Wicked Cool Perl Scripts | Page 2 | WebReference

Wicked Cool Perl Scripts | Page 2

[previous] [next]

Wicked Cool Perl Scripts
[This chapter is excerpted from the book, Wicked Cool Perl Scripts, 2nd Edition, authored by Steve Oualline. Copyright 2006 No Starch Press, February 2006.]

Displaying the Error Log

One of the problems with developing CGI scripts is that there's no error displayed when you make a syntax error or other programming mistake. All you get is a screen telling you Internal Server Error. That tells you next to nothing.

The real information gets redirected to the error_log file. The messages in this file are extremely useful when it comes to debugging a program.

However, these files are normally only accessible by a few users such as apache and root. These are privileged accounts and you don't want to give everybody access to them.

So we have a problem. Programmers need to see the log files, and the system administrators want to keep the server protected. The solution is to write a short Perl script to let a user view the last few lines of the error_log.

The Code

Running the Script

The script must be installed in the CGI program directory and must be setuid to root (or some other user who has access to the error logs). It is accessed through a web browser.

The Results

From this display you can see that the last script run was bad.pl and it errored out because of a Premature end of script header error. (Translation: we forgot the #!/usr/bin/perl at the top of the script.)

The result

How It Works

The script starts with the magic line that runs Perl with the -T flag. The -T tells Perl to turn on taint checks. This helps prevent malicious user input from doing something nasty inside your program. It is a good idea to turn on taint for any CGI program. (We'll discuss taint mode in more detail in the next chapter.)

The script makes use of the CGI::Carp module. This module will catch any fatal errors and print out an error message that is readable by the browser. This means that error messages show up in the browser instead of going only to the error log.

This is especially a good idea for this script. If this script errors out, you can't use the error log script to find out what went wrong (because this is the error log script).

Start by outputting a page header. The background color chosen for the errors is #FF8080, which is a sort of sick pink. It looks ugly, but the color screams "Errors!"

Next, open the log file and read all lines in it:

Finally it's just a matter of printing the last 50 lines. The only trick is that you can't print them directly (they contain text and you want HTML). So the text is processed through the encode_entities function to turn nasty ASCII characters into something a browser can understand.

Hacking the Script

One problem with this script is that it exposes the entire error log to anyone who can access the page. You may want to utilize authentication to prevent unauthorized usage.

Or you can restrict the listing so that only the information for programs created by the user is displayed.

[previous] [next]