Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Previous Chapter 2
Input to the Common Gateway Interface
Next
 

2.4 Extra Path Information

Besides passing query information to a CGI script, you can also pass additional data, known as extra path information, as part of the URL. The extra path information depends on the server knowing where the name of the program ends, and understanding that anything following the program name is "extra." Here is how you would call a script with extra path information:

https://some.machine/cgi-bin/display.pl/cgi/cgi_doc.txt

Since the server knows that display.pl is the name of the program, the string "/cgi/cgi_doc.txt" is stored in the environment variable PATH_INFO. Meanwhile, the variable PATH_TRANSLATED is also set, which maps the information stored in PATH_INFO to the document root directory (e.g., /usr/local/etc/httpd/ public/cgi/cgi-doc.txt).

Here is a CGI script--display.pl--that can be used to display text files located in the document root hierarchy:

#!/usr/local/bin/perl
$plaintext_file = $ENV{'PATH_TRANSLATED'};
print "Content-type: text/plain", "\n\n";
if ($plaintext_file =~ /\.\./) {
    print "Sorry! You have entered invalid characters in the filename.", "\n";
       print "Please check your specification and try again.", "\n";
} else {
    if (open (FILE, "<" . $plaintext_file)) {
        while (<FILE>) {
             print;
        }
        close (FILE);
    } else {
        print "Sorry! The file you specified cannot be read!", "\n";
          }
}
exit (0);

In this example, we perform a simple security check. We make sure that the user didn't pass path information containing "..". This is so that the user cannot access files located outside of the document root directory.

Instead of using the PATH_TRANSLATED environment variable, you can use a combination of PATH_INFO and DOCUMENT_ROOT, which contains the physical path to the document root directory. The variable PATH_TRANSLATED is equal to the following statement:

$path_translated = join ("/", $ENV{'DOCUMENT_ROOT'}, $ENV{'PATH_INFO'};

However, the DOCUMENT_ROOT variable is not set by all servers, and so it is much safer and easier to use PATH_TRANSLATED.


Previous Home Next
Accessing Form Input Book Index Other Languages Under UNIX

 
 
  Published under free license. Design by Interspire