Problem with CGI::escapeHTML and PerlEx? :: ASPN Mail Archive

Recent Messages
List Archives
About the List
List Leaders
Subscription Options

View Subscriptions
Help

View by Topic
ActiveState
.NET Framework
Open Source
Perl
PHP
Python
Tcl
Web Services
XML & XSLT

View by Category
Database
General
SOAP
System Administration
Tools
User Interfaces
Web Programming
XML Programming
MyASPN >> Mail Archive >> perlex
perlex
Problem with CGI::escapeHTML and PerlEx?
by David Hempy other posts by this author
Oct 8 2004 11:47PM messages near this date
PerlEx future - update | RE: Regarding PerlEx End-of-Life Notification
--=====================_102244439==.ALT
Content-Type: text/plain; charset="us-ascii"


I've got a peculiar problem with my .aspl pages.  If I call CGI::escapeHTML(), I loose my PO
ST parameters on all but the first invocation of the script.  

You can see this in action on these two pages:

This page doesn't call escapeHTML(), and works fine:
http://webtools.ket.org/test/post_good.aspl

This page is identical, except it uses escapeHTML(), and it fails:
http://webtools.ket.org/test/post_bad.aspl




Below is the entire post_bad.aspl file.  post_god.aspl is virtually the same, except for the
 one line that calls escapeHTML().


Any ideas?  I'm working around this, which is no big deal...but I'm worried that I may be tr
eating the symptom (eliminating my use of escapeHTML) without understanding the cause.


<%
        $| = 1; # No output buffering.
        $ENV{PATH}='';
        use strict;
        use CGI;
        my $cgi = new CGI;


        use Data::Dumper;
        print "<pre> Dumping cgi object:\n" . (Dumper($cgi)) . "\n</pre>\n";

        my $id = $cgi-> param('id');
%> 

<html> 
<head> 
        <title> ID is [<%=$id%>]</title>
</head> 

<body> 

        <p>  
                The post_good script does not call CGI::escapeHTML().  <br> 
                You'll find that you can GET and POST 
                values all day long with no troubles.  
        </p> 
        
        <p>  
                The post_bad script calls CGI::escapeHTML().  <br> 
                You'll find that you can GET with no trouble,
                but when you POST data, only the first POST after reloading PerlEx sees any 
post parameters.
        </p> 

        <h1> 
                You entered id=[<%=$id%> ]               
        </h1> 
        
        <p> 
        CGI::escapeHTML($id) yields: [<% print (CGI::escapeHTML($id));  %> ]
        </p> 

        
        <form action="post_bad.aspl" method="post"> 
                <input type="text" name="id" value="<%= $id %> " >
                <input type="submit" value="Via POST">  
        </form>                  
        
        <form action="post_bad.aspl" method="get"> 
                <input type="text" name="id" value="<%= $id %> " >
                <input type="submit" value="Via GET">  
        </form>                  

        <form action="post_bad.aspl" method="get"> 
                <input type="submit" name="reload" value="Reload PerlEx">  
                <%
                        if ($cgi-> param('reload')) {
                                PerlEx::ReloadAll();    
                                print "<i> Reloading all PerlEx instances...</i><br>\n"; 
                        }
                %> 
        </form>                  

        <ul> 
                <li>  <a href="post_good.aspl">post_good.aspl</a> - This version does NOT cal
l escapeHTML </li> 
                <li>  <a href="post_bad.aspl">post_bad.aspl</a> - This version calls escapeHT
ML </li> 
        </ul> 
        
</body> 
</html> 




-- 
David Hempy 
Internet Database Administrator
Kentucky Educational Television 
(859)258-7164  -  (800)333-9764

A firm grip on reality is not a critical component of happiness.


--=====================_102244439==.ALT
Content-Type: text/html; charset="us-ascii"

