On 04/24/10 21:38, Chris Bennett wrote:
When I run this first time, with no values from form, I get
$article_file being a / when it should be nothing. I just can't see the
error. I have tried variations with \w and dash at beginning and end,
but no go.
Debug shows blank at A, / at B
#!/usr/bin/perl
$VERSION = 1.0.0;
use warnings;
no warnings 'uninitialized';
use strict;
#use Apache::Constants qw(:common);
use Apache::Request();
#use Apache::Cookie();
use MyPerl::Articulator qw(get_template print_template print_text
submit_changes backup_server see_html template_form load_template);
our $debug = 1;
delete $ENV{PATH};
my $r = Apache->request;
my $q = Apache::Request->new($r, POST_MAX => 1000000, DISABLE_UPLOADS =>
1);
my $site_url = "www.example.com";
my $site_directory = "/var/www/htdocs/users/example.com";
my $site_name = "Example!";
my $secure = 1;
my $article_directory = "articles";
undef my $error;
undef my $article_title;
undef my $article_backup_file;
undef my $article_file;
$article_file = $q->param("articlefilename");
if ($debug) { $error .= qq{<p>$article_file</p>};}
$article_file =~ m/^([a-zA-Z0-9_-]*\.html)$/;
$article_file = $1;
if ($debug) { $error .= qq{<p>$article_file</p>};}
$article_backup_file = $article_file;
$article_backup_file =~ s/\.html$/_backup.html/;
undef my $body;
Thanks
Chris Bennett
OK, as per suggestions and adding in another needed part for MultiViews:
my $error = '';
my $article_title ='';
undef my $article_backup_file;
undef my $article_file;
$article_file = $q->param("articlefilename") || '';
if ($debug) { $error .= qq{<p>A $article_file</p>};}
if ($article_file =~ /^([a-zA-Z0-9_-]+\.html.?\w?\w?)$/) {
$article_file = $1;
} else {
$article_file = '';
}
if ($debug) { $error .= qq{<p>B $article_file</p>};}
$article_backup_file = $article_file;
$article_backup_file =~ s/\.html$/_backup.html/;
Is there a better regex for .?\w?\w?
I want a . letter letter not . letter or just two letters etc.
This regex is to prevent read or write access to files up the directory
tree or non html files. There is also a username password for any write
access.
undef my $variable is not a common idiom but is seen in Programming Perl
and other places. Is there any reason I should use my $variable = undef?
More typing. :)
Why was I getting a / back? Is that an artifact from the perl internals?
Thanks