload_dir}; |
616
|
0
|
|
|
|
|
0
|
return; |
617
|
|
|
|
|
|
|
} |
618
|
4
|
50
|
|
|
|
27
|
if($content_type =~ /boundary=(\S+)$/) { |
619
|
4
|
|
|
|
|
26
|
@pairs = $self->_multipart_data({ |
620
|
|
|
|
|
|
|
length => $content_length, |
621
|
|
|
|
|
|
|
boundary => $1 |
622
|
|
|
|
|
|
|
}); |
623
|
|
|
|
|
|
|
} |
624
|
|
|
|
|
|
|
} elsif($content_type =~ /text\/xml/i) { |
625
|
1
|
|
|
|
|
2
|
my $buffer; |
626
|
1
|
50
|
|
|
|
2
|
if($stdin_data) { |
627
|
0
|
|
|
|
|
0
|
$buffer = $stdin_data; |
628
|
|
|
|
|
|
|
} else { |
629
|
1
|
50
|
|
|
|
7
|
if(read(STDIN, $buffer, $content_length) != $content_length) { |
630
|
0
|
|
|
|
|
0
|
$self->_warn({ |
631
|
|
|
|
|
|
|
warning => 'XML failed: something else may have read STDIN' |
632
|
|
|
|
|
|
|
}); |
633
|
|
|
|
|
|
|
} |
634
|
1
|
|
|
|
|
4
|
$stdin_data = $buffer; |
635
|
|
|
|
|
|
|
} |
636
|
|
|
|
|
|
|
|
637
|
1
|
|
|
|
|
3
|
$FORM{XML} = $buffer; |
638
|
|
|
|
|
|
|
|
639
|
1
|
|
|
|
|
4
|
$self->{paramref} = \%FORM; |
640
|
|
|
|
|
|
|
|
641
|
1
|
|
|
|
|
7
|
return \%FORM; |
642
|
|
|
|
|
|
|
} elsif($content_type =~ /application\/json/i) { |
643
|
1
|
|
|
|
|
2
|
my $buffer; |
644
|
1
|
50
|
|
|
|
2
|
if($stdin_data) { |
645
|
0
|
|
|
|
|
0
|
$buffer = $stdin_data; |
646
|
|
|
|
|
|
|
} else { |
647
|
1
|
|
|
|
|
7
|
require JSON::MaybeXS; |
648
|
1
|
|
|
|
|
31
|
JSON::MaybeXS->import(); |
649
|
|
|
|
|
|
|
|
650
|
1
|
50
|
|
|
|
8
|
if(read(STDIN, $buffer, $content_length) != $content_length) { |
651
|
0
|
|
|
|
|
0
|
$self->_warn({ |
652
|
|
|
|
|
|
|
warning => 'read failed: something else may have read STDIN' |
653
|
|
|
|
|
|
|
}); |
654
|
|
|
|
|
|
|
} |
655
|
1
|
|
|
|
|
3
|
$stdin_data = $buffer; |
656
|
|
|
|
|
|
|
# JSON::Parse::assert_valid_json($buffer); |
657
|
|
|
|
|
|
|
# my $paramref = JSON::Parse::parse_json($buffer); |
658
|
1
|
|
|
|
|
11
|
my $paramref = decode_json($buffer); |
659
|
1
|
|
|
|
|
3
|
foreach my $key(keys(%{$paramref})) { |
|
1
|
|
|
|
|
3
|
|
660
|
2
|
|
|
|
|
10
|
push @pairs, "$key=" . $paramref->{$key}; |
661
|
|
|
|
|
|
|
} |
662
|
|
|
|
|
|
|
} |
663
|
|
|
|
|
|
|
} else { |
664
|
1
|
|
|
|
|
2
|
my $buffer; |
665
|
1
|
50
|
|
|
|
4
|
if($stdin_data) { |
666
|
0
|
|
|
|
|
0
|
$buffer = $stdin_data; |
667
|
|
|
|
|
|
|
} else { |
668
|
1
|
50
|
|
|
|
10
|
if(read(STDIN, $buffer, $content_length) != $content_length) { |
669
|
0
|
|
|
|
|
0
|
$self->_warn({ |
670
|
|
|
|
|
|
|
warning => 'read failed: something else may have read STDIN' |
671
|
|
|
|
|
|
|
}); |
672
|
|
|
|
|
|
|
} |
673
|
1
|
|
|
|
|
3
|
$stdin_data = $buffer; |
674
|
|
|
|
|
|
|
} |
675
|
|
|
|
|
|
|
|
676
|
1
|
|
|
|
|
8
|
$self->_warn({ |
677
|
|
|
|
|
|
|
warning => "POST: Invalid or unsupported content type: $content_type: $buffer", |
678
|
|
|
|
|
|
|
}); |
679
|
|
|
|
|
|
|
} |
680
|
|
|
|
|
|
|
} elsif($ENV{'REQUEST_METHOD'} eq 'OPTIONS') { |
681
|
0
|
|
|
|
|
0
|
$self->{status} = 405; |
682
|
0
|
|
|
|
|
0
|
return; |
683
|
|
|
|
|
|
|
} elsif($ENV{'REQUEST_METHOD'} eq 'DELETE') { |
684
|
1
|
|
|
|
|
18
|
$self->{status} = 405; |
685
|
1
|
|
|
|
|
6
|
return; |
686
|
|
|
|
|
|
|
} else { |
687
|
|
|
|
|
|
|
# TODO: Design a way to tell the caller to send HTTP |
688
|
|
|
|
|
|
|
# status 501 |
689
|
2
|
|
|
|
|
5
|
$self->{status} = 501; |
690
|
2
|
|
|
|
|
11
|
$self->_warn({ |
691
|
|
|
|
|
|
|
warning => 'Use POST, GET or HEAD' |
692
|
|
|
|
|
|
|
}); |
693
|
|
|
|
|
|
|
} |
694
|
|
|
|
|
|
|
|
695
|
53
|
100
|
|
|
|
474
|
unless(scalar @pairs) { |
696
|
1
|
|
|
|
|
3
|
return; |
697
|
|
|
|
|
|
|
} |
698
|
|
|
|
|
|
|
|
699
|
52
|
|
|
|
|
3372
|
require String::Clean::XSS; |
700
|
52
|
|
|
|
|
120180
|
String::Clean::XSS->import(); |
701
|
|
|
|
|
|
|
# require String::EscapeCage; |
702
|
|
|
|
|
|
|
# String::EscapeCage->import(); |
703
|
|
|
|
|
|
|
|
704
|
52
|
|
|
|
|
146
|
foreach my $arg (@pairs) { |
705
|
102
|
|
|
|
|
364
|
my($key, $value) = split(/=/, $arg, 2); |
706
|
|
|
|
|
|
|
|
707
|
102
|
100
|
|
|
|
273
|
next unless($key); |
708
|
|
|
|
|
|
|
|
709
|
98
|
|
|
|
|
229
|
$key =~ s/%([a-fA-F\d][a-fA-F\d])/pack("C", hex($1))/eg; |
|
1
|
|
|
|
|
6
|
|
710
|
98
|
|
|
|
|
214
|
$key =~ tr/+/ /; |
711
|
98
|
50
|
|
|
|
209
|
if(defined($value)) { |
712
|
98
|
|
|
|
|
163
|
$value =~ s/%([a-fA-F\d][a-fA-F\d])/pack("C", hex($1))/eg; |
|
17
|
|
|
|
|
67
|
|
713
|
98
|
|
|
|
|
147
|
$value =~ tr/+/ /; |
714
|
|
|
|
|
|
|
} else { |
715
|
0
|
|
|
|
|
0
|
$value = ''; |
716
|
|
|
|
|
|
|
} |
717
|
|
|
|
|
|
|
|
718
|
98
|
|
|
|
|
213
|
$key = _sanitise_input($key); |
719
|
|
|
|
|
|
|
|
720
|
98
|
100
|
|
|
|
305384
|
if($self->{allow}) { |
721
|
|
|
|
|
|
|
# Is this a permitted argument? |
722
|
25
|
100
|
|
|
|
78
|
if(!exists($self->{allow}->{$key})) { |
723
|
11
|
50
|
|
|
|
24
|
if($self->{logger}) { |
724
|
0
|
|
|
|
|
0
|
$self->{logger}->info("discard $key"); |
725
|
|
|
|
|
|
|
} |
726
|
11
|
|
|
|
|
24
|
next; |
727
|
|
|
|
|
|
|
} |
728
|
|
|
|
|
|
|
|
729
|
|
|
|
|
|
|
# Do we allow any value, or must it be validated? |
730
|
14
|
100
|
|
|
|
39
|
if(defined($self->{allow}->{$key})) { |
731
|
9
|
100
|
|
|
|
47
|
if($value !~ $self->{allow}->{$key}) { |
732
|
7
|
50
|
|
|
|
16
|
if($self->{logger}) { |
733
|
0
|
|
|
|
|
0
|
$self->{logger}->info("block $key = $value"); |
734
|
|
|
|
|
|
|
} |
735
|
7
|
|
|
|
|
17
|
next; |
736
|
|
|
|
|
|
|
} |
737
|
|
|
|
|
|
|
} |
738
|
|
|
|
|
|
|
} |
739
|
|
|
|
|
|
|
|
740
|
80
|
100
|
100
|
5
|
|
260
|
if($self->{expect} && (List::MoreUtils::none { $_ eq $key } @{$self->{expect}})) { |
|
5
|
|
|
|
|
23
|
|
|
5
|
|
|
|
|
20
|
|
741
|
2
|
|
|
|
|
8
|
next; |
742
|
|
|
|
|
|
|
} |
743
|
78
|
|
|
|
|
157
|
$value = _sanitise_input($value); |
744
|
|
|
|
|
|
|
|
745
|
78
|
100
|
100
|
|
|
163150
|
if((!defined($ENV{'REQUEST_METHOD'})) || ($ENV{'REQUEST_METHOD'} eq 'GET')) { |
746
|
|
|
|
|
|
|
# From http://www.symantec.com/connect/articles/detection-sql-injection-and-cross-site-scripting-attacks |
747
|
67
|
50
|
66
|
|
|
1236
|
if(($value =~ /(\%27)|(\')|(\-\-)|(\%23)|(\#)/ix) || |
|
|
|
66
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
|
33
|
|
|
|
|
748
|
|
|
|
|
|
|
($value =~ /((\%3D)|(=))[^\n]*((\%27)|(\')|(\-\-)|(\%3B)|(;))/i) || |
749
|
|
|
|
|
|
|
($value =~ /\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix) || |
750
|
|
|
|
|
|
|
($value =~ /((\%27)|(\'))union/ix) || |
751
|
|
|
|
|
|
|
($value =~ /select[[a-z]\s\*]from/ix) || |
752
|
|
|
|
|
|
|
($value =~ /\sAND\s1=1/ix) || |
753
|
|
|
|
|
|
|
($value =~ /exec(\s|\+)+(s|x)p\w+/ix)) { |
754
|
3
|
50
|
|
|
|
8
|
if($self->{logger}) { |
755
|
0
|
0
|
|
|
|
0
|
if($ENV{'REMOTE_ADDR'}) { |
756
|
0
|
|
|
|
|
0
|
$self->{logger}->warn($ENV{'REMOTE_ADDR'}, ": SQL injection attempt blocked for '$value'"); |