<html> 
<body> 
<br> 
I've got a peculiar problem with my .aspl pages.&nbsp; If I call
CGI::escapeHTML(), I loose my POST parameters on all but the first
invocation of the script.&nbsp; <br> <br>
You can see this in action on these two pages:<br> <br>
This page doesn't call escapeHTML(), and works fine:<br> 
<a href="http://webtools.ket.org/test/post_good.aspl" eudora="autourl"> http://webtools.ket.o
rg/test/post_good.aspl</a> <br><br>
This page is identical, except it uses escapeHTML(), and it fails:<br> 
<a href="http://webtools.ket.org/test/post_bad.aspl" eudora="autourl"> http://webtools.ket.or
g/test/post_bad.aspl</a> <br><br>
<br> <br>
<br> 
Below is the entire post_bad.aspl file.&nbsp; post_god.aspl is virtually
the same, except for the one line that calls escapeHTML().<br> <br>
<br> 
Any ideas?&nbsp; I'm working around this, which is no big deal...but I'm
worried that I may be treating the symptom (eliminating my use of
escapeHTML) without understanding the cause.<br> <br>
<br> 
&lt;%<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>$| =
1;<x-tab> &nbsp;</x-tab># No output buffering.<br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>$ENV{PATH}='';<br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>use
strict;<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>use
CGI;<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>my $cgi =
new CGI;<br> <br>
<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>use
Data::Dumper;<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>print
&quot;&lt;pre&gt;Dumping cgi object:\n&quot; . (Dumper($cgi)) .
&quot;\n&lt;/pre&gt;\n&quot;;<br> <br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>my $id =
$cgi-&gt;param('id');<br> 
%&gt;<br> <br>
&lt;html&gt;<br> 
&lt;head&gt;<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>&lt;title&gt;ID
is [&lt;%=$id%&gt;]&lt;/title&gt;<br> 
&lt;/head&gt;<br> <br>
&lt;body&gt;<br> <br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>&lt;p&gt;
<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> The
post_good script does not call CGI::escapeHTML().&nbsp; &lt;br&gt;<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> You'll
find that you can GET and POST <br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> values
all day long with no troubles.&nbsp; <br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>&lt;/p&gt;<br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>&lt;p&gt;
<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> The
post_bad script calls CGI::escapeHTML().&nbsp; &lt;br&gt;<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> You'll
find that you can GET with no trouble,<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> but
when you POST data, only the first POST after reloading PerlEx sees any
post parameters.<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>&lt;/p&gt;<br><br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>&lt;h1&gt;<br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> You
entered
id=[&lt;%=$id%&gt;]<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nb
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> <br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>&lt;/h1&gt;<br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>&lt;p&gt;<br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>CGI::escapeHTML($id)
yields: [&lt;% print (CGI::escapeHTML($id));&nbsp; %&gt;]<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>&lt;/p&gt;<br><br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>&lt;form
action=&quot;post_bad.aspl&quot; method=&quot;post&quot;&gt;<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> &lt;input
type=&quot;text&quot; name=&quot;id&quot; value=&quot;&lt;%= $id
%&gt;&quot; &gt;<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> &lt;input
type=&quot;submit&quot; value=&quot;Via POST&quot;&gt; <br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>&lt;/form&gt;<x-tab>&nbsp;</x
-tab> <x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> <br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>&lt;form
action=&quot;post_bad.aspl&quot; method=&quot;get&quot;&gt;<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> &lt;input
type=&quot;text&quot; name=&quot;id&quot; value=&quot;&lt;%= $id
%&gt;&quot; &gt;<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> &lt;input
type=&quot;submit&quot; value=&quot;Via GET&quot;&gt; <br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>&lt;/form&gt;<x-tab>&nbsp;</x
-tab> <x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> <br><br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>&lt;form
action=&quot;post_bad.aspl&quot; method=&quot;get&quot;&gt;<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> &lt;input
type=&quot;submit&quot; name=&quot;reload&quot; value=&quot;Reload
PerlEx&quot;&gt; <br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> &lt;%<br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> <x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x
-tab> if
($cgi-&gt;param('reload')) {<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> <x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x
-tab> <x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>PerlEx::ReloadAll();<x-t
ab> &nbsp;&nbsp;&nbsp;&nbsp;</x-tab><br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> <x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x
-tab> <x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>print
&quot;&lt;i&gt;Reloading all PerlEx
instances...&lt;/i&gt;&lt;br&gt;\n&quot;;<x-tab> &nbsp;</x-tab><br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> <x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x
-tab> }<br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> %&gt;<br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>&lt;/form&gt;<x-tab>&nbsp;</x
-tab> <x-tab>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> <br><br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>&lt;ul&gt;<br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> &lt;li&gt;
&lt;a href=&quot;post_good.aspl&quot;&gt;post_good.aspl&lt;/a&gt; - This
version does NOT call escapeHTML &lt;/li&gt;<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><x-tab>&nbsp;&nbsp;&nbsp;&nbs
p;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab> &lt;li&gt;
&lt;a href=&quot;post_bad.aspl&quot;&gt;post_bad.aspl&lt;/a&gt; - This
version calls escapeHTML &lt;/li&gt;<br> 
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab>&lt;/ul&gt;<br>
<x-tab> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</x-tab><br>
&lt;/body&gt;<br> 
&lt;/html&gt;<br> <br>
<br> 
</body> 
<br> 
<br> 
<div> -- </div>
<div> David Hempy </div>
<div> Internet Database Administrator</div>
<div> Kentucky Educational Television </div>
<div> (859)258-7164&nbsp; -&nbsp; (800)333-9764</div>
<br> 
<div> A firm grip on reality is not a critical component of
happiness.</div> 
<br> 
</html> 

--=====================_102244439==.ALT--
Attachments:
unknown1