Hi guys,

I've got a cgi script written in perl and I'm attempting to write data to a file but it isn't working



Basically I've got this script on my university server running unix, under my account. I've verified the perl address is correct as well.
It's located under the cgi-bin folder and all I need to do is just call http://WWW.....cgi-bin/test/write.cgi (is the name of the file) and it should keep appending the names into a file and then display the result.
I've uploaded an empty data.txt file one level up from the test folder (ie. placed into cgi-bin).
So now when I run the script, absolutely nothing happens to the file and all i get is "test script" printed out (in H4).
I've set every single file permission to 777 (highest possible for every user) and it still doesn't work.

I went and uploaded the same files to my own server and it works fine so now I have no idea what's going on.
Not sure if my script has been written correctly or not, so some help would be most appreciated.

have you tried to use the absoloute path to the file like



This post has been edited by winracer: 12 Oct, 2009 - 06:48 PM

just tried it and it doesn't work

Two side notes here:

1) You should be calling your subs with "print_HTTP_header()" rather than "&print_HTTP_header". Using an & prefix on sub calls is a holdover from Perl 4 and, in addition to no longer being necessary in Perl 5, it has side effects which are generally not what you intended.

2) Good on you for using "-w" to enable warnings, but you should also include "use strict" at the beginning of your code. Stylistically, "use warnings" is generally preferred over "-w", but, in practice, they're generally equivalent, although "use warnings" does give you finer control over what warnings are emitted and where.


This is where you need to start looking for the cause of your problem. One or both of your opens is (presumably) failing, but you don't know which one because you're not checking to see whether they succeed and you don't know why because you're not reporting the error messages when they fail.

Also, although it's not particularly significant when you're using a static filename with no user-entered data, you should get into the habit of using the three-argument form of "open":

The error messages from "die" will be written to the web server's error log by default. That's also where any warnings emitted by your code will be sent, so watching the error log when developing/testing web-based code is extremely valuable. If you don't have (and can't get) read-only access to the error log, you can add "use CGI::Carp qw(fatalsToBrowser);" to your code and the messages from "die" will be sent to your browser. (If this were a real application, it would be important to remove that line before going into production, so that you wouldn't end up telling attackers how to break your code.)

Note that I also used lexical filehandles ($my_file) rather than glob filehandles (MYFILE). Like "use warnings" vs. "-w", either way works as well, but the lexical filehandle is more flexible. Perhaps more importantly, by being non-global, it saves you from having to worry that you might one day start getting strange errors if you use a module which also uses a filehandle called "MYFILE" or "INPUT".

Oh dear. I've been using & to call sub routines because all the examples my lecturer are showing us have an &. Someone's being lazy and not updating his examples it seems...
I overlooked him using capitals when using <HTML> tags instead of lowercase but if there are other things in this course that aren't right...

I used strict; and it threw, mostly, errors saying Global symbol "[something]" requires explicit package name. So I chucked 'my' infront of every single variable, not knowing what it does....and still dont.

Changed how the file is opened.

where errorFunction is


and it's throwing an error saying "Bareword "ERROR" not allowed while "strict subs in use". I don't know how to fix this so i've disabled strict in the mean time.

one more thing:

How do I specify the location of file.cgi from main.html ?

Thanks for the advice. I also found out the file writing issue was due to some strange permission thing due to the university server using apache and the scripts being called under a user called 'apache'.

This post has been edited by blitzfx: 14 Oct, 2009 - 02:44 AM

It's not that uncommon, unfortunately. Perl has been around for 22 years and had a lot of online tutorials published in the mid-90s when CGI and Perl were the backbone of dynamic web content. Most of those examples were sloppy and poorly-engineered at the time and they tend to rely on structures which are obsolete today, but they still run, so the examples continue circulating and promoting obsolete, sloppy, and even grievously insecure practices.

One of the things I like about Perl is its tradition of maintaining backwards compatibility, but this is one area in which the lack of any real deprecation policy has probably harmed the language.


In this immediate case, using strict and declaring your variables properly (with "my", "our", or "use vars" - but "my" is the one you want 99% of the time, so just use that until you hit a case where it won't work for you) protects you from accidentally creating a new variable because of a typo when you meant to access an existing one.

In the broader picture, "my" creates lexically-scoped variables, which is (more or less) just a fancy way of saying variables that stop existing at the end of the block they were defined in:

Like glob-style filehandles, global variables can cause problems that are extremely difficult to debug because changing $x in one part of the program (if it's global) will also change $x in any other parts of the program that use $x, even if they're completely unrelated. Using "my" to create lexical variables protects you against this and using strict ensures that you won't accidentally use globals if you don't really need to.


You forgot the quotes around "ERROR". You might also want to assign the string passed in to a variable and include a description of what went wrong on the error page:



The same way you'd specify it in your browser's address bar. With that type of setup, it would most often be /cgi-bin/file.cgi, but I personally never segregate my code into a separate cgi-bin directory, so it's not something I normally need to deal with.


That's a pretty common practice for limiting the amount of damage that can be done if an attacker is able to compromise the web server process or any subprocesses it might start up (like, say, CGI scripts). Creating the output file (using "touch filename") and then setting it to be world-writable ("chmod a+w filename") should allow the apache user to write to it.

Has no one suggested that the file is not writable?

chmod 666 filename

I had already set the file to chmod 777, and I have already fixed the problem but thanks.


I appreciate the explanation(s) a lot. I found it was almost like java encapsulation where "my $var" is just like "this.var" or setting variables to "private" ensuring nothing else outside it's scope can write to it.

cheers!

No problem - that's what I come here for.

And it's good to hear that you've got your problems sorted out. Welcome to Perl; I hope you like it enough to stay. Happy hacking!

A good tutorial to read is Ovid's CGI Course.