757
|
|
|
|
|
|
|
} else { |
758
|
0
|
|
|
|
|
0
|
$self->{logger}->warn("SQL injection attempt blocked for '$value'"); |
759
|
|
|
|
|
|
|
} |
760
|
|
|
|
|
|
|
} |
761
|
3
|
|
|
|
|
12
|
$self->status(403); |
762
|
3
|
|
|
|
|
18
|
return; |
763
|
|
|
|
|
|
|
} |
764
|
64
|
50
|
33
|
|
|
316
|
if(($value =~ /((\%3C)|<)((\%2F)|\/)*[a-z0-9\%]+((\%3E)|>)/ix) || |
765
|
|
|
|
|
|
|
($value =~ /((\%3C)|<)[^\n]+((\%3E)|>)/i)) { |
766
|
0
|
0
|
|
|
|
0
|
if($self->{logger}) { |
767
|
0
|
|
|
|
|
0
|
$self->{logger}->warn("XSS injection attempt blocked for '$value'"); |
768
|
|
|
|
|
|
|
} |
769
|
0
|
|
|
|
|
0
|
$self->status(403); |
770
|
0
|
|
|
|
|
0
|
return; |
771
|
|
|
|
|
|
|
} |
772
|
64
|
50
|
|
|
|
167
|
if($value eq '../') { |
773
|
0
|
0
|
|
|
|
0
|
if($self->{logger}) { |
774
|
0
|
|
|
|
|
0
|
$self->{logger}->warn("Blocked directory traversal attack for $key"); |
775
|
|
|
|
|
|
|
} |
776
|
0
|
|
|
|
|
0
|
$self->status(403); |
777
|
0
|
|
|
|
|
0
|
return; |
778
|
|
|
|
|
|
|
} |
779
|
|
|
|
|
|
|
} |
780
|
75
|
100
|
|
|
|
200
|
if(length($value) > 0) { |
781
|
|
|
|
|
|
|
# Don't add if it's already there |
782
|
71
|
100
|
100
|
|
|
233
|
if($FORM{$key} && ($FORM{$key} ne $value)) { |
783
|
5
|
|
|
|
|
25
|
$FORM{$key} .= ",$value"; |
784
|
|
|
|
|
|
|
} else { |
785
|
66
|
|
|
|
|
236
|
$FORM{$key} = $value; |
786
|
|
|
|
|
|
|
} |
787
|
|
|
|
|
|
|
} |
788
|
|
|
|
|
|
|
} |
789
|
|
|
|
|
|
|
|
790
|
49
|
100
|
|
|
|
119
|
unless(%FORM) { |
791
|
9
|
|
|
|
|
45
|
return; |
792
|
|
|
|
|
|
|
} |
793
|
|
|
|
|
|
|
|
794
|
40
|
100
|
|
|
|
99
|
if($self->{logger}) { |
795
|
2
|
|
|
|
|
18
|
while(my ($key,$value) = each %FORM) { |
796
|
4
|
|
|
|
|
34
|
$self->{logger}->debug("$key=$value"); |
797
|
4
|
|
|
|
|
38
|
$log->debug("$key=$value"); |
798
|
|
|
|
|
|
|
} |
799
|
|
|
|
|
|
|
} |
800
|
|
|
|
|
|
|
|
801
|
40
|
|
|
|
|
103
|
$self->{paramref} = \%FORM; |
802
|
|
|
|
|
|
|
|
803
|
40
|
|
|
|
|
278
|
return \%FORM; |
804
|
|
|
|
|
|
|
} |
805
|
|
|
|
|
|
|
|
806
|
|
|
|
|
|
|
=head2 param |
807
|
|
|
|
|
|
|
|
808
|
|
|
|
|
|
|
Get a single parameter. |
809
|
|
|
|
|
|
|
Takes an optional single string parameter which is the argument to return. If |
810
|
|
|
|
|
|
|
that parameter is not given param() is a wrapper to params() with no arguments. |
811
|
|
|
|
|
|
|
|
812
|
|
|
|
|
|
|
use CGI::Info; |
813
|
|
|
|
|
|
|
# ... |
814
|
|
|
|
|
|
|
my $info = CGI::Info->new(); |
815
|
|
|
|
|
|
|
my $bar = $info->param('foo'); |
816
|
|
|
|
|
|
|
|
817
|
|
|
|
|
|
|
If the requested parameter isn't in the allowed list, an error message will |
818
|
|
|
|
|
|
|
be thrown: |
819
|
|
|
|
|
|
|
|
820
|
|
|
|
|
|
|
use CGI::Info; |
821
|
|
|
|
|
|
|
my $allowed = { |
822
|
|
|
|
|
|
|
'foo' => qr(\d+), |
823
|
|
|
|
|
|
|
}; |
824
|
|
|
|
|
|
|
my $xyzzy = $info->params(allow => $allowed); |
825
|
|
|
|
|
|
|
my $bar = $info->param('bar'); # Gives an error message |
826
|
|
|
|
|
|
|
|
827
|
|
|
|
|
|
|
Returns undef if the requested parameter was not given |
828
|
|
|
|
|
|
|
|
829
|
|
|
|
|
|
|
=cut |
830
|
|
|
|
|
|
|
|
831
|
|
|
|
|
|
|
sub param { |
832
|
26
|
|
|
26
|
1
|
2837
|
my ($self, $field) = @_; |
833
|
|
|
|
|
|
|
|
834
|
26
|
100
|
|
|
|
66
|
if(!defined($field)) { |
835
|
1
|
|
|
|
|
5
|
return $self->params(); |
836
|
|
|
|
|
|
|
} |
837
|
|
|
|
|
|
|
# Is this a permitted argument? |
838
|
25
|
100
|
100
|
|
|
95
|
if($self->{allow} && !exists($self->{allow}->{$field})) { |
839
|
4
|
|
|
|
|
20
|
$self->_warn({ |
840
|
|
|
|
|
|
|
warning => "param: $field isn't in the allow list" |
841
|
|
|
|
|
|
|
}); |
842
|
0
|
|
|
|
|
0
|
return; |
843
|
|
|
|
|
|
|
} |
844
|
|
|
|
|
|
|
|
845
|
21
|
100
|
|
|
|
49
|
if(defined($self->params())) { |
846
|
20
|
|
|
|
|
48
|
return $self->params()->{$field}; |
847
|
|
|
|
|
|
|
} |
848
|
1
|
|
|
|
|
6
|
return; |
849
|
|
|
|
|
|
|
} |
850
|
|
|
|
|
|
|
|
851
|
|
|
|
|
|
|
# Emit a warning message somewhere |
852
|
|
|
|
|
|
|
sub _warn { |
853
|
19
|
|
|
19
|
|
68
|
my $self = shift; |
854
|
|
|
|
|
|
|
|
855
|
19
|
|
|
|
|
30
|
my %params; |
856
|
19
|
100
|
|
|
|
78
|
if(ref($_[0]) eq 'HASH') { |
|
|
50
|
|
|
|
|
|
857
|
11
|
|
|
|
|
17
|
%params = %{$_[0]}; |
|
11
|
|
|
|
|
45
|
|
858
|
|
|
|
|
|
|
} elsif(scalar(@_) % 2 == 0) { |
859
|
0
|
|
|
|
|
0
|
%params = @_; |
860
|
|
|
|
|
|
|
} else { |
861
|
8
|
|
|
|
|
19
|
$params{'warning'} = shift; |
862
|
|
|
|
|
|
|
} |
863
|
|
|
|
|
|
|
|
864
|
19
|
|
|
|
|
42
|
my $warning = $params{'warning'}; |
865
|
|
|
|
|
|
|
|
866
|
19
|
50
|
|
|
|
45
|
return unless($warning); |
867
|
19
|
50
|
|
|
|
58
|
if($self eq __PACKAGE__) { |
868
|
|
|
|
|
|
|
# Called from class method |
869
|
0
|
|
|
|
|
0
|
carp($warning); |
870
|
0
|
|
|
|
|
0
|
return; |
871
|
|
|
|
|
|
|
} |
872
|
|
|
|
|
|
|
# return if($self eq __PACKAGE__); # Called from class method |
873
|
|
|
|
|
|
|
|
874
|
19
|
50
|
|
|
|
45
|
if($self->{syslog}) { |
875
|
0
|
|
|
|
|
0
|
require Sys::Syslog; |
876
|
|
|
|
|
|
|
|
877
|
0
|
|
|
|
|
0
|
Sys::Syslog->import(); |
878
|
0
|
0
|
|
|
|
0
|
if(ref($self->{syslog} eq 'HASH')) { |
879
|
0
|
|
|
|
|
0
|
Sys::Syslog::setlogsock($self->{syslog}); |
880
|
|
|
|
|
|
|
} |
881
|
0
|
|
|
|
|
0
|
openlog($self->script_name(), 'cons,pid', 'user'); |
882
|
0
|
|
|
|
|
0
|
syslog('warning', $warning); |
883
|
0
|
|
|
|
|
0
|
closelog(); |
884
|
|
|
|
|
|
|
} |
885
|
|
|
|
|
|
|
|
886
|
19
|
50
|
|
|
|
78
|
if($self->{logger}) { |
|
|
50
|
|
|
|
|
|
887
|
0
|
|
|
|
|
0
|
$self->{logger}->warn($warning); |
888
|
|
|
|
|
|
|
} elsif(!defined($self->{syslog})) { |
889
|
19
|
|
|
|
|
295
|
Carp::carp($warning); |
890
|
|
|
|
|
|
|
} |
891
|
|
|
|
|
|
|
} |
892
|
|
|
|
|
|
|
|
893
|
|
|
|
|
|
|
sub _sanitise_input($) { |
894
|
176
|
|
|
176
|
|
313
|
my $arg = shift; |
895
|
|
|
|
|
|
|
|
896
|
|
|
|
|
|
|
# Remove hacking attempts and spaces |
897
|
176
|
|
|
|
|
358
|
$arg =~ s/[\r\n]//g; |
898
|
176
|
|
|
|
|
320
|
$arg =~ s/\s+$//; |
899
|
176
|
|
|
|
|
347
|
$arg =~ s/^\s//; |
900
|
|
|
|
|
|
|
|
901
|
176
|
|
|
|
|
233
|
$arg =~ s///g; |
902
|
|
|
|
|
|
|
# Allow : |
903
|
|
|
|
|
|
|
# $arg =~ s/[;<>\*|`&\$!?#\(\)\[\]\{\}'"\\\r]//g; |
904
|
|
|
|
|
|
|
|
905
|
|
|
|
|
|
|
# return $arg; |
906
|
|
|
|
|
|
|
# return String::EscapeCage->new(convert_XSS($arg))->escapecstring(); |
907
|
176
|
|
|
|
|
435
|
return convert_XSS($arg); |
908
|
|
|
|
|
|
|
} |
909
|
|
|
|
|
|
|
|
910
|
|
|
|
|
|
|
sub _multipart_data { |
911
|
4
|
|
|
4
|
|
9
|
my ($self, $args) = @_; |
912
|
|
|
|
|
|
|
|
913
|
4
|
50
|
|
|
|
19
|
if($self->{logger}) { |
914
|
0
|
|
|
|
|
0
|
$self->{logger}->trace('Entering _multipart_data'); |
915
|
|
|
|
|
|
|
} |
916
|
4
|
|
|
|
|
8
|
my $total_bytes = $$args{length}; |
917
|
|
|
