running a shell script via cgi web interface

Dennis Premium,Mod join:2001-01-26 Algonquin, IL ·AT&T Yahoo Host: Chicago Users Find Hot Deals Users find Hot Dea.. Requests for Hot D.. Home Repair & Impr.. 1 edit	reply to nwrickert Re: running a shell script via cgi web interface said by nwrickert : The above however did not work... You should be using `echo "$input" > /tmp/router.txt` The quoting prevents reparsing of `"$input"`. If you just want to write all of stdin to a file, then `cat - > /tmp/router.txt` should accomplish that. Sure why not...when in doubt quotes won't hurt eh? :) oh and btw a much better way of doing what I did above is this: read "email" < /tmp/email2.txt My Blog. Because I desperately need the acknowledgement of others. Visit the Judd Family website to see my kids!
	to forum · permalink · · 2009-06-03 14:07:54 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to Dennis The above however did not work... You should be using `echo "$input" > /tmp/router.txt` The quoting prevents reparsing of `"$input"`. If you just want to write all of stdin to a file, then `cat - > /tmp/router.txt` should accomplish that. -- AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.10
	to forum · permalink · · 2009-06-02 18:58:32 ·
Dennis Premium,Mod join:2001-01-26 Algonquin, IL ·AT&T Yahoo Host: Chicago Users Find Hot Deals Users find Hot Dea.. Requests for Hot D.. Home Repair & Impr..	reply to Dennis woo hoo....successs. I was able to import a text file as a variable in a test script (not at my work computer right now) imacs-imac-2:~ imac$ cat foo.txt connor imacs-imac-2:~ imac$ cat foo.sh #!/bin/sh read input \| cat foo.txt echo $input imacs-imac-2:~ imac$ sh foo.sh connor ^C -- My Blog. Because I desperately need the acknowledgement of others. Visit the Judd Family website to see my kids!
	to forum · permalink · · 2009-06-02 18:30:11 ·
Dennis Premium,Mod join:2001-01-26 Algonquin, IL ·AT&T Yahoo Host: Chicago Users Find Hot Deals Users find Hot Dea.. Requests for Hot D.. Home Repair & Impr..	reply to Dennis If only there was some way for me to read that text file back into a variable.... read input #echo "Content-type: text/plain" echo $input > /tmp/router.txt cut -d= -f2 /tmp/router.txt > /tmp/router2.txt cat /tmp/router2.txt > $1 The above however did not work....:( -- My Blog. Because I desperately need the acknowledgement of others. Visit the Judd Family website to see my kids!
	to forum · permalink · · 2009-06-02 18:07:15 ·
Dennis Premium,Mod join:2001-01-26 Algonquin, IL ·AT&T Yahoo Host: Chicago Users Find Hot Deals Users find Hot Dea.. Requests for Hot D.. Home Repair & Impr.. 3 edits	reply to LarryWall well I tried changing the variables, but got these errors /usr/local/apache/dennis.sh: -n: is not an identifier [Tue Jun 2 16:07:20 2009] [error] [client xxx.xxx.xxx.xxx] Premature end of script headers: /usr/local/apache/dennis.sh tried to echo it out into a test file but no joy so the syntax must be off #!/bin/sh #Read HTTP POST contents into $HTTP_POST read -n $CONTENT_LENGTH HTTP_POST echo $HTTP_POST > /tmp/test.txt update: I did just get this to work.... read input echo "Content-type: text/plain" echo $input > /tmp/echo.txt gave me... 25# cat /tmp/echo.txt NAME=router2.clli -- My Blog. Because I desperately need the acknowledgement of others. Visit the Judd Family website to see my kids!
	to forum · permalink · · 2009-06-02 17:09:00 ·
LarryWall @no-ptr.set	reply to Sir Meowmix III You also want to make sure you do input validation on user-supplied data. Something like: die unless ($input =~ m/[a-z0-9/i); The above is PERL that only allows alpha-numeric characters. Nothing like OS command injection to get your web server 0wned.
