#!/usr/bin/perl -T
#
# unsafe-form.pl
#
# CGI.pm Perl script demonstrating how easy it is to
# tamper with "hidden" form field values.
#
# Written by Advosys Consulting Inc., Ottawa
#
# Requires: Perl 5 with CGI.pm
#
# Include perl modules:
use CGI qw/:standard/;
# Print the MIME header before doing anything else:
print "Content-type: text/html\n\n";
print '';
print 'Unsafe input form demo
';
# Assign some example values we don't want changed:
$userid = 'ktrout';
$credit_ok = 1;
$form_expires = '20001001:12:45:20';
# Display blank HTML form or check submission:
if ( ! param('chaddr') ) {
print_form();
}
else {
print "Thank you ", param('userid'), "
";
print "Your address information has been updated.";
}
print "";
### SUBROUTINES:
#
sub print_form {
# Prints example HTML form with signature in a hidden field:
print<
END_TEXT
}