What's Wrong In This Script? - Someone help me with this script!
I'm having probs with this script. Could someone please look it over and tell me what's wrong?
/\/\/\/\/\/\/\/\/\/\/\/\
#!/usr/bin/
###################################
# put this on the page you want the content of the textfile to appear.#
# Call it like that: <!--#include virtual="smart-insert.cgi?FILE"--> #
# where FILE is#
# the Name of the .txt File, that contains the HTML you want to insert.#
# All Rights Reserved#
##
# This Program is FREE. I don't take any Warranty for any damages of #
# misfunctions, caused by the use of this Script.#
###################################
$footer_dir = "path/to/directory/";
if ($ENV{'REQUEST_METHOD'} eq 'GET') {
$file = $ENV{'QUERY_STRING'};
}
else {
read(STDIN, $file, $ENV{'CONTENT_LENGTH'});
}
print "Content-type:
open(FILE,"<$footer_file") die "Can't open input file!!!";
$content;
while($content = <FILE>)
{
print "$content";
}
close(FILE);
exit;
/\/\/\/\/\/\/\/\/\/\/\/\
When I run the program I get:
Error 302 Moved Temporarily
Powered by Zeus Web Server v3.1.
Now, my question is, should I use <!--#include virtual="smart-insert.cgi?FILE"--> or
<!--#exec cgi="smart-insert.cgi?FILE" -->
You guys may say: 'Is your HTML file renamed to SHTML?' or 'Is the path/filename correct?' or 'Did you chmod the file?'. Well, the answer to all those questions is 'yes'
If anyone can help me, i'd be very grateful.
-steve
(Edited since it's a security hazzard)
Stefen Enns posted this at 01:04 — 2nd July 1999.
He has: 150 posts
Joined: Apr 1999
First of all, the first line of the script should be "#!/usr/bin/perl" or something similar. ("#!/usr/local/bin/perl" may work as well.)
Second, why go to all this trouble to include an HTML file, when you could just use:
<!--#include virtual="/path/to/file.html"-->
HTH
Stefen Enns posted this at 01:10 — 2nd July 1999.
He has: 150 posts
Joined: Apr 1999
I just noticed the instructions say to include the script with:
<!--#include virtual="smart-insert.cgi?FILE"-->
It should be:
<!--#exec cgi="smart-insert.cgi?FILE"-->
HTH
Stefen Enns posted this at 01:16 — 2nd July 1999.
He has: 150 posts
Joined: Apr 1999
*sigh* It's me again.
After fooling around with the script on my system a bit, I would like to discourage the use of it. It is VERY poorly writen, and it can be used by anyone to grab the contents of other files on the server. (In a test, I used it to grab the source code for a Perl script on my system. It worked.)
Just my $0.02
Steve posted this at 02:38 — 2nd July 1999.
They have: 32 posts
Joined: Jun 1999
You mean you got it to work?!?!?!
I have a pretty big site. 3 layouts.... It's a big hassle to update 3 versions of a page, and upload 3 different versions.
I downloaded a 'Footer' program, so I just need to edit a TXT (or HTML) file and each page will be updated. A lot easier.
The problem with that is I'll need to install multiple versions of the same CGI script, for each page.
This one allows me to use a single CGI program, but multiple source files.
I'll keep toying around with it, and hopefully get it to work.
(NOTE: I did NOT make this script
)
Steve posted this at 17:03 — 2nd July 1999.
They have: 32 posts
Joined: Jun 1999
I've ditched the script, and I'm just using <!--#include virtual="/path/to/file.html"-->
That seems to work just fine.
Thanks for your help.
Stefen Enns posted this at 17:54 — 2nd July 1999.
He has: 150 posts
Joined: Apr 1999
I got it to work fairly easily. Just make sure that the perl path at the top of the file is correct, and you have $footer_dir set to the full path of where you store the files you want to include. (You must have a trailing backslash. example: "/home/mypage/html/")
My advice is don't even bother with this script. I fooled around with it a bit on my machine and found it to be very insecure. For example... I run the UBB on my machine. The member profiles are stored in D:/Apache/ultimate/members/. I just had to type:
http://localhost/cgi-bin/smart-insert.cgi?../ultimate/members/admin5.cgi
And the script called up that file and sent all the information in that file to me. Among other things, that file contains the administrator password, which could mean trouble for my board if someone were to get ahold of it...
You're probably better off just using SSI to include the files. (Not only is it more secure, it'll also reduce the server load, as the server won't have to execure the CGI script every time the page is accessed)
JP Stones posted this at 17:59 — 2nd July 1999.
They have: 2,390 posts
Joined: Nov 1998
Bah, I missed out on all the fun.
JP
----------
The Webmaster Promotion and Resource Center.
http://www.what-next.com
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.