Well, being kind of a "CGI guy", you might expect that I would take the time to look over this code. As usual, it has many issues. You can see Lesson 2 of my online CGI course for more information, or check out use CGI or die;. You've made most of the common errors.

    if ($ENV{'REQUEST_METHOD'} eq 'GET') {
        @pairs = split(/&/, $ENV{'QUERY_STRING'});

    } elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
        read (STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
        @pairs = split(/&/, $buffer);
[download]

Are you aware that the semicolon ';' is an alternate delimeter for name/value pairs? Also, what happens if there is a problem with $ENV{'CONTENT_LENGTH'} not matching the actual data length? You need to test for that or risk occassionally having corrupted data. Also, you may also want a test if the read is successful.

        ## REMOVE poison NULL 
        $key =~ s/\0//g;
        $value =~ s/\0//g;
        ## Clean characters to remove weird stuff
        my $allowedCHARS = 'a-zA-Z0-9\!\"\#\$\%\&\'\(\)\*\+\,\-\.\/\:\
+;\<\=\>\?\@\[\\\]\^\_\`\{\|\}\~';
        $key =~ s/[^$allowedCHARS]//gi;
        $value =~ s/[^$allowedCHARS]//gi;
[download]

I see where you are going with removing ASCII zero and "dangerous" characters, but this limits the flexibility of your code. What if someone really needs these characters to be uploaded? What are their options?

• Strip out this part of your code, which could affect the code of other programmers (this is an example of non-orthogonal code -- a big NO NO).
• Replicate this code elsewhere and strip out the regex. Now we need to synchronize two virtually identical sections of code. That's another big NO NO!
• Use CGI.pm or CGI::Lite. That's the proper way to go.

        $key =~s/<!--(.|\n)*-->//g;
[download]

Aaagh!!!! I get tired of seeing this. The real purpose of this is to strip out SSIs from incoming data, in case this data gets written out to a Weg page that someone else might call up. The reality is, it's a horrible regex (dot star, alternation on single characters, and will slurp up multiple SSI's or HTML Comments and anything in between. Plus, what if someone wants HTML comments or SSI's to be submitted? Again, you have the non-orthogonal code issue. See list above.

###=== Begin Cosmetic/Functionality addition ========
        ## REMOVE LEADING BLANKS
        $key =~ s/^\s*//;

        ## REMOVE TRAILING BLANKS
        $key =~ s/\s*$//;
###=== End Cosmetic/Functionality addition ==========
[download]

No. What if someone wants the extra whitespace? Non-orthogonal.

        if ($formdata{$key}) {
            $formdata{$key} .= ", $value";
        } else {
            $formdata{$key} = $value;
        }
[download]

The intent of your code is to have them do something like this:

my @values = split /, /, $formdata{ $somekey };
[download]

Hmmm... what happens if some enters a value with a comma and space? That's right, they think they have an extra value.

Of course, your code doesn't handle file uploads, either, but that's a whole 'nother ball of wax.

I'm sorry, but this is terrible cargo-cult code. Your heart is in the right place, but this code is terrible.

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

---

---

• Are you posting in the right place? Check out Where do I post X? to know for sure.
• Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:

  <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>

• Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
• Want more info? How to link or How to display code and escape characters are good places to start.