I'm connecting to a server running a HTML page with the following code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta name="generator" content=
"HTML Tidy for Linux/x86 (vers 1st February 2005), see www.w3.org">
<title>Calculator</title>
<link type="text/css" rel="stylesheet" href="mystyle.css">
</head>
<body>
<h1>Calculator</h1>
<p>This is a calculator form that uses a CGI script.</p>
<form method="post" action="./cgi-bin/badcalc.pl">
Expression <input type="text" name="exp" size="10">
<input type="submit" value="Calculate">
<input type="reset">
</form><br>
<p>The cgi script that does the calculation may be viewed <a href=
"cgi-bin/code2html.pl?file=badcalc.pl">here</a>.</p>
</body>
</html>
This links up to the Perl file which contains the code:
#!/usr/bin/perl
use strict;
use warnings;
use Safe; #using Sandbox
use CGI;
use HTML::Entities; #For encoding the output
my $query = new CGI;
my $exp = $query->param('exp');
print $query->header,
$query->start_html(-title=>'Fixed calculator',
-style=>{'src' => '../mystyle.css'},
-target=>'_blank'),
$query->h1('Fixed calculator');
my $compartment = Safe->new();
##Defining a new sandbox
$compartment->permit_only(qw(atan2 sin cos exp log sqrt :default )); #Defines te functions that are permitted for execution
my $result = $compartment->reval($exp) or die("Error: ".$@);
#Execute the calculation, if input is trapped or an error occurs, die and print to log
if (defined $result)
{
print "<br> ".encode_entities($exp)." = " encode_entities($result).""; ##Encodes the output to ensure that there is no problems on the page
}else
{
print "<br> Oh dear! That input is not allowed or has been incorrectly formatted.\n"; #Makes error message suitable
}
print $query->end_html;
This should carry out simple calculations and provide more security compared to the older version (which used eval() instead of reval()) but when I try and carry out a simple calculation like 1+1 it brings back an internal server error and the log from the error is located below.
Can't locate HTML/Entities.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.14.2 /usr/local/share/perl/5.14.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.14 /usr/share/perl/5.14 /usr/local/lib/site_perl .) at /home/1001542/public_html/cgi-bin/badcalc.pl line 10. BEGIN failed--compilation aborted at /home/1001542/public_html/cgi-bin/badcalc.pl line 10. [Mon May 06 10:58:05 2013] [error] [client 10.0.0.25] Premature end of script headers: badcalc.pl, referer: http://10.0.0.3/~1001542/calc.html
Line 10 is "use HTML::Entities;".
Any help?
**EDIT** The original Perl file works fine strangely enough. Code:
#!/usr/bin/perl
use strict;
use warnings;
use CGI;
my $query = new CGI;
my $exp = $query->param('exp');
print $query->header,
$query->start_html(-title=>'Broken calculator',
-style=>{'src' => '../mystyle.css'},
-target=>'_blank'),
$query->h1('Broken calculator');
my $result = eval($exp);
if (defined $result)
{
print "<br> $exp = $result";
}else
{
print "<br> oops! $@";
}
print $query->end_html;
EDIT AGAIN** I was using the server provided by my university to do this but have now set it up on my own virtual machine's apache server. I will get back to everyone if I fix it.
I managed to sort it myself.
As I was using the server provided by my university I had no access to install the required module (HTML::Entities).
I decided to then set up the required module on my own Apache web server on a virtual machine and managed to get it working this way after sorting out some syntax/spelling errors.
The way I installed the HTML::Entities module was through the synaptic package manager, just by searching libhtml-parser-perl the module was found and installed. I restarted Apache and the VM just in case that was required.
Thanks for everybody's input!