perl-asp mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Fagyal, Csongor" <conc...@conceptonline.hu>
Subject Re: The Freakiest thing...
Date Fri, 09 Jan 2004 21:01:04 GMT
Skylos,

I don't really follow the code snippet you presented here, but it sounds 
to me that you have generated a closure. This is a very usual mod_perl 
issue.

See:
http://perl.apache.org/docs/general/perl_reference/perl_reference.html#Understanding_Closures____the_Easy_Way

Also look at this:
http://perl.apache.org/docs/general/perl_reference/perl_reference.html#my___Scoped_Variable_in_Nested_Subroutines

In general you should not declare subroutines inside ASP pages. 
(However, I have the rather faint memory that the newest version of 
Apache::ASP presents a workaround... others will probably comment on this.)

- Csongor

>Okay, I've gotta bounce this off some other programmers who work with
>Apache::ASP.
>
>This has been reported twice.
>
>Procedure:
>
>User loads signup form
>
>Result:
>
>User sees somebody else's credit card data - VERY VERY VERY BAD
>
>Attempts by programmer to recreate:
>
>Fruitless.
>
>Thoughts:
>
>I store the form data in a variable.  This is a my scoped variable in the
>root file scope.
>
>I then utilize this $frm variable in a subroutine that I call, without
>passing the value.  Utilizing it as a global variable, for the file, at
>least.
>
>The simplest case for example:
>
>---index.asp---
><%@Language=PerlScript%>
><%
>my $frm = $Request->Form();
>
>Main(%Results);
>
>sub Main {
>  %>various html stuff
>  <input type=text name="cc_number" value="<%=$frm->{'cc_number'}%>">
>  more html stuff%>
>}
>%>
>---index.asp---
>
>Now what has happened, reportedly twice (probably many more times),
>is that the Main() subroutine displays the cc_number that was entered
>BY A DIFFERENT SESSION!
>
>The question is.  Is it at all possible that some other session (perhaps
>within the same apache process) acquired some other value of $frm through
>the persistant-across-page-loads value of $frm within Main?  I think you
>programmers can understand what I'm asking, though it seems muddled even
>as I try to type it.
>
>As I understood it, a file 'my' scoped variable would NOT be persisted
>anywhere, but is considered global within subroutines in the same file.
>
>Maybe I'm wrong.  I know that its ugly what I did there, and I have
>revised my code to pass the $frm variable from the file scope to the
>subroutine.  Much prettier.
>
>Your thoughts?
>
>Skylos
>
>- skylos@doglover.com
>- The best part about the internet is nobody knows you're a dog.
>  (Peter Stiener, The New Yorker, July 5, 1993)
>- Dogs like... TRUCKS!  (Nissan commercial, 1996)
>- PGP key: http://dogpawz.com/skylos/mykey.asc
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
>For additional commands, e-mail: asp-help@perl.apache.org
>
>
>  
>



---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org


Mime
View raw message