Errata

CGI Programming on the World Wide Web

Errata for CGI Programming on the World Wide Web

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released.

The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.

Color Key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version Location Description Submitted by Date submitted
Printed Page 22
You might want to add a footnote regarding User Authentication as

follows:

REMOTE_USER env. var. is only set if authentication is actually used,
and it is not supported by all web servers. For Netscape 3.x, when
configured for user authentication, a specified directory can be set
up by 2 files, .nsconfig and .htpasswd, in that directory.

The .htpasswd should contain a password. If you want to give it a real
password associated with a user, do "ypcat passwd |grep <username>".

The .htpasswd should contain:

user1:qewdufyp
user2:2947yer

The .nsconfig should contain:

<Files *>
RequireAuth userfile="/dir_name/.htpasswd" realm="User password
required"
user
pat=(user1|user2)
</Files>

 Anonymous   
Printed Page 22
You might want to add a footnote regarding User Authentication as

follows:

REMOTE_USER env. var. is only set if authentication is actually used,
and it is not supported by all web servers. For Netscape 3.x, when
configured for user authentication, a specified directory can be set
up by 2 files, .nsconfig and .htpasswd, in that directory.

The .htpasswd should contain a password. If you want to give it a real
password associated with a user, do "ypcat passwd |grep <username>".

The .htpasswd should contain:

user1:qewdufyp
user2:2947yer

The .nsconfig should contain:

<Files *>
RequireAuth userfile="/dir_name/.htpasswd" realm="User password
required"
user
pat=(user1|user2)
</Files>

 Anonymous   
Printed Page 46

The Line 2 in the second code example now reads:

chop($current_date '/bin/date');

It should be:

`/bin/date` (i.e. with backquotes)

 Anonymous   
Printed Page 46

The Line 2 in the second code example now reads:

chop($current_date '/bin/date');

It should be:

`/bin/date` (i.e. with backquotes)

 Anonymous   
Printed Page 69
The URL given for uncgi has changed. It is now located at

http://www.midwinter.com/~koreth/uncgi.html

 Anonymous   
Printed Page 69
The URL given for uncgi has changed. It is now located at

http://www.midwinter.com/~koreth/uncgi.html

 Anonymous   
Printed Page 121

Code example under second paragraph, third line of "for" loop reads:

$max_length - ($loads[$loop - 1] * 10) );

it should read:

$origin[1] - ($loads[$loop -1] * 10) );

The current code results in load averages being graphed beneath the
axis line.

 Anonymous   
Printed Page 121

Code example under second paragraph, third line of "for" loop reads:

$max_length - ($loads[$loop - 1] * 10) );

it should read:

$origin[1] - ($loads[$loop -1] * 10) );

The current code results in load averages being graphed beneath the
axis line.

 Anonymous   
Printed Page 122
The third code example has a for loop; however, the example

fails to delimit the for loop with an ending '}'. The last line of
that code segment should contain a } - without it the program will not
work.


 Anonymous   
Printed Page 122
The third code example has a for loop; however, the example

fails to delimit the for loop with an ending '}'. The last line of
that code segment should contain a } - without it the program will not
work.


 Anonymous   
Printed Page 213
The following string is given (twice) to indicate how to check

for valid e-mail addresses:

/([w-+.]+)@([w-+.]+)/

This still allows for addresses like "; shaun@minc.com ;" which could
at least cause errors and at most be a security hole.

To prevent possible problems, the script writer should ensure nothing
can appear before or after the e-mail address.

The correction is simple: /^([w-+.]+)@([w-+.]+)$/

This, of course, assumes the script writer has already stripped any
whitespace from the beginning and end of the e-mail string.

 Anonymous   
Printed Page 213
The following string is given (twice) to indicate how to check

for valid e-mail addresses:

/([w-+.]+)@([w-+.]+)/

This still allows for addresses like "; shaun@minc.com ;" which could
at least cause errors and at most be a security hole.

To prevent possible problems, the script writer should ensure nothing
can appear before or after the e-mail address.

The correction is simple: /^([w-+.]+)@([w-+.]+)$/

This, of course, assumes the script writer has already stripped any
whitespace from the beginning and end of the e-mail string.

 Anonymous   
Printed Page 398
Next-to-last answer on page:

print "Content-type: text/plain
"

should read

print "Content-type: text/plain
";

and

print "Location: http://some.machine/some.doc

"";

should read

print "Location: http://some.machine/some.doc

";

 Anonymous   
Printed Page 398
A CGI program can only send one Location header. You also cannot

send a MIME content type if you want the server to perform
redirection. For example, the following is not valid:

- ----------------------
#!/usr/local/bin/perl
#...
$query = new CGI::Form;
print $query->header;
#...Form display
#...
#Action
print "Location: http://some.machine/some.doc

";
- ----------------------

If a user wants to display a message using server redirection as above
w/o redisplaying the form, we need an example that shows the action
implemented in a separate file from the form display. Otherwise the
default action is the CGI script itself. I haven't figured out a way
to do this using CGI modules.

 Anonymous   
Printed Page 398
Next-to-last answer on page:

print "Content-type: text/plain
"

should read

print "Content-type: text/plain
";

and

print "Location: http://some.machine/some.doc

"";

should read

print "Location: http://some.machine/some.doc

";

 Anonymous   
Printed Page 398
A CGI program can only send one Location header. You also cannot

send a MIME content type if you want the server to perform
redirection. For example, the following is not valid:

- ----------------------
#!/usr/local/bin/perl
#...
$query = new CGI::Form;
print $query->header;
#...Form display
#...
#Action
print "Location: http://some.machine/some.doc

";
- ----------------------

If a user wants to display a message using server redirection as above
w/o redisplaying the form, we need an example that shows the action
implemented in a separate file from the form display. Otherwise the
default action is the CGI script itself. I haven't figured out a way
to do this using CGI modules.

 Anonymous   
Printed Page 415
The line

$filename = $data{'input'};

should read

$filename = $data{'input_file'};

 Anonymous   
Printed Page 415
The line

$filename = $data{'input'};

should read

$filename = $data{'input_file'};

 Anonymous