Wicked Cool Perl Scripts | Page 2
Wicked Cool Perl Scripts
[This chapter is excerpted from the book, Wicked Cool Perl Scripts, 2nd Edition, authored by Steve Oualline. Copyright 2006 No Starch Press, February 2006.]
Displaying the Error Log
One of the problems with developing CGI scripts is that there's no error displayed when you make a syntax error or other programming mistake. All you get is a screen telling you
Internal Server Error. That tells you next to nothing.
The real information gets redirected to the error_log file. The messages in this file are extremely useful when it comes to debugging a program.
However, these files are normally only accessible by a few users such as apache and root. These are privileged accounts and you don't want to give everybody access to them.
So we have a problem. Programmers need to see the log files, and the system administrators want to keep the server protected. The solution is to write a short Perl script to let a user view the last few lines of the error_log.
Running the Script
The script must be installed in the CGI program directory and must be setuid to root (or some other user who has access to the error logs). It is accessed through a web browser.
From this display you can see that the last script run was bad.pl and it errored out because of a
Premature end of script header error. (Translation: we forgot the #!/usr/bin/perl at the top of the script.)
How It Works
The script starts with the magic line that runs Perl with the
-T flag. The
-T tells Perl to turn on taint checks. This helps prevent malicious user input from doing something nasty inside your program. It is a good idea to turn on taint for any CGI program. (We'll discuss taint mode in more detail in the next chapter.)
The script makes use of the
CGI::Carp module. This module will catch any fatal errors and print out an error message that is readable by the browser. This means that error messages show up in the browser instead of going only to the error log.
This is especially a good idea for this script. If this script errors out, you can't use the error log script to find out what went wrong (because this is the error log script).
Next, open the log file and read all lines in it:
encode_entitiesfunction to turn nasty ASCII characters into something a browser can understand.
Hacking the Script
One problem with this script is that it exposes the entire error log to anyone who can access the page. You may want to utilize authentication to prevent unauthorized usage.
Or you can restrict the listing so that only the information for programs created by the user is displayed.