Advertisement
metalx1000

Basic CGI Form data submit - post & get - webserver

Oct 5th, 2014
536
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 3.23 KB | None | 0 0
  1. #!/bin/bash
  2. echo -e "Content-type: text/html\n\n"
  3. cat <<EOF
  4. <html>
  5. <body>
  6. <form action="?foo=1234" method="POST" enctype="application/x-www-form-urlencoded">
  7. bar: <input type="text" name="bar"><br/>
  8. foobar: <textarea name="foobar"></textarea></br>
  9. <input type="submit">
  10. </form>
  11. EOF
  12.  
  13.  
  14. # (internal) routine to store POST data
  15. function cgi_get_POST_vars()
  16. {
  17.     # check content type
  18.     # FIXME: not sure if we could handle uploads with this..
  19.     [ "${CONTENT_TYPE}" != "application/x-www-form-urlencoded" ] && \
  20.     echo "bash.cgi warning: you should probably use MIME type "\
  21.          "application/x-www-form-urlencoded!" 1>&2
  22.     # save POST variables (only first time this is called)
  23.     [ -z "$QUERY_STRING_POST" \
  24.       -a "$REQUEST_METHOD" = "POST" -a ! -z "$CONTENT_LENGTH" ] && \
  25.         read -n $CONTENT_LENGTH QUERY_STRING_POST
  26.     # prevent shell execution
  27.     local t
  28.     t=${QUERY_STRING_POST//%60//} # %60 = `
  29.     t=${t//\`//}
  30.     t=${t//\$(//}
  31.     t=${t//%24%28//} # %24 = $, %28 = (
  32.     QUERY_STRING_POST=${t}
  33.     return
  34. }
  35.  
  36. # (internal) routine to decode urlencoded strings
  37. function cgi_decodevar()
  38. {
  39.     [ $# -ne 1 ] && return
  40.     local v t h
  41.     # replace all + with whitespace and append %%
  42.     t="${1//+/ }%%"
  43.     while [ ${#t} -gt 0 -a "${t}" != "%" ]; do
  44.     v="${v}${t%%\%*}" # digest up to the first %
  45.     t="${t#*%}"       # remove digested part
  46.     # decode if there is anything to decode and if not at end of string
  47.     if [ ${#t} -gt 0 -a "${t}" != "%" ]; then
  48.         h=${t:0:2} # save first two chars
  49.         t="${t:2}" # remove these
  50.         v="${v}"`echo -e \\\\x${h}` # convert hex to special char
  51.     fi
  52.     done
  53.     # return decoded string
  54.     echo "${v}"
  55.     return
  56. }
  57.  
  58. # routine to get variables from http requests
  59. # usage: cgi_getvars method varname1 [.. varnameN]
  60. # method is either GET or POST or BOTH
  61. # the magic varible name ALL gets everything
  62. function cgi_getvars()
  63. {
  64.     [ $# -lt 2 ] && return
  65.     local q p k v s
  66.     # prevent shell execution
  67.     t=${QUERY_STRING//%60//} # %60 = `
  68.     t=${t//\`//}
  69.     t=${t//\$(//}
  70.     t=${t//%24%28//} # %24 = $, %28 = (
  71.     QUERY_STRING=${t}
  72.     # get query
  73.     case $1 in
  74.     GET)
  75.         [ ! -z "${QUERY_STRING}" ] && q="${QUERY_STRING}&"
  76.         ;;
  77.     POST)
  78.         cgi_get_POST_vars
  79.         [ ! -z "${QUERY_STRING_POST}" ] && q="${QUERY_STRING_POST}&"
  80.         ;;
  81.     BOTH)
  82.         [ ! -z "${QUERY_STRING}" ] && q="${QUERY_STRING}&"
  83.         cgi_get_POST_vars
  84.         [ ! -z "${QUERY_STRING_POST}" ] && q="${q}${QUERY_STRING_POST}&"
  85.         ;;
  86.     esac
  87.     shift
  88.     s=" $* "
  89.     # parse the query data
  90.     while [ ! -z "$q" ]; do
  91.     p="${q%%&*}"  # get first part of query string
  92.     k="${p%%=*}"  # get the key (variable name) from it
  93.     v="${p#*=}"   # get the value from it
  94.     q="${q#$p&*}" # strip first part from query string
  95.     # decode and evaluate var if requested
  96.     [ "$1" = "ALL" -o "${s/ $k /}" != "$s" ] && \
  97.         eval "$k=\"`cgi_decodevar \"$v\"`\""
  98.     done
  99.     return
  100. }
  101.  
  102.  
  103.  
  104. # register all GET and POST variables
  105. cgi_getvars BOTH ALL
  106.  
  107. echo "<pre>foo=$foo</pre>"
  108. echo "<pre>slug=$slug</pre>"
  109. echo "<pre>bar=$bar</pre>"
  110. echo "<pre>foobar=$foobar</pre>"
  111.  
  112. cat <<EOF
  113. </body>
  114. </html>
  115. EOF
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement