CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX 		Search Posts SEARCH
POSTS 		Who's Online WHO'S
ONLINE 		Log in LOG
IN

Home: Perl Programming Help: Beginner:
A URL validate function... what's wrong?

 


ChicagoOutfit
Novice

Jun 17, 2009, 12:54 PM

Post #1 of 9 (963 views)
A URL validate function... what's wrong? Can't Post
Hi there,
I'm trying to modify our existent "cform.pl" (which we use to have visitors submit forms) to check an array of allowed redirects, before it allows a form to be submitted to us. So, I have created this array:

Code
@allow_redirect_to	= qw(http://www.yahoo.com http://www.google.com);
And I'm trying to test it by calling it with this:

Code
sub check_url_valid { 
	my $val = shift; 
 
	foreach (@allow_redirect_to) { 
		return 1 if ($val eq $_); 
	} 
 
	return 0; 
}
In our form, I have used this as the redirect (which should NOT allow the form to be sent):

Code
<input type="hidden" name="redirect" value="http://www.msn.com">
However, the form is still submitted... though the visitor is not redirected to MSN (instead seeing a listing of what he submitted). On another note, after adding "http://www.msn.com" to "@allow_redirect_to" the visitor still doesn't get redirected to MSN (instead seeing a listing of what he submitted).

So, it appears that my first Perl script is (1) not checking my allowed redirects array and (2) not redirecting properly even when the redirect is in the allowed redirects array.

Any help? Thank you so much in advance,
CO


KevinR
Veteran


Jun 17, 2009, 1:02 PM

Post #2 of 9 (962 views)
Re: [ChicagoOutfit] A URL validate function... what's wrong? [In reply to] Can't Post
The code you posted will work, in that it will return 1 (one) if $val is equal to something in @allow_redirct_to.

Besides that there is no way to tell why your script does not work beyond the very small snippet of code we can see. Post more code.
-------------------------------------------------


ChicagoOutfit
Novice

Jun 17, 2009, 1:27 PM

Post #3 of 9 (957 views)
Re: [KevinR] A URL validate function... what's wrong? [In reply to] Can't Post
That's the point however... it should NOT return "1" in my example, and it is returning "1".

In my example, I am sending the redirect as a $val of http://www.msn.com which is not listed under @allow_redirect_to as something that is acceptable (only http://www.yahoo.com and http://www.google.com are supposed to return "1".

So... my script is not validating that the redirect sent from our form is in @allow_redirect_to.

Any other ideas? The "cform.pl" is 1,648 lines long... I'm not sure I want to clog this post with it all. Am I not being targeted enough with my question?

Thank you!
CO


KevinR
Veteran


Jun 17, 2009, 2:33 PM

Post #4 of 9 (953 views)
Re: [ChicagoOutfit] A URL validate function... what's wrong? [In reply to] Can't Post
Lets run a test of your code:

Code
my @allow_redirect_to	= qw(http://www.yahoo.com http://www.google.com); 
my @urls  = qw(http://www.yahoo.com http://www.google.com http://www.msn.com); 
foreach my $url (@urls) { 
   if (check_url_valid($url) ) { 
      print "$url is Good\n"; 
   } 
   else { 
      print "$url is Bad\n"; 
   } 
} 
sub check_url_valid {  
	my $val = shift;  
  
	foreach (@allow_redirect_to) {  
		return 1 if ($val eq $_);  
	}  
  
	return 0;  
}
output:

http://www.yahoo.com is Good
http://www.google.com is Good
http://www.msn.com is Bad

As I said, this snippet of code it working properly so the problem is elsewhere in your script.
-------------------------------------------------


(This post was edited by KevinR on Jun 17, 2009, 2:34 PM)


ChicagoOutfit
Novice

Jun 17, 2009, 2:44 PM

Post #5 of 9 (948 views)
Re: [KevinR] A URL validate function... what's wrong? [In reply to] Can't Post
Okay,
I think that I see where you're headed... my script is working and I'm just not setting it to do anything properly after it returns "0" ("Bad"). And it continues on its way of submitting the form (where I thought that it should stop).

Instead of returning "0", can I write something at that point in the script that just stops the script from running right at that moment where it returns "0" and prints an error message out like "The submitted redirect is not allowed"?

Because, if the redirect is bad... I don't need to have the script continue to run and check anything else.

Is that possible? Just an immediate stop of the script. Something like:

Code
sub check_url_valid {  
	my $val = shift;  
  
	foreach (@allow_redirect_to) {  
		return 1 if ($val eq $_);  
	}  
  
	Kill script here and print error message 
}
Again, thank you so much in advance!
CO


KevinR
Veteran


Jun 17, 2009, 2:49 PM

Post #6 of 9 (946 views)
Re: [ChicagoOutfit] A URL validate function... what's wrong? [In reply to] Can't Post
Code
sub check_url_valid {   
	my $val = shift;   
   
	foreach (@allow_redirect_to) {   
		return 1 if ($val eq $_);   
	}   
   
	print "Your feet smell like rotten eggs! Go away!"; 
              exit;#<-- terminates script 
}
You must print an http header first though before printing anything else back to the browser so make sure your script is doing that first. Try the above and see if it works. Use your own more appropriate error message. Wink
-------------------------------------------------


(This post was edited by KevinR on Jun 17, 2009, 2:50 PM)


ChicagoOutfit
Novice

Jun 17, 2009, 2:59 PM

Post #7 of 9 (942 views)
Re: [KevinR] A URL validate function... what's wrong? [In reply to] Can't Post
Looks like I'm not not correctly printing an HTTP Header, since I'm getting this when I add your Print (though I changed it a bit Wink and Exit commands):

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Would it be as simple as adding a few print statements, like so:

Code
print "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">"; 
print "<html xmlns="http://www.w3.org/1999/xhtml">"; 
print "<head>"; 
print "<title>UT: Contact Us</title>";
Before and after the code? Or... is there something else that I can add then and there, so as to not get the Internal Server Error?

Know that I'll be PM'ing you a donation for your help. Thanks!
CO


KevinR
Veteran


Jun 17, 2009, 3:04 PM

Post #8 of 9 (940 views)
Re: [ChicagoOutfit] A URL validate function... what's wrong? [In reply to] Can't Post
Something along those lines...

Code
sub check_url_valid {   
	my $val = shift;   
   
	foreach (@allow_redirect_to) {   
		return 1 if ($val eq $_);   
	}   
   print "Content-type: text/html\n\n"; 
   print qq{<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">  
<html xmlns="http://www.w3.org/1999/xhtml">  
<head>  
 <title>UT: Contact Us</title> 
</head> 
<body> 
 <h3>Error!</h3> 
 URL not allowed 
</body> 
</html>}; 
   exit; 
}
-------------------------------------------------


ChicagoOutfit
Novice

Jun 17, 2009, 3:18 PM

Post #9 of 9 (936 views)
Re: [KevinR] A URL validate function... what's wrong? [In reply to] Can't Post
That's a big tip 'o the cap to you, KevinR... thanks so much!

Success,
CO

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives