Skip to main content.
home | support | download

Back to List Archive

Re: Searching hangs thru cgi works on command line

From: Bill Moseley <moseley(at)not-real.hank.org>
Date: Sat Nov 24 2001 - 13:39:13 GMT
At 10:10 PM 11/23/2001 -0800, Mohammed Ahmed wrote:

>But when deployed to web and accessed thru cgi-bin
>it goes in infinite loop and gets hung
>and sometimes it gives the right result ???

..

>I am using SWISH-E 2.1-dev-24 compiled on cygwin. 

I would try the windows binary on the swish-e download page and see if that
solves the problem.  
I'd be interested if you think it runs much faster compared to the cygwin
version.

I can't imagine why running as a CGI script would make swish hang, unless
there's some type of weird i/o blocking happening.

>cat rc.pl
>#!/usr/bin/perl -w
>#use strict;
>
>sub myopen {
>    open my $fh, "@_"
>         or die "Can't open '@_': $!";
>    return $fh;
>}
>
>sub mydoc {
>my $localdoc = $_[0];
>my $size = length($localdoc)+2* length("\n")+length("<META NAME='rc'
CONTENT='$_[2]'>");

How about

sub mydoc {
   my ($doc, $path, $meta ) = @_;

   my $content = <<EOF;
<html><head>
<meta name="rc" contente="$meta">
</head><body>
$doc
</body></html>
EOF

   my $length = length $content;
   my $mtime = time;

   print <<EOF;
Content-Length: $length
Last-Mtime: $mtime
Path-Name: $path

EOF
   print $content;
}

>
>my $f = myopen("<./rcdata");

You should always check return values to make sure things go ok.

>$keystring = $FORM{'keywords'};
>if ($keystring =~ /^([\w\-\. ]+)$/ ) {
>    $topic = $1;
>} 
>else {
>    &dienice("Bad keyword: `$topic'.  Please don't use commas or
non-alphanumeric characters.");
>}
>@results = `swish-e -w $topic -f rc.idx`;

<side topic>
I sure wish someone could tell me how safe that is on windows (or if there
is a safe way to run programs in windows).  I've asked on a number of
winodws-specific CGI and perl lists, and have not received an answer.  I
once saw a post by a hacker that was able to break into a machine via a
perl cgi script by using embedded nulls in the input parameters any somehow
bypassing a regexp to filter out bad chars.  I can't imagine how that would
work with the above, but I've been very careful ever since reading that
article and stick to fork/exec, which I guess one can now do with current
Activestate perls.
</side topic>




Bill Moseley
mailto:moseley@hank.org
Received on Sat Nov 24 13:39:43 2001