20 12 19 CGI CGI CGI 1 2 1.1 CGI............................................ 2 2 2 3 CGI 2 3.1.......................................... 2 3.2 CGI.......................................... 3 3.3........................................ 3 3.4 CGI......................................... 5 4 5 4.1............................................. 5 4.2..................................... 6 4.3......................................... 7 4.4 URL.......................................... 7 5 CGI 9 5.1................................ 9 5.2 CGI............................................ 10 6 CGI 11 6.1......................................... 12 6.2........................................... 12 6.3......................................... 12 6.4...................................... 12 6.5 MVC............................................ 12 6.6 CGI......................................... 13 7 13 1
1 1.1 CGI CGI(Common Gateway Interface) CGI CGI CGI Perl Ruby CGI HTML Ruby 2 CGI ( ) HTTP(Hypertext Transfer Protocol) httpd UNIX OS Apache Apache Apache /etc/httpd/conf/httpd.conf 1 cgi cgi-script 2 AddHandler cgi-script.cgi cgi public html CGI <Directory /home/*/public_html> AllowOverride All Options MultiViews SymLinksIfOwnerMatch ExecCGI </Directory> Directory ExecCGI CGI public html cgi-bin <Directory /home/*/public_html> AllowOverride All Options MultiViews SymLinksIfOwnerMatch </Directory> <Directory /home/*/public_html/cgi-bin> Options ExecCGI </Directory> httpd $ sudo /etc/init.d/httpd restart CGI 3 CGI 3.1 public html 1 /usr/local/apache2/ 2 2
List 1: Hello cgi print "Content-type: text/html\n\n"; print "<html><body><h1>hello CGI </H1></body></html>\n"; hello.cgi 755 $./hello.cgi Content-type: text/html <html><body><h1>hello CGI </H1></body></html> CGI public html URL http://server/~username/hello.cgi Hello CGI 3.2 CGI CGI http://server~/username/hello.cgi CGI ExecCGI CGI CGI Content-type: text/html( ) HTML HTML hello.cgi <html><body><h1>hello CGI </H1></body></html> Content-type: text/html\n\n HTML CGI CGI Content-type: image/gif\n\n gif 3.3 HTML ( ) CGI for List 2: for print "Content-type: text/html\n\n"; print "<html><body>\n"; print "<ul>\n" for i in 1..10 print "<li>" + i.to_s + "\n"; end print "</ul>\n" print "</body></html>\n"; 3
csv apple,100,5 banana,150,15 orange,120,8 data.csv List 3: print "Content-type: text/html\n\n" print "<html><body>\n" print "<table border=1>" print "<tr><td>name</td><td>price</td><td>quantity</td><td>subtotal</td></tr>\n" f = open("data.csv","r") total = 0 f.each{ line line.chomp! a = line.split(/\s*\,\s*/) name = a[0] price = a[1] num = a[2] subtotal = a[1].to_i * a[2].to_i total+= subtotal print "<tr>" print "<td>" + name + "</td>" print "<td>" + price + "</td>" print "<td>" + num + "</td>" print "<td>" + subtotal.to_s + "</td>" print "</tr>\n" } print "</table>\n" print "Total = " + total.to_s print "</body></html>\n" a = line.split(/\s*\,\s*/) a[2] 5\n line.chomp! chomp %./data.cgi Content-type: text/html <html><body> <table border=1><tr><td>name</td><td>price</td><td>quantity</td><td>subtotal</td></tr > <tr><td>apple</td><td>100</td><td>5 </td><td>500</td></tr> <tr><td>banana</td><td>150</td><td>15 </td><td>2250</td></tr> <tr><td>orange</td><td>120</td><td>8 4
</td><td>960</td></tr> </table> Total = 3710</body></html> 3.4 CGI CGI CGI CGI CGI nobody 3 nobody nobody CGI nobody other executable ~/user1/ CGI user1 ~/user2/ user2 CGI 700 group other CGI require etc print "Content-type: text/plain\n\n" p Etc.getpwuid[0] List 4: nobody nobody group other writable( ) CGI 4 4 4.1 CGI CGI CGI HTML METHOD POST GET HTML <H2>GET </H2> <form method="get" action="./form.cgi"> <input name="name" size=30> <input type="submit" value ="submit"> </form> <H2>POST </H2> <form method="post" action="./form.cgi"> <input name="name" size=30> 3 nobody httpd apache www 4 777 5
<input type="submit" value ="submit"> </form> CGI List 5: print "Content-type: text/html\n\n" print "<html><body>" method = ENV[ REQUEST_METHOD ] if method == GET print "METHOD = GET: " + ENV[ QUERY_STRING ] + "\n"; else print "METHOD = POST: " + gets(nil) + "\n"; end print "</body></html>\n" GET ( hoge) submit URL form.cgi?name=hoge METHOD = GET: name=hoge POST URL form.cgi METHOD = POST: name=hoge 4.2 <form> method action method GET POST action CGI <form> </form> <input> type <input type="submit" value ="submit"> CGI 6
<input name="name" size=30> size <input type="checkbox" name="cb" value="dog">dog value cb=dog <input type="radio" name="rb" value="dog">dog name 4.3 CGI submit form action CGI name=value name1=value1&name2=value2 ( ) & GET form.cgi?name1=value1&name2=value2 URL 5 URL QUERY_STRING ruby ENV[ QUERY_STRING ] URL <a href="http://hoge/hoge.cgi?mode=viewall"> </a> CGI POST URL REQUEST_METHOD POST CONTENT_LENGTH POST GET URL name=%82%d9%82%b0 (SJIS ) URL URL ( &? ) ASCII 4.4 URL URL ruby CGI HTML <html><head><body> List 6: 5 google URL 7
