Re: Targeting CGI Output
by "Bryan Bateman" <batemanb(at)home.com>
|
| Date: |
Thu, 2 Nov 2000 04:32:50 -0000 |
| To: |
<dis(at)dozier.com>,
<hwg-basics(at)hwg.org> |
| References: |
hotmail |
| |
todo: View
Thread,
Original
|
|
I will let someone else answer the pop-up question.
You are now allowing ANYONE from ANYWHERE to run that code!!!!!!!!!!!!!!
That is a security hole that must be plugged.
I pulled the following piece of code from a form mail program I have. It
checks that the referer is in an approved list. I have added all the
appropriate URLs and IP addresses for the two sites listed in this post.
----------------------------------------------------------------------------
---------------------------------------------------
@Referers =
('html4rookies.com','htmlgoody.com','208.56.208.10','all-hosts.com','ispchec
ks.com','208.56.193.232');
sub CheckRef
{
my ($valid_referer, @terms);
if ((@Referers) and ($ENV{'HTTP_REFERER'}))
{
foreach $referer (@Referers)
{
if ($ENV{'HTTP_REFERER'} =~ m|http.*?://$referer|i)
{
$valid_referer++;
last;
}
}
}
else {$valid_referer++;}
unless ($valid_referer)
{
@terms = split(/\//,$ENV{'HTTP_REFERER'});
Error
(
'Bad Referer',
"'$ENV{'HTTP_REFERER'}' is not authorised to use this script. If
you want them to be able to,
you should add '$terms[2]' to the referer list."
);
}
}
----------------------------------------------------------------------------
---------------------------------------------------
----- Original Message -----
From: "Larry Dozier" <mr_griz(at)hotmail.com>
To: <hwg-basics(at)hwg.org>
Sent: Thursday, November 02, 2000 1:31 AM
Subject: Targeting CGI Output
> Hi everyone,
>
> I'm trying to develop a form which can be used on sites other than my own
to
> access my database. The results should pop up in a new window.
>
> So far, so good, but I want to specify that the new window not have a
> navigation textbox, be a certain size, can I do this?
>
> My code is below. A working example may be found at
http://html4rookies.com.
> Look for the form which allows you to search for a web host. (on the left)
>
> Thanks,
>
> Griz
>
> <!--BEGIN ALL HOSTS CODE -->
> <form method=post action="http://all-hosts.com/findhost2.cgi" target=new>
> <center>
> <table>
> <TR height=30>
> <TD >
> <font size=3 color=black>
> <b>
> <center>Find A Web Host</center>
> </B>
> <br>
> </font>
>
> <font size=2 face=geneva>
> <b>
> Platform:
> </font>
> <SELECT NAME="platform">
> <OPTION value=0>ANY
>
>
>
>
>
> <OPTION value=1>
> UNIX
> <OPTION value=2>
> NT
> <OPTION value=0>
> OTHER
> </SELECT>
>
> </b>
> </TD>
> </tr>
> <TR height=30>
> <TD>
> <b>
> <font size=2 face=geneva>
> Price:
> </font>
> <SELECT NAME="variable name">
> <OPTION value=0>ANY
>
>
>
>
>
> <OPTION value=1>
> < $5
> <OPTION value=2>
> $5-$10
> <OPTION value=3>
> $10-$20
> <OPTION value=4>
> $20-$30
> <OPTION value=5>
> $30-$40
> <OPTION value=6>
> $40-$50
> <OPTION value=7>
> >
> $50
>
> </SELECT>
>
> </b>
> </TD>
> </tr>
> <TR height=30>
> <TD >
> <b>
> <font size=2 face=geneva>
> Web Space:
> </font>
> <SELECT NAME="variable name">
> <OPTION value=0>
> ALL
> <OPTION value=1>
> < 5MB
> <OPTION value=2>
> 5MB-10MB
> <OPTION value=3>
> 10MB-20MB
> <OPTION value=4>
> 20MB-40MB
> <OPTION value=5>
> 40MB-60MB
> <OPTION value=6>
> 60MB-$100MB
> <OPTION value=7>
> >100MB
>
> </SELECT>
>
> </b>
> </TD>
> </TR>
> <TR height=20>
> <TD>
> <input type="hidden" name="count" value="1">
> <input type="hidden" name="count" value="1">
> <B>
> <CENTER>
> <B>
> <INPUT TYPE="submit" VALUE="SEARCH">
> </B>
> </CENTER>
> </B>
> </TD>
> </TR>
> </table>
> <!--END ALL HOSTS CODE -->
>
>
>
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
>
HTML: hwg-basics mailing list archives,
maintained by Webmasters @ IWA