|
|
|
|
|
918
|
4
|
50
|
|
|
|
9
|
if($self->{logger}) { |
919
|
0
|
|
|
|
|
0
|
$self->{logger}->trace("_multipart_data: total_bytes = $total_bytes"); |
920
|
|
|
|
|
|
|
} |
921
|
4
|
50
|
|
|
|
9
|
if($total_bytes == 0) { |
922
|
0
|
|
|
|
|
0
|
return; |
923
|
|
|
|
|
|
|
} |
924
|
|
|
|
|
|
|
|
925
|
4
|
50
|
|
|
|
10
|
unless($stdin_data) { |
926
|
4
|
|
|
|
|
24
|
while() { |
927
|
44
|
|
|
|
|
97
|
chop(my $line = $_); |
928
|
44
|
|
|
|
|
77
|
$line =~ s/[\r\n]//g; |
929
|
44
|
|
|
|
|
166
|
$stdin_data .= "$line\n"; |
930
|
|
|
|
|
|
|
} |
931
|
4
|
50
|
|
|
|
12
|
if(!$stdin_data) { |
932
|
0
|
|
|
|
|
0
|
return; |
933
|
|
|
|
|
|
|
} |
934
|
|
|
|
|
|
|
} |
935
|
|
|
|
|
|
|
|
936
|
4
|
|
|
|
|
9
|
my $boundary = $$args{boundary}; |
937
|
|
|
|
|
|
|
|
938
|
4
|
|
|
|
|
6
|
my @pairs; |
939
|
4
|
|
|
|
|
5
|
my $writing_file = 0; |
940
|
4
|
|
|
|
|
7
|
my $key; |
941
|
|
|
|
|
|
|
my $value; |
942
|
4
|
|
|
|
|
6
|
my $in_header = 0; |
943
|
4
|
|
|
|
|
5
|
my $fout; |
944
|
|
|
|
|
|
|
|
945
|
4
|
|
|
|
|
46
|
foreach my $line(split(/\n/, $stdin_data)) { |
946
|
34
|
100
|
|
|
|
133
|
if($line =~ /^--\Q$boundary\E--$/) { |
947
|
2
|
|
|
|
|
5
|
last; |
948
|
|
|
|
|
|
|
} |
949
|
32
|
100
|
|
|
|
112
|
if($line =~ /^--\Q$boundary\E$/) { |
|
|
100
|
|
|
|
|
|
950
|
8
|
50
|
|
|
|
23
|
if($writing_file) { |
|
|
100
|
|
|
|
|
|
951
|
0
|
|
|
|
|
0
|
close $fout; |
952
|
0
|
|
|
|
|
0
|
$writing_file = 0; |
953
|
|
|
|
|
|
|
} elsif(defined($key)) { |
954
|
4
|
|
|
|
|
13
|
push(@pairs, "$key=$value"); |
955
|
4
|
|
|
|
|
9
|
$value = undef; |
956
|
|
|
|
|
|
|
} |
957
|
8
|
|
|
|
|
19
|
$in_header = 1; |
958
|
|
|
|
|
|
|
} elsif($in_header) { |
959
|
16
|
100
|
|
|
|
67
|
if(length($line) == 0) { |
|
|
100
|
|
|
|
|
|
960
|
6
|
|
|
|
|
16
|
$in_header = 0; |
961
|
|
|
|
|
|
|
} elsif($line =~ /^Content-Disposition: (.+)/i) { |
962
|
8
|
|
|
|
|
21
|
my $field = $1; |
963
|
8
|
50
|
|
|
|
49
|
if($field =~ /name="(.+?)"/) { |
964
|
8
|
|
|
|
|
21
|
$key = $1; |
965
|
|
|
|
|
|
|
} |
966
|
8
|
100
|
|
|
|
34
|
if($field =~ /filename="(.+)?"/) { |
967
|
4
|
|
|
|
|
9
|
my $filename = $1; |
968
|
4
|
100
|
|
|
|
18
|
unless(defined($filename)) { |
|
|
50
|
|
|
|
|
|
969
|
0
|
|
|
|
|
0
|
$self->_warn('No upload filename given'); |
970
|
0
|
|
|
|
|
0
|
} elsif($filename =~ /[\\\/\|]/) { |
971
|
2
|
|
|
|
|
11
|
$self->_warn("Disallowing invalid filename: $filename"); |
972
|
|
|
|
|
|
|
} else { |
973
|
2
|
|
|
|
|
9
|
$filename = $self->_create_file_name({ |
974
|
|
|
|
|
|
|
filename => $filename |
975
|
|
|
|
|
|
|
}); |
976
|
|
|
|
|
|
|
|
977
|
|
|
|
|
|
|
# Don't do this since it taints the string and I can't work out how to untaint it |
978
|
|
|
|
|
|
|
# my $full_path = Cwd::realpath(File::Spec->catfile($self->{upload_dir}, $filename)); |
979
|
|
|
|
|
|
|
# $full_path =~ m/^(\/[\w\.]+)$/; |
980
|
2
|
|
|
|
|
28
|
my $full_path = File::Spec->catfile($self->{upload_dir}, $filename); |
981
|
2
|
50
|
|
|
|
298
|
unless(open($fout, '>', $full_path)) { |
982
|
0
|
|
|
|
|
0
|
$self->_warn("Can't open $full_path"); |
983
|
|
|
|
|
|
|
} |
984
|
2
|
|
|
|
|
7
|
$writing_file = 1; |
985
|
2
|
|
|
|
|
14
|
push(@pairs, "$key=$filename"); |
986
|
|
|
|
|
|
|
} |
987
|
|
|
|
|
|
|
} |
988
|
|
|
|
|
|
|
} |
989
|
|
|
|
|
|
|
# TODO: handle Content-Type: text/plain, etc. |
990
|
|
|
|
|
|
|
} else { |
991
|
8
|
100
|
|
|
|
16
|
if($writing_file) { |
992
|
4
|
|
|
|
|
31
|
print $fout "$line\n"; |
993
|
|
|
|
|
|
|
} else { |
994
|
4
|
|
|
|
|
19
|
$value .= $line; |
995
|
|
|
|
|
|
|
} |
996
|
|
|
|
|
|
|
} |
997
|
|
|
|
|
|
|
} |
998
|
|
|
|
|
|
|
|
999
|
2
|
50
|
|
|
|
9
|
if($writing_file) { |
1000
|
2
|
|
|
|
|
2056
|
close $fout; |
1001
|
|
|
|
|
|
|
} |
1002
|
|
|
|
|
|
|
|
1003
|
2
|
|
|
|
|
28
|
return @pairs; |
1004
|
|
|
|
|
|
|
} |
1005
|
|
|
|
|
|
|
|
1006
|
|
|
|
|
|
|
sub _create_file_name { |
1007
|
2
|
|
|
2
|
|
6
|
my ($self, $args) = @_; |
1008
|
|
|
|
|
|
|
|
1009
|
2
|
|
|
|
|
9
|
return $$args{filename} . '_' . time; |
1010
|
|
|
|
|
|
|
} |
1011
|
|
|
|
|
|
|
|
1012
|
|
|
|
|
|
|
# Untaint a filename. Regex from CGI::Untaint::Filenames |
1013
|
|
|
|
|
|
|
sub _untaint_filename { |
1014
|
35
|
|
|
35
|
|
90
|
my ($self, $args) = @_; |
1015
|
|
|
|
|
|
|
|
1016
|
35
|
50
|
|
|
|
202
|
if($$args{filename} =~ /(^[\w\+_\040\#\(\)\{\}\[\]\/\-\^,\.:;&%@\\~]+\$?$)/) { |
1017
|
35
|
|
|
|
|
160
|
return $1; |
1018
|
|
|
|
|
|
|
} |
1019
|
|
|
|
|
|
|
# return undef; |
1020
|
|
|
|
|
|
|
} |
1021
|
|
|
|
|
|
|
|
1022
|
|
|
|
|
|
|
=head2 is_mobile |
1023
|
|
|
|
|
|
|
|
1024
|
|
|
|
|
|
|
Returns a boolean if the website is being viewed on a mobile |
1025
|
|
|
|
|
|
|
device such as a smart-phone. |
1026
|
|
|
|
|
|
|
All tablets are mobile, but not all mobile devices are tablets. |
1027
|
|
|
|
|
|
|
|
1028
|
|
|
|
|
|
|
=cut |
1029
|
|
|
|
|
|
|
|
1030
|
|
|
|
|
|
|
sub is_mobile { |
1031
|
38
|
|
|
38
|
1
|
1619
|
my $self = shift; |
1032
|
|
|
|
|
|
|
|
1033
|
38
|
100
|
|
|
|
112
|
if(defined($self->{is_mobile})) { |
1034
|
11
|
|
|
|
|
34
|
return $self->{is_mobile}; |
1035
|
|
|
|
|
|
|
} |
1036
|
|
|
|
|
|
|
|
1037
|
|
|
|
|
|
|
# Support Sec-CH-UA-Mobile |
1038
|
27
|
100
|
|
|
|
77
|
if(my $ch_ua_mobile = $ENV{'HTTP_SEC_CH_UA_MOBILE'}) { |
1039
|
3
|
100
|
|
|
|
13
|
if($ch_ua_mobile eq '?1') { |
1040
|
1
|
|
|
|
|
3
|
$self->{is_mobile} = 1; |
1041
|
1
|
|
|
|
|
4
|
return 1; |
1042
|
|
|
|
|
|
|
} |
1043
|
|
|
|
|
|
|
} |
1044
|
26
|
100
|
|
|
|
62
|
if($ENV{'HTTP_X_WAP_PROFILE'}) { |
1045
|
|
|
|
|
|
|
# E.g. Blackberry |
1046
|
|
|
|
|
|
|
# TODO: Check the sanity of this variable |
1047
|
1
|
|
|
|
|
5
|
$self->{is_mobile} = 1; |
1048
|
1
|
|
|
|
|
8
|
return 1; |
1049
|
|
|
|
|
|
|
} |
1050
|
|
|
|
|
|
|
|
1051
|
25
|
100
|
|
|
|
66
|
if(my $agent = $ENV{'HTTP_USER_AGENT'}) { |
1052
|
16
|
100
|
|
|
|
1990
|
if($agent =~ /.+(Android|iPhone).+/) { |
1053
|
2
|
|
|
|
|
5
|
$self->{is_mobile} = 1; |
1054
|
2
|
|
|
|
|
9
|
return 1; |
1055
|
|
|
|
|
|
|
} |
1056
|
|
|
|
|
|
|
|
1057
|
|
|
|
|
|
|
# From http://detectmobilebrowsers.com/ |
1058
|
14
|
100
|
66
|
|
|
447
|
if ($agent =~ m/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i || substr($ENV{'HTTP_USER_AGENT'}, 0, 4) =~ m/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i) { |
1059
|
1
|
|
|
|
|
3
|
$self->{is_mobile} = 1; |
1060
|
1
|
|
|
|
|
5
|
return 1; |
1061
|
|
|
|
|
|
|
} |
1062
|
|
|
|
|
|
|
|
1063
|
|
|
|
|
|
|
# Save loading and calling HTTP::BrowserDetect |
1064
|
13
|
|
|
|
|
34
|
my $remote = $ENV{'REMOTE_ADDR'}; |
1065
|
13
|
50
|
66
|
|
|
44
|
if(defined($remote) && $self->{cache}) { |
1066
|
0
|
0
|
|
|
|
0
|
if(my $type = $self->{cache}->get("$remote/$agent")) { |
1067
|
0
|
|
|
|
|
0
|
