perl-asp mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Fagyal, Csongor" <>
Subject Re: The Freakiest thing...
Date Fri, 09 Jan 2004 21:01:04 GMT

I don't really follow the code snippet you presented here, but it sounds 
to me that you have generated a closure. This is a very usual mod_perl 


Also look at this:

In general you should not declare subroutines inside ASP pages. 
(However, I have the rather faint memory that the newest version of 
Apache::ASP presents a workaround... others will probably comment on this.)

- Csongor

>Okay, I've gotta bounce this off some other programmers who work with
>This has been reported twice.
>User loads signup form
>User sees somebody else's credit card data - VERY VERY VERY BAD
>Attempts by programmer to recreate:
>I store the form data in a variable.  This is a my scoped variable in the
>root file scope.
>I then utilize this $frm variable in a subroutine that I call, without
>passing the value.  Utilizing it as a global variable, for the file, at
>The simplest case for example:
>my $frm = $Request->Form();
>sub Main {
>  %>various html stuff
>  <input type=text name="cc_number" value="<%=$frm->{'cc_number'}%>">
>  more html stuff%>
>Now what has happened, reportedly twice (probably many more times),
>is that the Main() subroutine displays the cc_number that was entered
>The question is.  Is it at all possible that some other session (perhaps
>within the same apache process) acquired some other value of $frm through
>the persistant-across-page-loads value of $frm within Main?  I think you
>programmers can understand what I'm asking, though it seems muddled even
>as I try to type it.
>As I understood it, a file 'my' scoped variable would NOT be persisted
>anywhere, but is considered global within subroutines in the same file.
>Maybe I'm wrong.  I know that its ugly what I did there, and I have
>revised my code to pass the $frm variable from the file scope to the
>subroutine.  Much prettier.
>Your thoughts?
>- The best part about the internet is nobody knows you're a dog.
>  (Peter Stiener, The New Yorker, July 5, 1993)
>- Dogs like... TRUCKS!  (Nissan commercial, 1996)
>- PGP key:
>To unsubscribe, e-mail:
>For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message