Just some code cleanup recommendations.
original code:
open (REFFILE,"$reffile") || print "Content-type: text/html\n\n Can't
+Open $reffile(r): $!\n";
my(@LINES)=<REFFILE>;
close(REFFILE);
$SIZE=@LINES;
open (REFFILE,">$reffile") || print "Content-type: text/html\n\n Can't
+ Open $reffile(r): $!\n";
print REFFILE "$date\| $ENV{'REMOTE_HOST'}\| $ENV{'HTTP_USER_AGENT'}\|
+$FORM{'discnt'}\|$FORM{'shipcountry'}\|\n";
Step 1 - DO IT!
At the very least please do not use the 2 argument form of open. It ~might~ be safe if you have that variable under your control but maybe at some point you decide it would be a nice feature for the user to be able to specify the file name and then you're in trouble. Your application may be tricked into setting '$reffile' to '>file', '<file', '-|file' or any other 'interesting' file modes. Use the 3 argument form, explicitely state the file mode and stop worrying.
my $htmlheader = "Content-type: text/html\n\n";
open (REFFILE, '<', $reffile) || print "$htmlheader Can't Open $reffil
+e(r): $!\n";
[...]
open (REFFILE, '>', $reffile) || print "$htmlheader Can't Open $reffil
+e(r): $!\n";
Check the return value of print and close. Both may fail!
close(REFFILE)
|| print "$htmlheader Can't close filehandle for $reffile(r): $!\n";
[...]
print (REFFILE "$date\| $ENV{'REMOTE_HOST'}\| $ENV{'HTTP_USER_AGENT'}\
+|$FORM{'discnt'}\|$FORM{'shipcountry'}\|\n")
|| "$htmlheader Can't write to $reffile(r): $!\n";
Step 2 - Recommended
Use 'or' instead of '||'. Both are 'logical or', but 'or' has a very low precedence allowing you to remove the parenthesis:
my $htmlheader = "Content-type: text/html\n\n";
open REFFILE, '<', $reffile
or print "$htmlheader Can't Open $reffile(r): $!\n";
my(@LINES)=<REFFILE>;
close REFFILE
or print "$htmlheader Can't close filehandle for $reffile(r): $!\n";
$SIZE=@LINES;
open REFFILE, '>', $reffile
or print "$htmlheader Can't Open $reffile(r): $!\n";
print REFFILE "$date\| $ENV{'REMOTE_HOST'}\| $ENV{'HTTP_USER_AGENT'}\|
+$FORM{'discnt'}\|$FORM{'shipcountry'}\|\n"
or "$htmlheader Can't write to $reffile(r): $!\n";;
Step 3 - Suggested
Use lexical variables (e.g. $fh_read, $fh_write) as filehandles. This is a precaution against name conflicts. You may accidentally define/import a function with the same name as one of your filehandles. Have fun debugging that. Lexical filehandles are safe and easy to use. Do yourself a favour and use them.
Additional suggestion: brace file handles '{fh}' when writing to them. It doesn't matter to perl, but it makes the difference between printing a variable and writing to a file handle more obvious.
my $htmlheader = "Content-type: text/html\n\n";
open my $fh_read, '<', $reffile
or print "$htmlheader Can't Open $reffile(r): $!\n";
my(@LINES)=<$fh_read>;
close $fh_read
or print "$htmlheader Can't close filehandle for $reffile(r): $!\n";
$SIZE=@LINES;
open $fh_write, '>', $reffile
or print "$htmlheader Can't Open $reffile(r): $!\n";
print {$fh_write} "$date\| $ENV{'REMOTE_HOST'}\| $ENV{'HTTP_USER_AGENT
+'}\|$FORM{'discnt'}\|$FORM{'shipcountry'}\|\n"
or "$htmlheader Can't write to $reffile(r): $!\n";
more DO IT!
Since you are writing environment variables to your file you should definitely verify their content. At the very least $ENV{'HTTP_USER_AGENT'}, $FORM{'discnt'} and $FORM{'shipcountry'} must be seen as containing something dangerous unless proven otherwise. Simply trusting the user provided data is likely to lead to data corruption sooner or later.
example scrubber for 'shipcountry'
my $shipcountry;
# shipcountry may contain letters, digits, underscores, spaces and das
+hes
# and nothing else
if ($FORM{'shipcountry'} =~ /^([\w -]+)$/) {
$shipcountry = $1;
}
else {
print "$htmlheader Invalid input for shipping country detected!\n";
}
print {$fh_write} "$date\| $ENV{'REMOTE_HOST'}\| $ENV{'HTTP_USER_AGENT
+'}\|$FORM{'discnt'}\|$shipcountry\|\n"
or "$htmlheader Can't write to $reffile(r): $!\n";
|