	to forum · permalink · 2009-06-02 14:01:46 ·
pablo2525 join:2003-06-23 ·TekSavvy Solutions..	reply to Dennis Howdy, Ugh, my writing wasn't especially clear. I'm sorry. Let me try again. In /etc/apache2/vhosts.d, my `conf' file has the above entry. In my case, I created a random file named `hostname`.conf baseed on `vhost.template' My distribution is openSUSE but I figure the above is true in most (all?) apache installations. Of course the root pathing may be different. I hope the above helps. Cheers, -- pablo openSUSE 11.0;KDE ISP: TekSavvy DSL; backhauled via a 6KM wireless link
	to forum · permalink · · 2009-06-02 13:27:01 ·
Sir Meowmix III	reply to Dennis s/and it's delimited with a QUERY_STRING/and it's not delimited with a QUERY_STRING/g
	to forum · permalink · 2009-06-02 11:08:48 ·
Sir Meowmix III	reply to Dennis Dennis - Glad to help, please post a picture (kidding) ;) I've not done CGI in a VERY long time, so you might want to do some testing to ensure that $HTTP_POST only contains the content of the POST itself and it's delimited with a QUERY_STRING style syntax. Ideally, your new code would be similar to below, assuming additional parsing of $HTTP_POST isn't necessary: #!/bin/sh echo "Content-type: text/plain" #Read HTTP POST contents into $HTTP_POST read -n $CONTENT_LENGTH HTTP_POST echo touch /tmp/$HTTP_POST_log.txt chmod 777 /tmp/$HTTP_POST_log.txt touch /tmp/$HTTP_POST_cmd.txt chmod 777 /tmp/$HTTP_POST_cmd.txt echo copy run $HTTP_POST.cnf force > /tmp/$HTTP_POST_cmd.txt echo copy $HTTP_POST.cnf binconfs:/$HTTP_POST.cnf force >> /tmp/$HTTP_POST_cmd.txt echo sh conf exclu int atm \> $HTTP_POST_base.scr >> /tmp/$HTTP_POST_cmd.txt echo copy $HTTP_POST_base.scr binconfs:/$HTTP_POST_base.scr force >> /tmp/$HTTP_POST_cmd.txt echo sh conf cat int exclu int gig exclu int fa \> $HTTP_POST_atm.scr >> /tmp/$HTTP_POST_cmd.txt echo copy $HTTP_POST_atm.scr binconfs:/$HTTP_POST_atm.scr force >> /tmp/$HTTP_POST_cmd.txt
	to forum · permalink · 2009-06-02 11:07:37 ·
Dennis Premium,Mod join:2001-01-26 Algonquin, IL ·AT&T Yahoo Host: Chicago Users Find Hot Deals Users find Hot Dea.. Requests for Hot D.. Home Repair & Impr..	reply to Sir Meowmix III said by Sir Meowmix III : $HTTP_POST is arbitrary, it was a declared variable from the 'read' statement I posted earlier. If you're going to use $HTTP_POST be sure to use the 'read' statement as well. Ok, you mean to make sure I use it in the shell script...right? I should have mentioned that I know nothing earlier I'm trying to learn but really I'm trying to learn to run before walking.... -- My Blog. Because I desperately need the acknowledgement of others. Visit the Judd Family website to see my kids!
	to forum · permalink · · 2009-06-02 11:02:35 ·
Sir Meowmix III	reply to Dennis $HTTP_POST is arbitrary, it was a declared variable from the 'read' statement I posted earlier. If you're going to use $HTTP_POST be sure to use the 'read' statement as well.
	to forum · permalink · 2009-06-02 10:52:38 ·
Dennis Premium,Mod join:2001-01-26 Algonquin, IL ·AT&T Yahoo Host: Chicago Users Find Hot Deals Users find Hot Dea.. Requests for Hot D.. Home Repair & Impr.. 2 edits	reply to nwrickert said by nwrickert : Those touches in the beginning....never happen. That's probably because "$1" is undefined. ....ok well so if that's the case then if the touches are indeed happening, there must be frament files in the /tmp directory... 49# ls -las /tmp/*.txt 16 -rwxrwxrwx 1 nobody nogroup 219 Jun 2 09:28 /tmp/_cmd.txt 0 -rwxrwxrwx 1 nobody nogroup 0 Jun 2 09:28 /tmp/_log.txt so yeah, ok.....the variable must not be passing. So $1 is just a cli variable, and $HTTP_POST would be necessary in its stead. I'll try that and see what happens. -- My Blog. Because I desperately need the acknowledgement of others. Visit the Judd Family website to see my kids!
	to forum · permalink · · 2009-06-02 10:31:03 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL	reply to Dennis Those touches in the beginning....never happen. That's probably because "$1" is undefined. -- AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.10
	to forum · permalink · · 2009-06-02 10:02:38 ·
Sir Meowmix III	reply to Dennis Something like: read -n $CONTENT_LENGTH HTTP_POST Where $HTTP_POST needs to be used instead of $1 in your code.