return $self->{is_mobile} = ($type eq 'mobile'); |
1068
|
|
|
|
|
|
|
} |
1069
|
|
|
|
|
|
|
} |
1070
|
|
|
|
|
|
|
|
1071
|
13
|
100
|
|
|
|
32
|
unless($self->{browser_detect}) { |
1072
|
7
|
50
|
|
|
|
12
|
if(eval { require HTTP::BrowserDetect; }) { |
|
7
|
|
|
|
|
2758
|
|
1073
|
7
|
|
|
|
|
58535
|
HTTP::BrowserDetect->import(); |
1074
|
7
|
|
|
|
|
28
|
$self->{browser_detect} = HTTP::BrowserDetect->new($agent); |
1075
|
|
|
|
|
|
|
} |
1076
|
|
|
|
|
|
|
} |
1077
|
13
|
50
|
|
|
|
1184
|
if($self->{browser_detect}) { |
1078
|
13
|
|
|
|
|
49
|
my $device = $self->{browser_detect}->device(); |
1079
|
13
|
|
66
|
|
|
118
|
my $is_mobile = (defined($device) && ($device =~ /blackberry|webos|iphone|ipod|ipad|android/i)); |
1080
|
13
|
50
|
66
|
|
|
37
|
if($is_mobile && $self->{cache} && defined($remote)) { |
|
|
|
33
|
|
|
|
|
1081
|
0
|
|
|
|
|
0
|
$self->{cache}->set("$remote/$agent", 'mobile', '1 day'); |
1082
|
|
|
|
|
|
|
} |
1083
|
13
|
|
|
|
|
64
|
return $self->{is_mobile} = $is_mobile; |
1084
|
|
|
|
|
|
|
} |
1085
|
|
|
|
|
|
|
} |
1086
|
|
|
|
|
|
|
|
1087
|
9
|
|
|
|
|
40
|
return 0; |
1088
|
|
|
|
|
|
|
} |
1089
|
|
|
|
|
|
|
|
1090
|
|
|
|
|
|
|
=head2 is_tablet |
1091
|
|
|
|
|
|
|
|
1092
|
|
|
|
|
|
|
Returns a boolean if the website is being viewed on a tablet such as an iPad. |
1093
|
|
|
|
|
|
|
|
1094
|
|
|
|
|
|
|
=cut |
1095
|
|
|
|
|
|
|
|
1096
|
|
|
|
|
|
|
sub is_tablet { |
1097
|
6
|
|
|
6
|
1
|
55
|
my $self = shift; |
1098
|
|
|
|
|
|
|
|
1099
|
6
|
100
|
|
|
|
22
|
if(defined($self->{is_tablet})) { |
1100
|
1
|
|
|
|
|
4
|
return $self->{is_tablet}; |
1101
|
|
|
|
|
|
|
} |
1102
|
|
|
|
|
|
|
|
1103
|
5
|
100
|
100
|
|
|
349
|
if($ENV{'HTTP_USER_AGENT'} && ($ENV{'HTTP_USER_AGENT'} =~ /.+(iPad|TabletPC).+/)) { |
1104
|
|
|
|
|
|
|
# TODO: add others when I see some nice user_agents |
1105
|
1
|
|
|
|
|
3
|
$self->{is_tablet} = 1; |
1106
|
|
|
|
|
|
|
} else { |
1107
|
4
|
|
|
|
|
9
|
$self->{is_tablet} = 0; |
1108
|
|
|
|
|
|
|
} |
1109
|
|
|
|
|
|
|
|
1110
|
5
|
|
|
|
|
22
|
return $self->{is_tablet}; |
1111
|
|
|
|
|
|
|
} |
1112
|
|
|
|
|
|
|
|
1113
|
|
|
|
|
|
|
=head2 as_string |
1114
|
|
|
|
|
|
|
|
1115
|
|
|
|
|
|
|
Returns the parameters as a string, which is useful for debugging or |
1116
|
|
|
|
|
|
|
generating keys for a cache. |
1117
|
|
|
|
|
|
|
|
1118
|
|
|
|
|
|
|
=cut |
1119
|
|
|
|
|
|
|
|
1120
|
|
|
|
|
|
|
sub as_string { |
1121
|
35
|
|
|
35
|
1
|
14490
|
my $self = shift; |
1122
|
|
|
|
|
|
|
|
1123
|
35
|
100
|
|
|
|
97
|
unless($self->params()) { |
1124
|
7
|
|
|
|
|
50
|
return ''; |
1125
|
|
|
|
|
|
|
} |
1126
|
|
|
|
|
|
|
|
1127
|
28
|
|
|
|
|
48
|
my %f = %{$self->params()}; |
|
28
|
|
|
|
|
52
|
|
1128
|
|
|
|
|
|
|
|
1129
|
28
|
|
|
|
|
53
|
my $rc; |
1130
|
|
|
|
|
|
|
|
1131
|
28
|
|
|
|
|
115
|
foreach (sort keys %f) { |
1132
|
40
|
|
|
|
|
76
|
my $value = $f{$_}; |
1133
|
40
|
|
|
|
|
87
|
$value =~ s/\\/\\\\/g; |
1134
|
40
|
|
|
|
|
137
|
$value =~ s/(;|=)/\\$1/g; |
1135
|
40
|
100
|
|
|
|
82
|
if(defined($rc)) { |
1136
|
12
|
|
|
|
|
35
|
$rc .= ";$_=$value"; |
1137
|
|
|
|
|
|
|
} else { |
1138
|
28
|
|
|
|
|
90
|
$rc = "$_=$value"; |
1139
|
|
|
|
|
|
|
} |
1140
|
|
|
|
|
|
|
} |
1141
|
28
|
100
|
66
|
|
|
142
|
if($rc && $self->{logger}) { |
1142
|
1
|
|
|
|
|
6
|
$self->{logger}->debug("is_string: returning '$rc'"); |
1143
|
|
|
|
|
|
|
} |
1144
|
|
|
|
|
|
|
|
1145
|
28
|
50
|
|
|
|
222
|
return defined($rc) ? $rc : ''; |
1146
|
|
|
|
|
|
|
} |
1147
|
|
|
|
|
|
|
|
1148
|
|
|
|
|
|
|
=head2 protocol |
1149
|
|
|
|
|
|
|
|
1150
|
|
|
|
|
|
|
Returns the connection protocol, presumably 'http' or 'https', or undef if |
1151
|
|
|
|
|
|
|
it can't be determined. |
1152
|
|
|
|
|
|
|
|
1153
|
|
|
|
|
|
|
=cut |
1154
|
|
|
|
|
|
|
|
1155
|
|
|
|
|
|
|
sub protocol { |
1156
|
21
|
|
|
21
|
1
|
1364
|
my $self = shift; |
1157
|
|
|
|
|
|
|
|
1158
|
21
|
100
|
100
|
|
|
79
|
if($ENV{'SCRIPT_URI'} && ($ENV{'SCRIPT_URI'} =~ /^(.+):\/\/.+/)) { |
1159
|
2
|
|
|
|
|
12
|
return $1; |
1160
|
|
|
|
|
|
|
} |
1161
|
19
|
100
|
100
|
|
|
62
|
if($ENV{'SERVER_PROTOCOL'} && ($ENV{'SERVER_PROTOCOL'} =~ /^HTTP\//)) { |
1162
|
2
|
|
|
|
|
11
|
return 'http'; |
1163
|
|
|
|
|
|
|
} |
1164
|
|
|
|
|
|
|
|
1165
|
17
|
|
|
|
|
31
|
my $port = $ENV{'SERVER_PORT'}; |
1166
|
17
|
100
|
|
|
|
34
|
if(defined($port)) { |
1167
|
14
|
50
|
|
|
|
3414
|
if(defined(my $name = getservbyport($port, 'tcp'))) { |
|
|
0
|
|
|
|
|
|
|
|
0
|
|
|
|
|
|
1168
|
14
|
100
|
|
|
|
102
|
if($name =~ /https?/) { |
|
|
50
|
|
|
|
|
|
1169
|
12
|
|
|
|
|
88
|
return $name; |
1170
|
|
|
|
|
|
|
} elsif($name eq 'www') { |
1171
|
|
|
|
|
|
|
# e.g. NetBSD and OpenBSD |
1172
|
0
|
|
|
|
|
0
|
return 'http'; |
1173
|
|
|
|
|
|
|
} |
1174
|
|
|
|
|
|
|
# Return an error, maybe missing something |
1175
|
|
|
|
|
|
|
} elsif($port == 80) { |
1176
|
|
|
|
|
|
|
# e.g. Solaris |
1177
|
0
|
|
|
|
|
0
|
return 'http'; |
1178
|
|
|
|
|
|
|
} elsif($port == 443) { |
1179
|
0
|
|
|
|
|
0
|
return 'https'; |
1180
|
|
|
|
|
|
|
} |
1181
|
|
|
|
|
|
|
} |
1182
|
|
|
|
|
|
|
|
1183
|
5
|
50
|
|
|
|
13
|
if($ENV{'REMOTE_ADDR'}) { |
1184
|
0
|
|
|
|
|
0
|
$self->_warn("Can't determine the calling protocol"); |
1185
|
|
|
|
|
|
|
} |
1186
|
5
|
|
|
|
|
30
|
return; |
1187
|
|
|
|
|
|
|
} |
1188
|
|
|
|
|
|
|
|
1189
|
|
|
|
|
|
|
=head2 tmpdir |
1190
|
|
|
|
|
|
|
|
1191
|
|
|
|
|
|
|
Returns the name of a directory that you can use to create temporary files |
1192
|
|
|
|
|
|
|
in. |
1193
|
|
|
|
|
|
|
|
1194
|
|
|
|
|
|
|
The routine is preferable to L since CGI programs are |
1195
|
|
|
|
|
|
|
often running on shared servers. Having said that, tmpdir will fall back |
1196
|
|
|
|
|
|
|
to File::Spec->tmpdir() if it can't find somewhere better. |
1197
|
|
|
|
|
|
|
|
1198
|
|
|
|
|
|
|
If the parameter 'default' is given, then use that directory as a |
1199
|
|
|
|
|
|
|
fall-back rather than the value in File::Spec->tmpdir(). |
1200
|
|
|
|
|
|
|
No sanity tests are done, so if you give the default value of |
1201
|
|
|
|
|
|
|
'/non-existant', that will be returned. |
1202
|
|
|
|
|
|
|
|
1203
|
|
|
|
|
|
|
Tmpdir allows a reference of the options to be passed. |
1204
|
|
|
|
|
|
|
|
1205
|
|
|
|
|
|
|
use CGI::Info; |
1206
|
|
|
|
|
|
|
|
1207
|
|
|
|
|
|
|
my $info = CGI::Info->new(); |
1208
|
|
|
|
|
|
|
my $dir = $info->tmpdir(default => '/var/tmp'); |
1209
|
|
|
|
|
|
|
$dir = $info->tmpdir({ default => '/var/tmp' }); |
1210
|
|
|
|
|
|
|
|
1211
|
|
|
|
|
|
|
# or |
1212
|
|
|
|
|
|
|
|
1213
|
|
|
|
|
|
|
my $dir = CGI::Info->tmpdir(); |
1214
|
|
|
|
|
|
|
=cut |
1215
|
|
|
|
|
|
|
|
1216
|
|
|
|
|
|
|
sub tmpdir { |
1217
|
15
|
|
|
15
|
1
|
2299
|
my $self = shift; |
1218
|
15
|
100
|
|
|
|
49
|
