Processing Form Data in Shell CGI Scripts

Important: Versions before 11/06/1997 have a security bug. If you downloaded this program before that date, download the current version, and substitute all your copies with this one.
This page presents a little program that will help you processing form data in a CGI shell script. If you're unfamiliar with Perl and don't want to write a bulky C program just for a small CGI job, shell script CGI programming may be an option. You receive the form values straight into your shell environment (the names prefixed with "FORM_"), where you can then access them just like other shell variables.

I have a different page with the same title, where I present a shell script to do the same job of extracting form data and feeding it to your script. However, this C program is much faster and easier to use.

Features

Installation

Installation is simple. Just download the C code, proccgi.c, and compile it. Compilation shouldn't be a problem on any system. Copy the resulting executable proccgi to a location of your choice, where it is accessible to your CGI scripts.

Usage

All you have to do in your shell script is to call
eval "`proccgi $*`"
In some cases, you might need to give the full pathname if it's not found automatically. After this call, you have everything in your shell.

Be careful to quote the call to proccgi, else shell expansion will take place, potentially opening security leaks.

Example

This is a very simple example of an automatic software-by-email program. You can fill in your email address and a file name which is then automatically mailed to you. Do not, I repeat, do not install this piece of code. It would be a major security leak.

The Form

<form action="http://our-server/cgi-stuff/mailer" method="post">
<dl>
  <dt> Your Email <dd> <input name="email" size="50">
  <dt> Filename   <dd> <input name="file"  size="50">
</dl>
<input type="submit" value="Submit">
</form>

The Script

(Install this script in the location you used above in the form's action field.)
#!/bin/sh
eval "`procgi $*`"
mail $FORM_email < $FORM_file
cat - << \END
echo Content-type: text/plain
echo
echo done.
END
As you can see, after the call to proccgi, the email address from the form is stored in the shell variable $FORM_email, and the file name is in $FORM_file.

Download

Once again, here's a link to download proccgi.c.

The script may be freely used and distributed at no charge provided that the copyright notice remains at its top.


Frank Pilhofer <fp -AT- fpx.de> Back to the Homepage
Last modified: Fri Aug 29 15:34:33 1997