$24
Lab 9: CGI Solution
Introduction
Lab 9 is a simple example of CGI. Your CGI Perl script will be called from a HTML file that will be provided to you. The HTML page will present the user with a form field, the contents of which will be passed to the CGI script as one or two parameters. Your CGI script will examine the parameters, ensure the parameters are correct and safe (“scrubbed”). cal.cgi will then call “/usr/bin/cal -h PARAMETERS" with those scrubbed parameters and display its output. You should see the parameters in a H1 header and the output from cal as preformatted text.
Perl will be run in “taint” mode by using the “-T” parameter on the #!/usr/bin/perl line. In “taint” mode, Perl will not permit a value received from outside of the script to be simply passed as parameters to a program being called. This is a security feature. We will satisfy Perl’s “taint” mode by extracting the parameters using regular expressions, which removes the “taint” from the parameters.
Requirements
For this assignment, you will place your lab files in your very own web documents folder, located on icarus at ~/public_html. Your PERL CGI script shall be named ~/public_html/cal.cgi and be marked executable and readable by group and world (chmod 755). Your CGI script will be called by an HTML file, cal.html. Templates for both files are located in
/var/classes/cs3030/lab9/templates.
You will copy cal.html as-is to ~/public_html and chmod it 755. You will add code to cal.cgi that verifies that the parameters are valid, and then the template will call
/bin/cal -h PARAMETERS
where PARAMETERS are the “scrubbed” and verified parameters passed in by the user.
You will test your work by accessing your web page using a web browser: http://icarus.cs.weber.edu/~USERNAME/cal.html, where USERNAME is your icarus username.
Specific Requirements
Your cal.cgi script should accept a parameter passed in by cal.html that may be of three forms ONLY:
YYYY: A single 1-4 digit number from 1-9999: cal will print all twelve months of that year
MM YYYY: a 1-2 digit month from 1-12 followed by a 1-4 digit year from 1-9999
Mon YYYY: a 3 or more case-insensitive character prefix of a valid month January-December followed by a 1-4 digit year from 1-9999
Extract ONLY valid parameters and set the $date variable equal to the parameters. If the parameters are invalid set $date to “” (empty string). If the parameters are blank, set $date to a single space “ ”.
Cal should always produce output. The job of your CGI is to guarantee that the parameters are one of the three forms listed above.
!1 of !4
CS 3030 Scripting Languages
Lab 9: CGI
Helpful Hints
Examples of valid parameters:
Parameter(s)
Action taken by /bin/cal
whitespace, meaning nothing at all
Displays the current month and year
2905
Displays the entire year 2095
192
Displays the entire year 192
Janua 2002
Displays January 2 (January, year 2002)
OCT 2003
Displays Oct 2003
OcToBeR 2003
Displays Oct 2003
3 2004
Displays Mar 2004
12 7
Displays Dec 7 (December, year 0007)
Examples of invalid parameters (and if invalid, the current month and year are displayed):
Parameter(s)
Reason why it is invalid
13 4
If there are two parameters, the first must be the month
and 13 is an invalid month. Numeric months are 1-12
de 2014
de is not a valid month. Alpha character months must
be 3 or more case-insensitive character prefixes of a
valid month January-December
12345
If a single parameter is entered, it is a year, which must
be = 1 and <= 9999
Ap
If a single parameter is entered, it is a year and must be
numeric
Run cucumber to determine your grade
tar xvf /var/classes/cs3030/lab9/cuke.tar
./cucumber -s
!2 of !4
CS 3030 Scripting Languages
Lab 9: CGI
Files
For this lab you will have created folder lab9 and the following executable files, which must be placed in your ~/public_html folder for grading:
cal.cgi
cal.html