my %params = (ref($_[0]) eq 'HASH') ? %{$_[0]} : @_; |
|
1
|
|
|
|
|
4
|
|
1219
|
|
|
|
|
|
|
|
1220
|
15
|
|
|
|
|
25
|
my $name = 'tmp'; |
1221
|
15
|
50
|
|
|
|
47
|
if($^O eq 'MSWin32') { |
1222
|
0
|
|
|
|
|
0
|
$name = 'temp'; |
1223
|
|
|
|
|
|
|
} |
1224
|
|
|
|
|
|
|
|
1225
|
15
|
|
|
|
|
19
|
my $dir; |
1226
|
|
|
|
|
|
|
|
1227
|
15
|
100
|
|
|
|
35
|
if(!ref($self)) { |
1228
|
3
|
|
|
|
|
7
|
$self = __PACKAGE__->new(); |
1229
|
|
|
|
|
|
|
} |
1230
|
|
|
|
|
|
|
|
1231
|
15
|
100
|
100
|
|
|
170
|
if($ENV{'C_DOCUMENT_ROOT'} && (-d $ENV{'C_DOCUMENT_ROOT'})) { |
1232
|
4
|
|
|
|
|
43
|
$dir = File::Spec->catdir($ENV{'C_DOCUMENT_ROOT'}, $name); |
1233
|
4
|
100
|
66
|
|
|
96
|
if((-d $dir) && (-w $dir)) { |
1234
|
2
|
|
|
|
|
12
|
return $self->_untaint_filename({ filename => $dir }); |
1235
|
|
|
|
|
|
|
} |
1236
|
2
|
|
|
|
|
9
|
$dir = $ENV{'C_DOCUMENT_ROOT'}; |
1237
|
2
|
50
|
33
|
|
|
47
|
if((-d $dir) && (-w $dir)) { |
1238
|
2
|
|
|
|
|
12
|
return $self->_untaint_filename({ filename => $dir }); |
1239
|
|
|
|
|
|
|
} |
1240
|
|
|
|
|
|
|
} |
1241
|
11
|
100
|
100
|
|
|
204
|
if($ENV{'DOCUMENT_ROOT'} && (-d $ENV{'DOCUMENT_ROOT'})) { |
1242
|
1
|
|
|
|
|
21
|
$dir = File::Spec->catdir($ENV{'DOCUMENT_ROOT'}, File::Spec->updir(), $name); |
1243
|
1
|
50
|
33
|
|
|
29
|
if((-d $dir) && (-w $dir)) { |
1244
|
1
|
|
|
|
|
8
|
return $self->_untaint_filename({ filename => $dir }); |
1245
|
|
|
|
|
|
|
} |
1246
|
|
|
|
|
|
|
} |
1247
|
10
|
100
|
|
|
|
263
|
return $params{default} ? $params{default} : File::Spec->tmpdir(); |
1248
|
|
|
|
|
|
|
} |
1249
|
|
|
|
|
|
|
|
1250
|
|
|
|
|
|
|
=head2 rootdir |
1251
|
|
|
|
|
|
|
|
1252
|
|
|
|
|
|
|
Returns the document root. This is preferable to looking at DOCUMENT_ROOT |
1253
|
|
|
|
|
|
|
in the environment because it will also work when we're not running as a CGI |
1254
|
|
|
|
|
|
|
script, which is useful for script debugging. |
1255
|
|
|
|
|
|
|
|
1256
|
|
|
|
|
|
|
This can be run as a class or object method. |
1257
|
|
|
|
|
|
|
|
1258
|
|
|
|
|
|
|
use CGI::Info; |
1259
|
|
|
|
|
|
|
|
1260
|
|
|
|
|
|
|
print CGI::Info->rootdir(); |
1261
|
|
|
|
|
|
|
|
1262
|
|
|
|
|
|
|
=cut |
1263
|
|
|
|
|
|
|
|
1264
|
|
|
|
|
|
|
sub rootdir { |
1265
|
9
|
50
|
66
|
9
|
1
|
4976
|
if($ENV{'C_DOCUMENT_ROOT'} && (-d $ENV{'C_DOCUMENT_ROOT'})) { |
|
|
100
|
100
|
|
|
|
|
1266
|
0
|
|
|
|
|
0
|
return $ENV{'C_DOCUMENT_ROOT'}; |
1267
|
|
|
|
|
|
|
} elsif($ENV{'DOCUMENT_ROOT'} && (-d $ENV{'DOCUMENT_ROOT'})) { |
1268
|
3
|
|
|
|
|
20
|
return $ENV{'DOCUMENT_ROOT'}; |
1269
|
|
|
|
|
|
|
} |
1270
|
6
|
|
|
|
|
24
|
my $script_name = $0; |
1271
|
|
|
|
|
|
|
|
1272
|
6
|
50
|
|
|
|
51
|
unless(File::Spec->file_name_is_absolute($script_name)) { |
1273
|
6
|
|
|
|
|
199
|
$script_name = File::Spec->rel2abs($script_name); |
1274
|
|
|
|
|
|
|
} |
1275
|
6
|
50
|
|
|
|
33
|
if($script_name =~ /.cgi\-bin.*/) { # kludge for outside CGI environment |
1276
|
0
|
|
|
|
|
0
|
$script_name =~ s/.cgi\-bin.*//; |
1277
|
|
|
|
|
|
|
} |
1278
|
6
|
50
|
|
|
|
104
|
if(-f $script_name) { # More kludge |
1279
|
6
|
50
|
|
|
|
29
|
if($^O eq 'MSWin32') { |
1280
|
0
|
0
|
|
|
|
0
|
if($script_name =~ /(.+)\\.+?$/) { |
1281
|
0
|
|
|
|
|
0
|
return $1; |
1282
|
|
|
|
|
|
|
} |
1283
|
|
|
|
|
|
|
} else { |
1284
|
6
|
50
|
|
|
|
44
|
if($script_name =~ /(.+)\/.+?$/) { |
1285
|
6
|
|
|
|
|
37
|
return $1; |
1286
|
|
|
|
|
|
|
} |
1287
|
|
|
|
|
|
|
} |
1288
|
|
|
|
|
|
|
} |
1289
|
0
|
|
|
|
|
0
|
return $script_name; |
1290
|
|
|
|
|
|
|
} |
1291
|
|
|
|
|
|
|
|
1292
|
|
|
|
|
|
|
=head2 logdir |
1293
|
|
|
|
|
|
|
|
1294
|
|
|
|
|
|
|
Gets and sets the name of a directory that you can use to store logs in. |
1295
|
|
|
|
|
|
|
|
1296
|
|
|
|
|
|
|
=cut |
1297
|
|
|
|
|
|
|
|
1298
|
|
|
|
|
|
|
sub logdir { |
1299
|
4
|
|
|
4
|
1
|
2211
|
my $self = shift; |
1300
|
4
|
|
|
|
|
8
|
my $dir = shift; |
1301
|
|
|
|
|
|
|
|
1302
|
4
|
100
|
|
|
|
11
|
if(!ref($self)) { |
1303
|
1
|
|
|
|
|
4
|
$self = __PACKAGE__->new(); |
1304
|
|
|
|
|
|
|
} |
1305
|
|
|
|
|
|
|
|
1306
|
4
|
100
|
|
|
|
10
|
if(defined($dir)) { |
1307
|
|
|
|
|
|
|
# No sanity testing is done |
1308
|
1
|
|
|
|
|
6
|
return $self->{logdir} = $dir; |
1309
|
|
|
|
|
|
|
} |
1310
|
|
|
|
|
|
|
|
1311
|
3
|
|
|
|
|
20
|
foreach my $rc($self->{logdir}, $ENV{'LOGDIR'}, Sys::Path->logdir(), $self->tmpdir()) { |
1312
|
9
|
100
|
66
|
|
|
148
|
if(defined($rc) && length($rc) && (-d $rc) && (-w $rc)) { |
|
|
|
100
|
|
|
|
|
|
|
|
66
|
|
|
|
|
1313
|
3
|
|
|
|
|
8
|
$dir = $rc; |
1314
|
3
|
|
|
|
|
6
|
last; |
1315
|
|
|
|
|
|
|
} |
1316
|
|
|
|
|
|
|
} |
1317
|
3
|
50
|
33
|
|
|
43
|
carp("Can't determine logdir") if((!defined($dir)) || (length($dir) == 0)); |
1318
|
3
|
|
66
|
|
|
15
|
$self->{logdir} ||= $dir; |
1319
|
|
|
|
|
|
|
|
1320
|
3
|
|
|
|
|
18
|
return $dir; |
1321
|
|
|
|
|
|
|
} |
1322
|
|
|
|
|
|
|
|
1323
|
|
|
|
|
|
|
=head2 is_robot |
1324
|
|
|
|
|
|
|
|
1325
|
|
|
|
|
|
|
Is the visitor a real person or a robot? |
1326
|
|
|
|
|
|
|
|
1327
|
|
|
|
|
|
|
use CGI::Info; |
1328
|
|
|
|
|
|
|
|
1329
|
|
|
|
|
|
|
my $info = CGI::Info->new(); |
1330
|
|
|
|
|
|
|
unless($info->is_robot()) { |
1331
|
|
|
|
|
|
|
# update site visitor statistics |
1332
|
|
|
|
|
|
|
} |
1333
|
|
|
|
|
|
|
|
1334
|
|
|
|
|
|
|
=cut |
1335
|
|
|
|
|
|
|
|
1336
|
|
|
|
|
|
|
sub is_robot { |
1337
|
20
|
|
|
20
|
1
|
587
|
my $self = shift; |
1338
|
|
|
|
|
|
|
|
1339
|
20
|
100
|
|
|
|
62
|
if(defined($self->{is_robot})) { |
1340
|
3
|
|
|
|
|
12
|
return $self->{is_robot}; |
1341
|
|
|
|
|
|
|
} |
1342
|
|
|
|
|
|
|
|
1343
|
17
|
|
|
|
|
30
|
my $agent = $ENV{'HTTP_USER_AGENT'}; |
1344
|
17
|
|
|
|
|
27
|
my $remote = $ENV{'REMOTE_ADDR'}; |
1345
|
|
|
|
|
|
|
|
1346
|
17
|
100
|
100
|
|
|
62
|
unless($remote && $agent) { |
1347
|
|
|
|
|
|
|
# Probably not running in CGI - assume real person |
1348
|
7
|
|
|
|
|
21
|
return 0; |
1349
|
|
|
|
|
|
|
} |
1350
|
|
|
|
|
|
|
|
1351
|
10
|
50
|
66
|
|
|
119
|
if(($agent =~ /SELECT.+AND.+/) || ($agent =~ /ORDER BY /) || ($agent =~ / OR NOT /) || ($agent =~ / AND \d+=\d+/) || ($agent =~ /THEN.+ELSE.+END/) || ($agent =~ /.+AND.+SELECT.+/)) { |
|
|
|
66
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
|
33
|
|
|
|
|
1352
|
1
|
|
|
|
|
4
|
$self->status(403); |
1353
|
1
|
|
|
|
|
2
|
$self->{is_robot} = 1; |
1354
|
1
|
50
|
|
|
|
3
|
if($self->{logger}) { |
1355
|
0
|
0
|
|
|
|
0
|
if($ENV{'REMOTE_ADDR'}) { |
1356
|
0
|
|
|
|
|
0
|
$self->{logger}->warn($ENV{'REMOTE_ADDR'}, ": SQL injection attempt blocked for '$agent'"); |
1357
|
|
|
|
|
|
|
} else { |
1358
|
0
|
|
|
|
|
0
|
$self->{logger}->warn("SQL injection attempt blocked for '$agent'"); |
1359
|
|
|
|
|
|
|
} |
1360
|
|
|
|
|
|
|
} |
1361
|
1
|
|
|
|
|
