Mercurial > hg > chronicle
changeset 205:e0ef0f218600
Updated CGI script a little
author | Steve Kemp <steve@steve.org.uk> |
---|---|
date | Mon, 14 Apr 2008 19:07:05 +0100 |
parents | 1d4f3be0e000 |
children | ea4f503f58cc |
files | cgi-bin/comments.cgi |
diffstat | 1 files changed, 10 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/cgi-bin/comments.cgi Mon Apr 14 19:04:14 2008 +0100 +++ b/cgi-bin/comments.cgi Mon Apr 14 19:07:05 2008 +0100 @@ -35,7 +35,10 @@ # -# The directory to store comments in +# The directory to store comments in. +# +# NOTE: This should be writeable to the www-data user, and shouldn't +# be inside your web-root - or you open up a security hole. # # my $COMMENT = "/home/www/comments/"; # @@ -53,12 +56,12 @@ # Get the parameters from the request. # my $cgi = new CGI(); -my $name = $cgi->param('name') || undef; -my $mail = $cgi->param('mail') || undef; -my $body = $cgi->param('body') || undef; -my $id = $cgi->param('id') || undef; +my $name = $cgi->param('name') || undef; +my $mail = $cgi->param('mail') || undef; +my $body = $cgi->param('body') || undef; +my $id = $cgi->param('id') || undef; my $cap = $cgi->param('captcha') || undef; -my $ajax = $cgi->param("ajax") || 0; +my $ajax = $cgi->param("ajax") || 0; # @@ -136,7 +139,7 @@ # Open the file. # my $file = $COMMENT . "/" . $id . "." . $timestr; -$file =~ s/[ \t]//g; +$file =~ s/[^a-z0-9]/_/gi; open( FILE, ">", $file ); print FILE "Name: $name\n";