Processing Form Data in Shell CGI Scripts

Processing Form Data in Shell CGI Scripts

Important: Versions before 11/06/1997 have a security bug.If you downloaded this program before that date, download thecurrent version, and substitute all your copies with this one.

This page presents a little program that will help you processing formdata in a CGI shell script. If you're unfamiliar with Perl and don'twant to write a bulky C program just for a small CGI job, shell scriptCGI programming may be an option. You receive the form values straightinto your shell environment (the names prefixed with "FORM_"), whereyou can then access them just like other shell variables.

I have a different page with the same title, where I present ashell script to do the same jobof extracting form data and feeding it to your script. However,this C program is much faster and easier to use.

Features

• Handles both GET and POST methods transparently.
• Also accepts assignments on the command line (great for testing).
• If the extra pathname features assignments (like /A=trash), it is processed as well.
• Handles '+' (replaced by space) and '%XX' sequences.
• Exports all found variables to the shell environment.
• Can also handle multiline "Textarea" input fields.

Installation

Installation is simple. Just download the C code, proccgi.c, and compile it. Compilationshouldn't be a problem on any system. Copy the resulting executable proccgi to a location of your choice, where it isaccessible to your CGI scripts.

Usage

All you have to do in your shell script is to call

eval "`proccgi $*`"

In some cases, you might need to give the full pathname if it's notfound automatically. After this call, you have everything in your shell.

Be careful to quote the call to proccgi, else shell expansion willtake place, potentially opening security leaks.

Example

This is a very simple example of an automatic software-by-email program.You can fill in your email address and a file name which is thenautomatically mailed to you. Do not, I repeat, do notinstall this piece of code. It would be a major security leak.

The Form

<form action="http://our-server/cgi-stuff/mailer" method="post">
<dl>
  <dt> Your Email <dd> <input name="email" size="50">
  <dt> Filename   <dd> <input name="file"  size="50">
</dl>
<input type="submit" value="Submit">
</form>

The Script

(Install this script in the location you used above in the form's action field.)

#!/bin/sh
eval "`procgi $*`"
mail $FORM_email < $FORM_file
cat - << \END
echo Content-type: text/plain
echo
echo done.
END

As you can see, after the call to proccgi, theemail address from the form is stored in the shell variable $FORM_email,and the file name is in $FORM_file.

Download

Once again, here's a link to download proccgi.c.

The script may be freely used and distributed at no charge provided that thecopyright notice remains at its top.

---

Frank Pilhofer<fp -AT- fpx.de>Back to the Homepage

Last modified: Fri Aug 29 15:34:33 1997