3

我正在使用以下代码连接到运行 HTML 页面的服务器:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
  <meta name="generator" content=
  "HTML Tidy for Linux/x86 (vers 1st February 2005), see www.w3.org">

  <title>Calculator</title>
  <link type="text/css" rel="stylesheet" href="mystyle.css">
</head>

<body>
  <h1>Calculator</h1>

  <p>This is a calculator form that uses a CGI script.</p>

  <form method="post" action="./cgi-bin/badcalc.pl">
    Expression <input type="text" name="exp" size="10"> 
    <input type="submit" value="Calculate">
    <input type="reset">
  </form><br>

  <p>The cgi script that does the calculation may be viewed <a href=
  "cgi-bin/code2html.pl?file=badcalc.pl">here</a>.</p>
</body>
</html>

这链接到包含代码的 Perl 文件:

#!/usr/bin/perl

use strict;
use warnings;
use Safe; #using Sandbox
use CGI;
use HTML::Entities; #For encoding the output

my $query = new CGI;
my $exp = $query->param('exp');

print $query->header,
      $query->start_html(-title=>'Fixed calculator',
                    -style=>{'src' => '../mystyle.css'},
                -target=>'_blank'),
    $query->h1('Fixed calculator');

my $compartment = Safe->new();

##Defining a new sandbox
$compartment->permit_only(qw(atan2 sin cos exp log sqrt :default )); #Defines te functions that are permitted for execution
my $result = $compartment->reval($exp) or die("Error: ".$@);

#Execute the calculation, if input is trapped or an error occurs, die and print to log
if (defined $result)
{
    print "<br> ".encode_entities($exp)." = " encode_entities($result).""; ##Encodes the output to ensure that there is no problems on the page
}else
{
    print "<br> Oh dear! That input is not allowed or has been incorrectly formatted.\n"; #Makes error message suitable
}
print $query->end_html;

与旧版本(使用 eval() 而不是 reval())相比,这应该执行简单的计算并提供更高的安全性,但是当我尝试执行像 1+1 这样的简单计算时,它会返回一个内部服务器错误,并且错误日志位于下方。

Can't locate HTML/Entities.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.14.2 /usr/local/share/perl/5.14.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.14 /usr/share/perl/5.14 /usr/local/lib/site_perl .) at /home/1001542/public_html/cgi-bin/badcalc.pl line 10. BEGIN failed--compilation aborted at /home/1001542/public_html/cgi-bin/badcalc.pl line 10. [Mon May 06 10:58:05 2013] [error] [client 10.0.0.25] Premature end of script headers: badcalc.pl, referer: http://10.0.0.3/~1001542/calc.html

第 10 行是“使用 HTML::Entities;”。

有什么帮助吗?

**编辑* * 原始的 Perl 文件工作得很好,很奇怪。代码:

#!/usr/bin/perl

use strict;
use warnings;

use CGI;


my $query = new CGI;


my $exp = $query->param('exp');


print $query->header,
      $query->start_html(-title=>'Broken calculator',
                     -style=>{'src' => '../mystyle.css'},
                 -target=>'_blank'),
      $query->h1('Broken calculator');


my $result = eval($exp);
if (defined $result)
{
    print "<br> $exp = $result";
}else
{
    print "<br> oops! $@";
}

print $query->end_html;

再次编辑** 我使用我的大学提供的服务器来执行此操作,但现在已将其设置在我自己的虚拟机的 apache 服务器上。如果我修复它,我会回复给大家。

4

2 回答 2

15

I managed to sort it myself.

As I was using the server provided by my university I had no access to install the required module (HTML::Entities).

I decided to then set up the required module on my own Apache web server on a virtual machine and managed to get it working this way after sorting out some syntax/spelling errors.

The way I installed the HTML::Entities module was through the synaptic package manager, just by searching libhtml-parser-perl the module was found and installed. I restarted Apache and the VM just in case that was required.

Thanks for everybody's input!

于 2013-05-06T11:59:46.983 回答
0

The CGI module's escapeHTML does the same thing.

于 2013-05-06T11:07:08.547 回答