4
|
return 1; |
1362
|
|
|
|
|
|
|
} |
1363
|
9
|
100
|
|
|
|
493
|
if($agent =~ /.+bot|bytespider|msnptc|is_archiver|backstreet|spider|scoutjet|gingersoftware|heritrix|dodnetdotcom|yandex|nutch|ezooms|plukkie|nova\.6scan\.com|Twitterbot|adscanner|python-requests|Mediatoolkitbot|NetcraftSurveyAgent|Expanse|serpstatbot|DreamHost SiteMonitor 1.0/i) { |
1364
|
3
|
|
|
|
|
7
|
$self->{is_robot} = 1; |
1365
|
3
|
|
|
|
|
13
|
return 1; |
1366
|
|
|
|
|
|
|
} |
1367
|
|
|
|
|
|
|
|
1368
|
6
|
|
|
|
|
27
|
my $key = "$remote/$agent"; |
1369
|
|
|
|
|
|
|
|
1370
|
6
|
100
|
|
|
|
20
|
if(my $referrer = $ENV{'HTTP_REFERER'}) { |
1371
|
|
|
|
|
|
|
# https://agency.ohow.co/google-analytics-implementation-audit/google-analytics-historical-spam-list/ |
1372
|
2
|
|
|
|
|
14
|
my @crawler_lists = ( |
1373
|
|
|
|
|
|
|
'http://fix-website-errors.com', |
1374
|
|
|
|
|
|
|
'http://keywords-monitoring-your-success.com', |
1375
|
|
|
|
|
|
|
'http://free-video-tool.com', |
1376
|
|
|
|
|
|
|
'http://magnet-to-torrent.com', |
1377
|
|
|
|
|
|
|
'http://torrent-to-magnet.com', |
1378
|
|
|
|
|
|
|
'http://dogsrun.net', |
1379
|
|
|
|
|
|
|
'http://###.responsive-test.net', |
1380
|
|
|
|
|
|
|
'http://uptime.com', |
1381
|
|
|
|
|
|
|
'http://uptimechecker.com', |
1382
|
|
|
|
|
|
|
'http://top1-seo-service.com', |
1383
|
|
|
|
|
|
|
'http://fast-wordpress-start.com', |
1384
|
|
|
|
|
|
|
'http://wordpress-crew.net', |
1385
|
|
|
|
|
|
|
'http://dbutton.net', |
1386
|
|
|
|
|
|
|
'http://justprofit.xyz', |
1387
|
|
|
|
|
|
|
'http://video--production.com', |
1388
|
|
|
|
|
|
|
'http://buttons-for-website.com', |
1389
|
|
|
|
|
|
|
'http://buttons-for-your-website.com', |
1390
|
|
|
|
|
|
|
'http://success-seo.com', |
1391
|
|
|
|
|
|
|
'http://videos-for-your-business.com', |
1392
|
|
|
|
|
|
|
'http://semaltmedia.com', |
1393
|
|
|
|
|
|
|
'http://dailyrank.net', |
1394
|
|
|
|
|
|
|
'http://uptimebot.net', |
1395
|
|
|
|
|
|
|
'http://sitevaluation.org', |
1396
|
|
|
|
|
|
|
'http://100dollars-seo.com', |
1397
|
|
|
|
|
|
|
'http://forum69.info', |
1398
|
|
|
|
|
|
|
'http://partner.semalt.com', |
1399
|
|
|
|
|
|
|
'http://best-seo-offer.com', |
1400
|
|
|
|
|
|
|
'http://best-seo-solution.com', |
1401
|
|
|
|
|
|
|
'http://semalt.semalt.com', |
1402
|
|
|
|
|
|
|
'http://semalt.com', |
1403
|
|
|
|
|
|
|
'http://7makemoneyonline.com', |
1404
|
|
|
|
|
|
|
'http://anticrawler.org', |
1405
|
|
|
|
|
|
|
'http://baixar-musicas-gratis.com', |
1406
|
|
|
|
|
|
|
'http://descargar-musica-gratis.net', |
1407
|
|
|
|
|
|
|
|
1408
|
|
|
|
|
|
|
# Mine |
1409
|
|
|
|
|
|
|
'http://www.seokicks.de/robot.html', |
1410
|
|
|
|
|
|
|
); |
1411
|
2
|
|
|
|
|
4
|
$referrer =~ s/\\/_/g; |
1412
|
2
|
50
|
66
|
3
|
|
15
|
if(($referrer =~ /\)/) || (List::MoreUtils::any { $_ =~ /^$referrer/ } @crawler_lists)) { |
|
3
|
|
|
|
|
25
|
|
1413
|
2
|
50
|
|
|
|
6
|
if($self->{logger}) { |
1414
|
2
|
|
|
|
|
8
|
$self->{logger}->debug("is_robot: blocked trawler $referrer"); |
1415
|
|
|
|
|
|
|
} |
1416
|
2
|
50
|
|
|
|
12
|
if($self->{cache}) { |
1417
|
0
|
|
|
|
|
0
|
$self->{cache}->set($key, 'robot', '1 day'); |
1418
|
|
|
|
|
|
|
} |
1419
|
2
|
|
|
|
|
4
|
$self->{is_robot} = 1; |
1420
|
2
|
|
|
|
|
13
|
return 1; |
1421
|
|
|
|
|
|
|
} |
1422
|
|
|
|
|
|
|
} |
1423
|
|
|
|
|
|
|
|
1424
|
4
|
50
|
|
|
|
10
|
if($self->{cache}) { |
1425
|
0
|
0
|
0
|
|
|
0
|
if(defined($remote) && $self->{cache}) { |
1426
|
0
|
0
|
|
|
|
0
|
if(my $type = $self->{cache}->get("$remote/$agent")) { |
1427
|
0
|
|
|
|
|
0
|
return $self->{is_robot} = ($type eq 'robot'); |
1428
|
|
|
|
|
|
|
} |
1429
|
|
|
|
|
|
|
} |
1430
|
|
|
|
|
|
|
} |
1431
|
|
|
|
|
|
|
|
1432
|
4
|
100
|
|
|
|
12
|
unless($self->{browser_detect}) { |
1433
|
3
|
50
|
|
|
|
5
|
if(eval { require HTTP::BrowserDetect; }) { |
|
3
|
|
|
|
|
19
|
|
1434
|
3
|
|
|
|
|
11
|
HTTP::BrowserDetect->import(); |
1435
|
3
|
|
|
|
|
8
|
$self->{browser_detect} = HTTP::BrowserDetect->new($agent); |
1436
|
|
|
|
|
|
|
} |
1437
|
|
|
|
|
|
|
} |
1438
|
4
|
50
|
|
|
|
575
|
if($self->{browser_detect}) { |
1439
|
4
|
|
|
|
|
20
|
my $is_robot = $self->{browser_detect}->robot(); |
1440
|
4
|
100
|
100
|
|
|
797
|
if(defined($is_robot) && $self->{logger}) { |
1441
|
1
|
|
|
|
|
10
|
$self->{logger}->debug("HTTP::BrowserDetect '$ENV{HTTP_USER_AGENT}' returns $is_robot"); |
1442
|
|
|
|
|
|
|
} |
1443
|
4
|
100
|
66
|
|
|
28
|
$is_robot = (defined($is_robot) && ($is_robot)) ? 1 : 0; |
1444
|
4
|
100
|
|
|
|
14
|
if($self->{logger}) { |
1445
|
2
|
|
|
|
|
8
|
$self->{logger}->debug("is_robot: $is_robot"); |
1446
|
|
|
|
|
|
|
} |
1447
|
|
|
|
|
|
|
|
1448
|
4
|
100
|
|
|
|
19
|
if($is_robot) { |
1449
|
2
|
50
|
|
|
|
6
|
if($self->{cache}) { |
1450
|
0
|
|
|
|
|
0
|
$self->{cache}->set($key, 'robot', '1 day'); |
1451
|
|
|
|
|
|
|
} |
1452
|
2
|
|
|
|
|
5
|
$self->{is_robot} = $is_robot; |
1453
|
2
|
|
|
|
|
11
|
return $is_robot; |
1454
|
|
|
|
|
|
|
} |
1455
|
|
|
|
|
|
|
} |
1456
|
|
|
|
|
|
|
|
1457
|
2
|
50
|
|
|
|
5
|
if($self->{cache}) { |
1458
|
0
|
|
|
|
|
0
|
$self->{cache}->set($key, 'unknown', '1 day'); |
1459
|
|
|
|
|
|
|
} |
1460
|
2
|
|
|
|
|
6
|
$self->{is_robot} = 0; |
1461
|
2
|
|
|
|
|
9
|
return 0; |
1462
|
|
|
|
|
|
|
} |
1463
|
|
|
|
|
|
|
|
1464
|
|
|
|
|
|
|
=head2 is_search_engine |
1465
|
|
|
|
|
|
|
|
1466
|
|
|
|
|
|
|
Is the visitor a search engine? |
1467
|
|
|
|
|
|
|
|
1468
|
|
|
|
|
|
|
use CGI::Info; |
1469
|
|
|
|
|
|
|
|
1470
|
|
|
|
|
|
|
if(CGI::Info->new()->is_search_engine()) { |
1471
|
|
|
|
|
|
|
# display generic information about yourself |
1472
|
|
|
|
|
|
|
} else { |
1473
|
|
|
|
|
|
|
# allow the user to pick and choose something to display |
1474
|
|
|
|
|
|
|
} |
1475
|
|
|
|
|
|
|
|
1476
|
|
|
|
|
|
|
=cut |
1477
|
|
|
|
|
|
|
|
1478
|
|
|
|
|
|
|
sub is_search_engine { |
1479
|
25
|
|
|
25
|
1
|
531
|
my $self = shift; |
1480
|
|
|
|
|
|
|
|
1481
|
25
|
100
|
|
|
|
65
|
if(defined($self->{is_search_engine})) { |
1482
|
6
|
|
|
|
|
26
|
return $self->{is_search_engine}; |
1483
|
|
|
|
|
|
|
} |
1484
|
|
|
|
|
|
|
|
1485
|
19
|
|
|
|
|
37
|
my $remote = $ENV{'REMOTE_ADDR'}; |
1486
|
19
|
|
|
|
|
32
|
my $agent = $ENV{'HTTP_USER_AGENT'}; |
1487
|
|
|
|
|
|
|
|
1488
|
19
|
100
|
100
|
|
|
82
|
unless($remote && $agent) { |
1489
|
|
|
|
|
|
|
# Probably not running in CGI - assume not a search engine |
1490
|
8
|
|
|
|
|
27
|
return 0; |
1491
|
|
|
|
|
|
|
} |
1492
|
|
|
|
|
|
|
|
1493
|
11
|
|
|
|
|
17
|
my $key; |
1494
|
|
|
|
|
|
|
|
1495
|
11
|
50
|
|
|
|
27
|
if($self->{cache}) { |
1496
|
0
|
|
|
|
|
0
|
$key = "$remote/$agent"; |
1497
|
0
|
0
|
0
|
|
|
0
|
if(defined($remote) && $self->{cache}) { |
1498
|
0
|
0
|
|
|
|
0
|
if(my $type = $self->{cache}->get("$remote/$agent")) { |