	to forum · permalink · 2009-06-02 10:00:56 ·
Sir Meowmix III	reply to Dennis I think the issue is that the value you're passing via HTTP post is not inserted into $1, like it would be if it were called from the CLI. You need to accept the HTTP POST in a different way. quote: For forms that use METHOD="POST", CGI specifications say that the data is passed to the script or program in the standard input stream (stdin), and the length (in bytes, i.e. characters) of the data is passed in an environment variable called CONTENT_LENGTH. So you need to read from STDIN, assign it to a variable, and use it instead of $1. See »www.tcl.tk/man/aolserver3.0/cgi-ch4.htm
	to forum · permalink · 2009-06-02 09:55:51 ·
Dennis Premium,Mod join:2001-01-26 Algonquin, IL ·AT&T Yahoo Host: Chicago Users Find Hot Deals Users find Hot Dea.. Requests for Hot D.. Home Repair & Impr..	reply to pablo2525 said by pablo2525 : I made the following modification to my `vhosts.d' `conf' file: I don't have a "vhosts.d" file...only a httpd.conf one which seems to have something similar # To use CGI scripts: # #AddHandler cgi-script .cgi # -- My Blog. Because I desperately need the acknowledgement of others. Visit the Judd Family website to see my kids!
	to forum · permalink · · 2009-06-02 09:46:01 ·
Dennis Premium,Mod join:2001-01-26 Algonquin, IL ·AT&T Yahoo Host: Chicago Users Find Hot Deals Users find Hot Dea.. Requests for Hot D.. Home Repair & Impr.. 1 edit	reply to Sir Meowmix III well, here is the jist of the code...at least the part I am having problems with. I have to remove some bits of it since it's for work and all... here's teh cgi: #!/usr/local/bin/perl print "Content-type: text/html\n\n" ; print <<EOF ; <html> <FORM METHOD=POST ACTION="dennis.sh"> <P><FONT COLOR="#ddd20f" FACE="Trebuchet MS"><B>Enter data to pass to script below </B></FONT><BR> <INPUT NAME="NAME" TYPE="text" SIZE="25" VALUE="enter your data here"><BR> </FONT</P> <P> <center><INPUT TYPE=submit VALUE="Send"> </center> </p> </FORM> </html> EOF exit ; and here is the shell script called dennis.sh cat dennis.sh #!/bin/sh echo "Content-type: text/plain" echo touch /tmp/$1_log.txt chmod 777 /tmp/$1_log.txt touch /tmp/$1_cmd.txt chmod 777 /tmp/$1_cmd.txt echo copy run $1.cnf force > /tmp/$1_cmd.txt echo copy $1.cnf binconfs:/$1.cnf force >> /tmp/$1_cmd.txt echo sh conf exclu int atm \> $1_base.scr >> /tmp/$1_cmd.txt echo copy $1_base.scr binconfs:/$1_base.scr force >> /tmp/$1_cmd.txt echo sh conf cat int exclu int gig exclu int fa \> $1_atm.scr >> /tmp/$1_cmd.txt echo copy $1_atm.scr binconfs:/$1_atm.scr force >> /tmp/$1_cmd.txt Those touches in the beginning....never happen. I works just fine when I do it from the cli of course...but not via apache. I originally added them in order try and fix this problem but tit seems they don't. And of course the $1 is the variable I'm passing. When I have it use a pre-existing file (which won't work for me, was only for testing) then this is the ownership I get. ls -las /tmp/status_out.txt 16 -rwxrwxrwx 1 nobody nogroup 7287 Jun 1 17:04 /tmp/status_out.txt -- My Blog. Because I desperately need the acknowledgement of others. Visit the Judd Family website to see my kids!
	to forum · permalink · · 2009-06-02 09:18:39 ·
pablo2525 join:2003-06-23 ·TekSavvy Solutions..	reply to Dennis I'm running `sh' scripts as CGI's without any issue. I made the following modification to my `vhosts.d' `conf' file: apache code: ... AddHandler cgi-script sh </Directory> and my shell scripts have to end with `.sh' To get around having to parse input, I symlink to the actual script as follows: base name + _ + switch The shell script itself tears $0 apart to find out the switch to use. Cheers, -- pablo openSUSE 11.0;KDE ISP: TekSavvy DSL; backhauled via a 6KM wireless link
	to forum · permalink · · 2009-06-01 22:34:07 ·
Sir Meowmix III @windstream.net	reply to Dennis I believe that 'nobody' should be able to write to /tmp without issue, would you mind sharing the code here? I'm assuming it's written in Bash? How are you handling, in the code, the HTTP POST/GET? How are you sure it's working correctly, are you able to echo it back and see it? Are you correctly reading the CGI input from stdin?
	to forum · permalink · 2009-06-01 21:16:03 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to Dennis I am not aware of any problem with that. I'm pretty sure I am using some shell scripts for cgi, though I don't recall whether they write to files. Do your web server logs provide any useful information? -- AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.10
	to forum · permalink · · 2009-06-01 20:33:20 ·


Tuesday, 01-Dec 20:32:25	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF