Internet

Beginning CGI Programming with Perl

Exercise 3.1. Using the exec command

The exec command gives you the power of your operating system right in your SSI HTML. Most of the system commands available to you from the command line also are available with the SSI exec command. As with SSIs themselves, the exec command can be turned off and made unavailable to you. Because the exec command opens up a variety of security issues, don’t be too surprised if your System Administrator has disabled this option. SSI security concerns are discussed later in this Tutorial in “Looking At Security Issues with SSIs.”

The exec command enables you to access the UNIX Shell or CGI scripts without requiring the client to click a button. When you go to a Web site that looks like it is immediately using a CGI script to build the page, it probably is using an SSI exec CGI command to make that happen.

With the exec command, you can do anything you can do from the command line. Now, I’m not going to teach you UNIX in these tutorials. (It might be fun, but both of us have our deadlines to meet.) But let’s explore a few of the simple commands you can use and how you might use some of these tools.

Figure 3.6 shows the output from the SSI commands in Listing 3.8. Each of these commands is a simple UNIX command that becomes available to you as soon as you understand how to use SSI commands. That should be now. The environment in which your commands will execute includes all the normal environment variables you get at login. If you are using an SSI command to execute a CGI script, you get all the environment variables normally available to your CGI programs. Environment variables are covered in Tutorial 6.

Figure 3.6 : Using the SSI exec command to access the UNIX Shell.

Listing 3.8. HTML and SSI exec commands.

01: <head>02: <title>Server Side Include exec command </title>03: </head>04: </body>05: <!--#config timefmt="%x" -->06: <!--#echo var="date_local" -->07: <h3> The UNIX date of the server is  <!--#exec cmd="date" -->.</h3>08: <h3>The current working directory is <!--#exec cmd="pwd" -->.</h3>09: <h3>The files in the directory       <!--#exec cmd="cd ..; pwd;" -->10: are <!--#exec cmd="cd ..; ls" -->.</h3>11:12: <h3>The directories in the directory  <!--#exec cmd="cd ..; pwd;" -->13: are:</h3> <!--#exec cmd="cd ..; ls -l |grep ^d" -->14:15: <h3> That looks awful because you can't add any formatting commands.16: The next example uses a CGI script to do the same command </h3>17: <!--#exec cgi="server side include_cgi_dir.cgi" -->18:19: </body>20: </html>

Let’s take a look at each one of these commands. Most of them are simple. The amazing thing is that you now can treat your SSI parsed file just as if you were executing from the UNIX command line. So you get the simple commands that enable you to do things like print the current date and the current working directory. You can see each of these on lines 5 and 6. You’ve already seen several of the date commands, but notice that the date printed from the command line is not the same date printed with the "date_local" variable on line 6. The config command has no impact on anything you do at the command line. When you execute on the command line, each new command starts a new process.

This process is shown on lines 9 and 10. Notice the semicolons between the Change Directory command (cd) and the Print Working Directory command (pwd). This lets your SSI exec command execute more than one command in a row, with the next command keeping the state created from the previous command.

Suppose that you try to execute two SSI exec commands. The first one changes directories, and the next one prints the current directory:

<!--#exec cmd="cd .." -->

and

<!--#exec cmd="pwd" -->

The result of the pwd command is not the cgibook directory, as in Figure 3.6, but the same directory printed from line 8: cgibook/chap3.

On line 13, two UNIX commands are executed at the same time without a semicolon. What happened here? Well, this takes advantage of something called a UNIX pipe. The pipe passes the output created by the first command to the next command. Let’s explore this example a little closer.

The UNIX command is ls -l |grep ^d, and it can be interpreted as saying give me the listing of all the directories in this directory.

Let’s break this one down into each of its parts. This is where the power of pipes and being on a UNIX machine start to become apparent:

  • ls -l is the directory listing command with the argument switch -l added. The -l tells UNIX to give the long format for the directory listing.
  • |is a pipe command. It tells UNIX to send the output of the last command to the next command.
  • grep ^d is a search command. Its syntax follows:

grep search_string search_list

The ^d is a combination search_string. The ^ tells grep to search only at the start of the line, and the d tells grep what to search for. So only search for lines that begin with d-the beginning character for all directories. The search_list is sent to grep through the pipe command | as a result of the ls -l command. That’s a quick lesson on building powerful tools using a combination of simple UNIX commands.

The exec Command and CGI Scripts

The exec command and the UNIX Shell have lots of power, but the exec command and CGI have even more. Using the exec command and Perl CGI scripts, you can do almost anything. This is where your imagination takes over and you start to let the power of your computer and your mind work together to wow your Web page visitor.

The syntax of the command just replaces the cmd keyword with cgi. The full format of the command is shown on line 17 of Listing 3.8:

<!--#exec cgi="server side include_cgi_dir.cgi" -->

There is very little that’s special about CGI programs executed from within an SSI file. The server still expects your CGI program to output a Content-Type header. All the HTML tags you expect to work still do. However, you cannot execute a non-parsed-header (NPH) CGI program inside an SSI file. The NPH-CGI program tells the server to not parse the returned response headers; the NPH-CGI program is supposed to return the correct response headers. This presents a conflict to the server because it already is returning HTTP response headers for the parsed HTML file. To prevent this server conflict, NPH-CGI programs are illegal in SSI files. NPH-CGI programs are covered in Tutorial 4 “Using Forms to Gather and Send Data.”