1499
|
0
|
|
|
|
|
0
|
return $self->{is_search} = ($type eq 'search'); |
1500
|
|
|
|
|
|
|
} |
1501
|
|
|
|
|
|
|
} |
1502
|
|
|
|
|
|
|
} |
1503
|
|
|
|
|
|
|
|
1504
|
|
|
|
|
|
|
# Don't use HTTP_USER_AGENT to detect more than we really have to since |
1505
|
|
|
|
|
|
|
# that is easily spoofed |
1506
|
11
|
50
|
|
|
|
56
|
if($agent =~ /www\.majestic12\.co\.uk|facebookexternal/) { |
1507
|
0
|
0
|
|
|
|
0
|
if($self->{cache}) { |
1508
|
0
|
|
|
|
|
0
|
$self->{cache}->set($key, 'search', '1 day'); |
1509
|
|
|
|
|
|
|
} |
1510
|
0
|
|
|
|
|
0
|
return 1; |
1511
|
|
|
|
|
|
|
} |
1512
|
|
|
|
|
|
|
|
1513
|
11
|
100
|
|
|
|
24
|
unless($self->{browser_detect}) { |
1514
|
7
|
50
|
|
|
|
11
|
if(eval { require HTTP::BrowserDetect; }) { |
|
7
|
|
|
|
|
969
|
|
1515
|
7
|
|
|
|
|
19287
|
HTTP::BrowserDetect->import(); |
1516
|
7
|
|
|
|
|
20
|
$self->{browser_detect} = HTTP::BrowserDetect->new($agent); |
1517
|
|
|
|
|
|
|
} |
1518
|
|
|
|
|
|
|
} |
1519
|
11
|
50
|
|
|
|
1227
|
if(my $browser = $self->{browser_detect}) { |
1520
|
11
|
|
66
|
|
|
30
|
my $is_search = ($browser->google() || $browser->msn() || $browser->baidu() || $browser->altavista() || $browser->yahoo() || $browser->bingbot()); |
1521
|
11
|
100
|
100
|
|
|
2946
|
if((!$is_search) && $agent =~ /SeznamBot\//) { |
1522
|
1
|
|
|
|
|
3
|
$is_search = 1; |
1523
|
|
|
|
|
|
|
} |
1524
|
11
|
50
|
66
|
|
|
44
|
if($is_search && $self->{cache}) { |
1525
|
0
|
|
|
|
|
0
|
$self->{cache}->set($key, 'search', '1 day'); |
1526
|
|
|
|
|
|
|
} |
1527
|
11
|
|
|
|
|
83
|
return $self->{is_search_engine} = $is_search; |
1528
|
|
|
|
|
|
|
} |
1529
|
|
|
|
|
|
|
|
1530
|
|
|
|
|
|
|
# TODO: DNS lookup, not gethostbyaddr - though that will be slow |
1531
|
0
|
|
0
|
|
|
0
|
my $hostname = gethostbyaddr(inet_aton($remote), AF_INET) || $remote; |
1532
|
|
|
|
|
|
|
|
1533
|
0
|
0
|
0
|
|
|
0
|
if(defined($hostname) && ($hostname =~ /google|msnbot|bingbot|amazonbot/) && ($hostname !~ /^google-proxy/)) { |
|
|
|
0
|
|
|
|
|
1534
|
0
|
0
|
|
|
|
0
|
if($self->{cache}) { |
1535
|
0
|
|
|
|
|
0
|
$self->{cache}->set($key, 'search', '1 day'); |
1536
|
|
|
|
|
|
|
} |
1537
|
0
|
|
|
|
|
0
|
$self->{is_search_engine} = 1; |
1538
|
0
|
|
|
|
|
0
|
return 1; |
1539
|
|
|
|
|
|
|
} |
1540
|
|
|
|
|
|
|
|
1541
|
0
|
|
|
|
|
0
|
$self->{is_search_engine} = 0; |
1542
|
0
|
|
|
|
|
0
|
return 0; |
1543
|
|
|
|
|
|
|
} |
1544
|
|
|
|
|
|
|
|
1545
|
|
|
|
|
|
|
=head2 browser_type |
1546
|
|
|
|
|
|
|
|
1547
|
|
|
|
|
|
|
Returns one of 'web', 'search', 'robot' and 'mobile'. |
1548
|
|
|
|
|
|
|
|
1549
|
|
|
|
|
|
|
# Code to display a different web page for a browser, search engine and |
1550
|
|
|
|
|
|
|
# smartphone |
1551
|
|
|
|
|
|
|
use Template; |
1552
|
|
|
|
|
|
|
use CGI::Info; |
1553
|
|
|
|
|
|
|
|
1554
|
|
|
|
|
|
|
my $info = CGI::Info->new(); |
1555
|
|
|
|
|
|
|
my $dir = $info->rootdir() . '/templates/' . $info->browser_type(); |
1556
|
|
|
|
|
|
|
|
1557
|
|
|
|
|
|
|
my $filename = ref($self); |
1558
|
|
|
|
|
|
|
$filename =~ s/::/\//g; |
1559
|
|
|
|
|
|
|
$filename = "$dir/$filename.tmpl"; |
1560
|
|
|
|
|
|
|
|
1561
|
|
|
|
|
|
|
if((!-f $filename) || (!-r $filename)) { |
1562
|
|
|
|
|
|
|
die "Can't open $filename"; |
1563
|
|
|
|
|
|
|
} |
1564
|
|
|
|
|
|
|
my $template = Template->new(); |
1565
|
|
|
|
|
|
|
$template->process($filename, {}) || die $template->error(); |
1566
|
|
|
|
|
|
|
|
1567
|
|
|
|
|
|
|
=cut |
1568
|
|
|
|
|
|
|
|
1569
|
|
|
|
|
|
|
sub browser_type { |
1570
|
21
|
|
|
21
|
1
|
55
|
my $self = shift; |
1571
|
|
|
|
|
|
|
|
1572
|
21
|
100
|
|
|
|
47
|
if($self->is_mobile()) { |
1573
|
8
|
|
|
|
|
42
|
return 'mobile'; |
1574
|
|
|
|
|
|
|
} |
1575
|
13
|
100
|
|
|
|
36
|
if($self->is_search_engine()) { |
1576
|
6
|
|
|
|
|
40
|
return 'search'; |
1577
|
|
|
|
|
|
|
} |
1578
|
7
|
100
|
|
|
|
21
|
if($self->is_robot()) { |
1579
|
3
|
|
|
|
|
22
|
return 'robot'; |
1580
|
|
|
|
|
|
|
} |
1581
|
4
|
|
|
|
|
16
|
return 'web'; |
1582
|
|
|
|
|
|
|
} |
1583
|
|
|
|
|
|
|
|
1584
|
|
|
|
|
|
|
=head2 get_cookie |
1585
|
|
|
|
|
|
|
|
1586
|
|
|
|
|
|
|
Returns a cookie's value, or undef if no name is given, or the requested |
1587
|
|
|
|
|
|
|
cookie isn't in the jar. |
1588
|
|
|
|
|
|
|
|
1589
|
|
|
|
|
|
|
Deprecated - use cookie() instead. |
1590
|
|
|
|
|
|
|
|
1591
|
|
|
|
|
|
|
use CGI::Info; |
1592
|
|
|
|
|
|
|
|
1593
|
|
|
|
|
|
|
my $i = CGI::Info->new(); |
1594
|
|
|
|
|
|
|
my $name = $i->get_cookie(cookie_name => 'name'); |
1595
|
|
|
|
|
|
|
print "Your name is $name\n"; |
1596
|
|
|
|
|
|
|
my $address = $i->get_cookie('address'); |
1597
|
|
|
|
|
|
|
print "Your address is $address\n"; |
1598
|
|
|
|
|
|
|
|
1599
|
|
|
|
|
|
|
=cut |
1600
|
|
|
|
|
|
|
|
1601
|
|
|
|
|
|
|
sub get_cookie { |
1602
|
13
|
|
|
13
|
1
|
610
|
my $self = shift; |
1603
|
13
|
|
|
|
|
19
|
my %params; |
1604
|
|
|
|
|
|
|
|
1605
|
13
|
100
|
|
|
|
45
|
if(ref($_[0]) eq 'HASH') { |
|
|
100
|
|
|
|
|
|
1606
|
3
|
|
|
|
|
5
|
%params = %{$_[0]}; |
|
3
|
|
|
|
|
9
|
|
1607
|
|
|
|
|
|
|
} elsif(scalar(@_) % 2 == 0) { |
1608
|
9
|
|
|
|
|
24
|
%params = @_; |
1609
|
|
|
|
|
|
|
} else { |
1610
|
1
|
|
|
|
|
2
|
$params{'cookie_name'} = shift; |
1611
|
|
|
|
|
|
|
} |
1612
|
|
|
|
|
|
|
|
1613
|
13
|
100
|
|
|
|
36
|
if(!defined($params{'cookie_name'})) { |
1614
|
3
|
|
|
|
|
9
|
$self->_warn('cookie_name argument not given'); |
1615
|
2
|
|
|
|
|
598
|
return; |
1616
|
|
|
|
|
|
|
} |
1617
|
|
|
|
|
|
|
|
1618
|
10
|
100
|
|
|
|
23
|
unless($self->{jar}) { |
1619
|
4
|
100
|
|
|
|
8
|
unless(defined($ENV{'HTTP_COOKIE'})) { |
1620
|
1
|
|
|
|
|
5
|
return; |
1621
|
|
|
|
|
|
|
} |
1622
|
3
|
|
|
|
|
15
|
my @cookies = split(/; /, $ENV{'HTTP_COOKIE'}); |
1623
|
|
|
|
|
|
|
|
1624
|
3
|
|
|
|
|
8
|
foreach my $cookie(@cookies) { |
1625
|
11
|
|
|
|
|
26
|
my ($name, $value) = split(/=/, $cookie); |
1626
|
11
|
|
|
|
|
41
|
$self->{jar}->{$name} = $value; |
1627
|
|
|
|
|
|
|
} |
1628
|
|
|
|
|
|
|
} |
1629
|
|
|
|
|
|
|
|
1630
|
9
|
100
|
|
|
|
21
|
if(exists($self->{jar}->{$params{'cookie_name'}})) { |
1631
|
6
|
|
|
|
|
30
|
return $self->{jar}->{$params{'cookie_name'}}; |
1632
|
|
|
|
|
|
|
} |
1633
|
3
|
|
|
|
|
14
|
return; # Return undef |
1634
|
|
|
|
|
|
|
} |
1635
|
|
|
|
|
|
|
|
1636
|
|
|
|
|
|
|
=head2 cookie |
1637
|
|
|
|
|
|
|
|
1638
|
|
|
|
|
|
|
Returns a cookie's value, or undef if no name is given, or the requested |
1639
|
|
|
|
|
|
|
cookie isn't in the jar. |
1640
|
|
|
|
|
|
|
API is the same as "param", it will replace the "get_cookie" method in the future. |
1641
|
|
|
|
|
|
|
|
1642
|
|
|
|
|
|
|
use CGI::Info; |
1643
|
|
|
|
|
|
|
|
1644
|
|
|
|
|
|
|
my $name = CGI::Info->new()->cookie('name'); |
1645
|
|
|
|
