Outcomes Know what are CGI Environment Variables Know how to use environment variables How to process A simple Query Form Able to use URL Encoding rules in your perl program Able to use Split function to extract information Understand what is CGIWRAP

CGI Environment Variables Environment variables is a set of hidden values that Web server sends to every CGI you run. You CGI program can parse them, and use the data you send Environment variables are stored in a hash called %ENV The %ENV hash is automatically set for every CGI, and you can use any or all of it as needed

CGI Environment variables Environment variables are a series of hidden values that the web server sends to every CGI you run. Your CGI can parse them, and use the data they send. Variable Name Value DOCUMENT_ROOT The root directory of your server HTTP_COOKIE The visitor’s cookie, if one is set HTTP_HOST The hostname of your server HTTP_REFERER The URL of the page that called your script HTTP_USER_AGENT The browser type of the visitor HTTPS "on" if the script is being called through a secure server PATH The system path your server is running under QUERY_STRINGThe query string (see GET, below) REMOTE_ADDRThe IP address of the visitor

CGI Environment variables REMOTE_HOST The hostname of the visitor (if your server has reversename-lookups on; otherwise this is the IP address again) REMOTE_PORT The port the visitor is connected to on the web server REMOTE_USERThe visitor’s username (for.htaccess-protected pages) REQUEST_METHOD GET or POST REQUEST_URI The interpreted pathname of the requested document or CGI (relative to the document root) SCRIPT_FILENAME The full pathname of the current CGI SCRIPT_NAME The interpreted pathname of the current CGI (relative to the document root) SERVER_ADMIN The address for your server’s webmaster SERVER_NAME Your server’s fully qualified domain name SERVER_PORT The port number your server is listening on SERVER_SOFTWARE The server software you’re using (such as Apache 1.3)

Examples of useful Environment variables (env.cgi) #!/usr/bin/perl print "Content-type:text/html\n\n"; print <<EndOfHTML; Print Environment EndOfHTML foreach $key (sort(keys %ENV)) { print "$key = $ENV{$key} \n"; } print " ";

DOCUMENT_ROOT = /users/csd/csd/spider/sbu GATEWAY_INTERFACE = CGI/1.1 HTTP_ACCEPT = image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */* HTTP_ACCEPT_LANGUAGE = en-gb HTTP_CACHE_CONTROL = max-age= HTTP_CONNECTION = keep-alive HTTP_HOST = HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) HTTP_VIA = 1.0 cache2-eth0.sbu.ac.uk:8080 (Squid/2.3.STABLE4) HTTP_X_FORWARDED_FOR = unknown PATH = /usr/local/etc/httpd:/sbin:/usr/sbin:/usr/bin PATH_INFO = PATH_TRANSLATED = /users/eee/eee/zhaoza/.public_html/cgi-bin/env.pl QUERY_STRING = REMOTE_ADDR = REMOTE_HOST = cache2-eth0.sbu.ac.uk REMOTE_PORT = 2833 REQUEST_METHOD = GET REQUEST_URI = /cgi-bin/cgiwrap/~zhaoza/env.pl SCRIPT_FILENAME = /usr/local/apache/share/cgi-bin/cgiwrap SCRIPT_NAME = /cgi-bin/cgiwrap/zhaoza/env.pl SERVER_ADDR = SERVER_ADMIN = SERVER_NAME = SERVER_PORT = 80 SERVER_PROTOCOL = HTTP/1.0 zSERVER_SIGNATURE = SERVER_SOFTWARE = Apache/ (Unix)

Remote Host ID (rhost.cgi) #!/usr/bin/perl print "Content-type:text/html\n\n"; print <<EndHTML Hello! Hello! Welcome, visitor from $ENV{'REMOTE_HOST'}! EndHTML

#!/usr/bin/perl print "Content-type:text/html\n\n"; print <<EndHTML Hello! Hello! Welcome, visitor from $ENV{'REMOTE_ADDR'}! EndHTML

Checking Browser Type (browser.cgi) #!/usr/bin/perl print "Content-type:text/html\n\n"; print " Welcome \n"; print " \n"; print "Browser: $ENV{'HTTP_USER_AGENT'} \n"; if ($ENV{'HTTP_USER_AGENT'} =~ /MSIE/) { print "You seem to be using Internet Explorer! \n"; } elsif ($ENV{'HTTP_USER_AGENT'} =~ /Mozilla/) { print "You seem to be using Netscape! \n"; } else {print "You seem to be using a browser other than Netscape or IE. \n"; } print " \n";

A simple Query Form When GET method is used to send data from an HTML form to CGI, the input values from the form are saved in the QUERY_STRING environment variable. In the Get method, the input values from the form are sent as part of the URL. The values ( saved in query_string) appears after the question mark in the URL itself. The query_string is organised in some way called URL encoding.

If I include the form in my html document in the following way Enter some test here My name is When click on the submit query button, the URL should look like this: This+is+a+22%test22%&myname=zhao

URL Encoding rules Values appears immediately after a ? Mark Items(values) are separated by &. For each item(value), the value on the left of = is the actual name of the form field. The value on the right is whatever you typed into the input box. Space is replaced with +. Other special non- alphanumeric characters aer escaped out with a %- code

Normal Character URL Encoded String \t (tab) %09 \n (return) %0A / %2F ~ %7E : %3A ; %40 & %26

Split function In this example $ENV{‘QUERY_STRING’}= sample_text= This+is+a+22%test22%&myname=zhao Example to use split = split(/&/,$ENV{'QUERY_STRING'}); foreach $i { ($varname, $mydata) = split(/=/,$i); print "$varname = $mydata\n"; }

CGIWrap CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms without compromising the security of the http server. Scripts are run with the permissions of the user who owns the script. In addition, several security checks are performed on the script, which will not be executed if any checks fail.