<H1> </H1> <form method="post" action="./formetc.cgi"> <input name="name" size=30><br> <input name="hobby1" type=checkbox value=" "> <input name="hobby2" type=checkbox value=" "> <input name="hobby3" type=checkbox value=" "> <BR> <input type="radio" name="job" value=" " checked> <input type="radio" name="job" value=" "> <input type="radio" name="job" value=" "> <BR> <select name="area"> <option value="tokyo"> </option> <option value="osaka"> </option> <option value="nagoya"> </option> </select> <BR> <input type="password" name="pass" ><BR> <BR> <BR> <textarea name="comment" cols="50" rows="5"> </textarea> <P> <input type="submit" value ="submit"><input type="reset" value ="reset"> </P> </form></body></html> CGI List 7: 8
require cgi print "Content-type: text/html\n\n" print "<html><body>" cgi = CGI.new hash = cgi.params hash.each_key{ key print key + " = " + hash[key].to_s + "<BR>\n" } print "</body></html>\n" cgi = CGI.new CGI 6 CGI CGI::params hash = cgi.params hash[ name ] hash[ pass ] 5 CGI CGI CGI CGI 5.1 CGI (Cross Site Scripting, XSS) CGI HTML JavaScript <script>alert("alert")</script> submit Javascript CGI <script type="text/javascript"> window.onload =function(){ document.write(" "); } </script> CGI URL ( ) CGI 7 < > CGI CGI::escapeHTML < > < > CGI List 8: 6 Ruby CGI.new.params.each key{... 7 CGI.htaccess 9
require cgi print "Content-type: text/html\n\n" print "<html><body>" cgi = CGI.new hash = cgi.params hash.each_key{ key print key + " = " + CGI.escapeHTML(hash[key].to_s) + "<BR>\n" } print "</body></html>\n" CGI::escapeHTML CGI 8 5.2 CGI 1. ( ) 2. 3. CGI mode mode confirm regist hidden input CGI List 9: 1 2 require cgi 3 FILENAME="log.dat" 4 5 def view 6 print <<EOS 7 <hr> 8 <form action="./bbs.cgi" method="post"> 9 <input name="name" size="10"><br> 10 <input name="comment" size="50"><br> 11 <input type="submit" value="submit"> 12 <input type="reset" value="reset"> 13 <input type="hidden" name="mode" value="confirm"> 14 </form> 15 <hr> 16 EOS 17 f = open(filename,"r") 18 print "<ul>\n" 19 f.readlines.reverse.each{ line 20 line.chomp! 21 a = line.split(/<>/) 22 name = a[0] 23 comment = a[1] 24 print "<li>" + name + " " + comment + " \n" 25 } 26 print "</ul>\n" 27 end 8 CGI 10
28 29 def confirm(cgi) 30 name = CGI.escapeHTML(cgi.params[ name ][0]) 31 comment = CGI.escapeHTML(cgi.params[ comment ][0]) 32 print " <BR>\n" 33 print " = " + name + "<BR>\n" 34 print " = " + comment + "<BR>\n" 35 print "<form action=\"./bbs.cgi\" method=\"post\">\n" 36 printf "<input type=\"hidden\" name=\"name\" value=\"%s\">\n",name 37 printf "<input type=\"hidden\" name=\"comment\" value=\"%s\">\n",comment 38 print <<EOS 39 <input type="hidden" name="mode" value="regist"> 40 <input type="submit" value="submit"> 41 </form> 42 EOS 43 end 44 45 def regist(cgi) 46 f = open(filename,"a") 47 name = CGI.escapeHTML(cgi.params[ name ][0]) 48 comment = CGI.escapeHTML(cgi.params[ comment ][0]) 49 f << name << "<>" << comment << "\n" 50 f.close() 51 print " <BR>\n" 52 print "<a href=\"./bbs.cgi\"> </a>" 53 end 54 55 cgi = CGI.new 56 mode = cgi.params[ mode ][0] 57 58 print "Content-type: text/html\n\n" 59 print "<html><body>" 60 if mode == "confirm" 61 confirm(cgi) 62 elsif mode == "regist" 63 regist(cgi) 64 else 65 view() 66 end 67 print "</body></html>\n" submit hidden mode confirm CGI HTML <html><body> <BR> = <BR> = <BR> <form action="./bbs.cgi" method="post"> <input type="hidden" name="name" value=" "> <input type="hidden" name="comment" value=" "> <input type="hidden" name="mode" value="regist"> <input type="submit" value="submit"> </form> </body></html> CGI hidden submit mode regist 6 CGI CGI 11
6.1 hidden HTML hidden HTTP REFERER 6.2 CGI Shift JIS EUC JIS UTF-8 Ruby Kconv NKF require kconv String tojis toeuc tosjis tosjis Shift JIS XML UTF 6.3 File flock f = File.open(filename,"a") f.flock(file::lock_ex) # # f.flock(file::lock_un) # 9 6.4 log.dat.htaccess.htaccess cgi cgi CGI 6.5 MVC CGI HTML CGI MVC HTML CGI (C) (V) 9 12
def get_replaced_text(filename,hash) f = open(filename) lines = f.read hash.each_key{ key if key!=nil and hash[key]!= nil id = %% + key + %% lines.gsub!(id,hash[key]) end } return lines end ID => 1 name => watanabe List 10: %%ID%% 1 %%name%% watanabe YAML XML 6.6 CGI CGI 500 Internal Error 10 CGI URL Ruby CGI require cgi name1=value1 name2=value2... ^D = ( ) ˆD ( +D) URL name1= name2= test.dat List. 6 $./formetc.cgi <test.dat Content-type: text/html <html><body>name1 = <BR> name2 = <BR> </body></html> URL 7 CGI Cookie 10 CGI 13