|
|
|
print "Your name is $name\n"; |
1646
|
|
|
|
|
|
|
|
1647
|
|
|
|
|
|
|
=cut |
1648
|
|
|
|
|
|
|
|
1649
|
|
|
|
|
|
|
sub cookie { |
1650
|
2
|
|
|
2
|
1
|
8
|
my ($self, $field) = @_; |
1651
|
|
|
|
|
|
|
|
1652
|
2
|
50
|
|
|
|
6
|
if(!defined($field)) { |
1653
|
0
|
|
|
|
|
0
|
$self->_warn('what cookie do you want?'); |
1654
|
0
|
|
|
|
|
0
|
return; |
1655
|
|
|
|
|
|
|
} |
1656
|
|
|
|
|
|
|
|
1657
|
2
|
50
|
|
|
|
6
|
unless($self->{jar}) { |
1658
|
0
|
0
|
|
|
|
0
|
unless(defined($ENV{'HTTP_COOKIE'})) { |
1659
|
0
|
|
|
|
|
0
|
return; |
1660
|
|
|
|
|
|
|
} |
1661
|
0
|
|
|
|
|
0
|
my @cookies = split(/; /, $ENV{'HTTP_COOKIE'}); |
1662
|
|
|
|
|
|
|
|
1663
|
0
|
|
|
|
|
0
|
foreach my $cookie(@cookies) { |
1664
|
0
|
|
|
|
|
0
|
my ($name, $value) = split(/=/, $cookie); |
1665
|
0
|
|
|
|
|
0
|
$self->{jar}->{$name} = $value; |
1666
|
|
|
|
|
|
|
} |
1667
|
|
|
|
|
|
|
} |
1668
|
|
|
|
|
|
|
|
1669
|
2
|
50
|
|
|
|
6
|
if(exists($self->{jar}->{$field})) { |
1670
|
2
|
|
|
|
|
8
|
return $self->{jar}->{$field}; |
1671
|
|
|
|
|
|
|
} |
1672
|
0
|
|
|
|
|
0
|
return; # Return undef |
1673
|
|
|
|
|
|
|
} |
1674
|
|
|
|
|
|
|
|
1675
|
|
|
|
|
|
|
=head2 status |
1676
|
|
|
|
|
|
|
|
1677
|
|
|
|
|
|
|
Sets or returns the status of the object, 200 for OK, otherwise an HTTP error code |
1678
|
|
|
|
|
|
|
|
1679
|
|
|
|
|
|
|
=cut |
1680
|
|
|
|
|
|
|
|
1681
|
|
|
|
|
|
|
sub status { |
1682
|
15
|
|
|
15
|
1
|
2514
|
my $self = shift; |
1683
|
|
|
|
|
|
|
|
1684
|
15
|
100
|
|
|
|
72
|
if(my $status = shift) { |
|
|
100
|
|
|
|
|
|
1685
|
5
|
|
|
|
|
11
|
$self->{status} = $status; |
1686
|
|
|
|
|
|
|
} elsif(!defined($self->{status})) { |
1687
|
6
|
100
|
|
|
|
22
|
if(defined(my $method = $ENV{'REQUEST_METHOD'})) { |
1688
|
4
|
100
|
66
|
|
|
34
|
if(($method eq 'OPTIONS') || ($method eq 'DELETE')) { |
|
|
100
|
66
|
|
|
|
|
1689
|
1
|
|
|
|
|
5
|
return 405; |
1690
|
|
|
|
|
|
|
} elsif(($method eq 'POST') && !defined($ENV{'CONTENT_LENGTH'})) { |
1691
|
1
|
|
|
|
|
4
|
return 411; |
1692
|
|
|
|
|
|
|
} |
1693
|
|
|
|
|
|
|
} |
1694
|
4
|
|
|
|
|
26
|
return 200; |
1695
|
|
|
|
|
|
|
} |
1696
|
|
|
|
|
|
|
|
1697
|
9
|
|
50
|
|
|
41
|
return $self->{status} || 200; |
1698
|
|
|
|
|
|
|
} |
1699
|
|
|
|
|
|
|
|
1700
|
|
|
|
|
|
|
=head2 set_logger |
1701
|
|
|
|
|
|
|
|
1702
|
|
|
|
|
|
|
Sometimes you don't know what the logger is until you've instantiated the class. |
1703
|
|
|
|
|
|
|
This function fixes the catch22 situation. |
1704
|
|
|
|
|
|
|
|
1705
|
|
|
|
|
|
|
=cut |
1706
|
|
|
|
|
|
|
|
1707
|
|
|
|
|
|
|
sub set_logger { |
1708
|
3
|
|
|
3
|
1
|
48
|
my $self = shift; |
1709
|
3
|
|
|
|
|
6
|
my %params; |
1710
|
|
|
|
|
|
|
|
1711
|
3
|
100
|
|
|
|
14
|
if(ref($_[0]) eq 'HASH') { |
|
|
100
|
|
|
|
|
|
1712
|
1
|
|
|
|
|
2
|
%params = %{$_[0]}; |
|
1
|
|
|
|
|
4
|
|
1713
|
|
|
|
|
|
|
} elsif(scalar(@_) % 2 == 0) { |
1714
|
1
|
|
|
|
|
4
|
%params = @_; |
1715
|
|
|
|
|
|
|
} else { |
1716
|
1
|
|
|
|
|
2
|
$params{'logger'} = shift; |
1717
|
|
|
|
|
|
|
} |
1718
|
|
|
|
|
|
|
|
1719
|
3
|
|
|
|
|
7
|
$self->{logger} = $params{'logger'}; |
1720
|
|
|
|
|
|
|
|
1721
|
3
|
|
|
|
|
6
|
return $self; |
1722
|
|
|
|
|
|
|
} |
1723
|
|
|
|
|
|
|
|
1724
|
|
|
|
|
|
|
=head2 reset |
1725
|
|
|
|
|
|
|
|
1726
|
|
|
|
|
|
|
Class method to reset the class. |
1727
|
|
|
|
|
|
|
You should do this in an FCGI environment before instantiating, but nowhere else. |
1728
|
|
|
|
|
|
|
|
1729
|
|
|
|
|
|
|
=cut |
1730
|
|
|
|
|
|
|
|
1731
|
|
|
|
|
|
|
sub reset { |
1732
|
11
|
|
|
11
|
1
|
11211
|
my $class = shift; |
1733
|
|
|
|
|
|
|
|
1734
|
11
|
100
|
|
|
|
36
|
unless($class eq __PACKAGE__) { |
1735
|
1
|
|
|
|
|
21
|
carp('Reset is a class method'); |
1736
|
0
|
|
|
|
|
0
|
return; |
1737
|
|
|
|
|
|
|
} |
1738
|
|
|
|
|
|
|
|
1739
|
10
|
|
|
|
|
29
|
$stdin_data = undef; |
1740
|
|
|
|
|
|
|
} |
1741
|
|
|
|
|
|
|
|
1742
|
|
|
|
|
|
|
sub AUTOLOAD { |
1743
|
158
|
|
|
158
|
|
63339
|
our $AUTOLOAD; |
1744
|
158
|
|
|
|
|
302
|
my $param = $AUTOLOAD; |
1745
|
|
|
|
|
|
|
|
1746
|
158
|
|
|
|
|
985
|
$param =~ s/.*:://; |
1747
|
|
|
|
|
|
|
|
1748
|
158
|
100
|
|
|
|
3270
|
return if($param eq 'DESTROY'); |
1749
|
|
|
|
|
|
|
|
1750
|
4
|
|
|
|
|
9
|
my $self = shift; |
1751
|
|
|
|
|
|
|
|
1752
|
4
|
50
|
|
|
|
13
|
return if(ref($self) ne __PACKAGE__); |
1753
|
|
|
|
|
|
|
|
1754
|
4
|
|
|
|
|
13
|
return $self->param($param); |
1755
|
|
|
|
|
|
|
} |
1756
|
|
|
|
|
|
|
|
1757
|
|
|
|
|
|
|
=head1 AUTHOR |
1758
|
|
|
|
|
|
|
|
1759
|
|
|
|
|
|
|
Nigel Horne, C<< >> |
1760
|
|
|
|
|
|
|
|
1761
|
|
|
|
|
|
|
=head1 BUGS |
1762
|
|
|
|
|
|
|
|
1763
|
|
|
|
|
|
|
is_tablet() only currently detects the iPad and Windows PCs. Android strings |
1764
|
|
|
|
|
|
|
don't differ between tablets and smart-phones. |
1765
|
|
|
|
|
|
|
|
1766
|
|
|
|
|
|
|
Please report any bugs or feature requests to C, |
1767
|
|
|
|
|
|
|
or through the web interface at |
1768
|
|
|
|
|
|
|
L. |
1769
|
|
|
|
|
|
|
I will be notified, and then you'll |
1770
|
|
|
|
|
|
|
automatically be notified of progress on your bug as I make changes. |
1771
|
|
|
|
|
|
|
|
1772
|
|
|
|
|
|
|
params() returns a ref which means that calling routines can change the hash |
1773
|
|
|
|
|
|
|
for other routines. |
1774
|
|
|
|
|
|
|
Take a local copy before making amendments to the table if you don't want unexpected |
1775
|
|
|
|
|
|
|
things to happen. |
1776
|
|
|
|
|
|
|
|
1777
|
|
|
|
|
|
|
=head1 SEE ALSO |
1778
|
|
|
|
|
|
|
|
1779
|
|
|
|
|
|
|
L |
1780
|
|
|
|
|
|
|
|
1781
|
|
|
|
|
|
|
=head1 SUPPORT |
1782
|
|
|
|
|
|
|
|
1783
|
|
|
|
|
|
|
You can find documentation for this module with the perldoc command. |
1784
|
|
|
|
|
|
|
|
1785
|
|
|
|
|
|
|
perldoc CGI::Info |
1786
|
|
|
|
|
|
|
|
1787
|
|
|
|
|
|
|
You can also look for information at: |
1788
|
|
|
|
|
|
|
|
1789
|
|
|
|
|
|
|
=over 4 |
1790
|
|
|
|
|
|
|
|
1791
|
|
|
|
|
|
|
=item * MetaCPAN |
1792
|
|
|
|
|
|
|
|
1793
|
|
|
|
|
|
|
L |
1794
|
|
|
|
|
|
|
|
1795
|
|
|
|
|
|
|
=item * RT: CPAN's request tracker |
1796
|
|
|
|
|
|
|
|
1797
|
|
|
|
|
|
|
L |
1798
|
|
|
|
|
|
|
|
1799
|
|
|
|
|
|
|
=item * CPAN Testers' Matrix |
1800
|
|
|
|
|
|
|
|
1801
|
|
|
|
|
|
|
L |
1802
|
|
|
|
|
|
|
|
1803
|
|
|
|
|
|
|
=item * CPAN Testers Dependencies |
1804
|
|
|
|
|
|
|
|
1805
|
|
|
|
|
|
|
L |
1806
|
|
|
|
|
|
|
|
1807
|
|
|
|
|
|
|
=back |
1808
|
|
|
|
|
|
|
|
1809
|
|
|
|
|
|
|
=head1 LICENSE AND COPYRIGHT |
1810
|
|
|
|
|
|
|
|
1811
|
|
|
|
|
|
|
Copyright 2010-2023 Nigel Horne. |
1812
|
|
|
|
|
|
|
|
1813
|
|
|
|
|
|
|
This program is released under the following licence: GPL2 |
1814
|
|
|
|
|
|
|
|
1815
|
|
|
|
|
|
|
=cut |
1816
|
|
|
|
|
|
|
|
1817
|
|
|
|
|
|
|
1; |