a0b5687117ecc4f594719d5bd97fcf6ee3f51921
hiram
Fri Sep 16 12:02:02 2022 -0700
more strict acceptance of the five required arguments refs #30003
diff --git src/hg/gar/gar.cgi.pl src/hg/gar/gar.cgi.pl
index a03b456..cf95979 100755
--- src/hg/gar/gar.cgi.pl
+++ src/hg/gar/gar.cgi.pl
@@ -1,84 +1,87 @@
#!/usr/bin/perl
##
## gar -- GenArk Request - receive requests for GenArk assemblies
##
use URI::Escape;
# use strict;
# use warnings;
print "Content-type: text/html\n\n";
print "GenArk Request assembly build\n";
print "\n";
# QUERY_STRING name=some%20name&email=some@email.com&asmId=GCF_000951035.1_Cang.pa_1.0
my %incoming = (
"name" => "noName",
"email" => "noEmail",
"asmId" => "noAsmId",
"betterName" => "noBetterName",
"comment" => "noComment",
);
my $validIncoming = 0;
if (defined($ENV{"QUERY_STRING"})) {
my $qString = $ENV{"QUERY_STRING"};
my @idVal = split("&", $qString);
foreach $id (@idVal) {
my ($tag, $value) = split("=", $id, 2);
- $incoming{$tag} = uri_unescape( $value ) if (defined($value));
- ++$validIncoming if (defined($value));
+ # only accept known inputs, the five defined above for %incoming defaults
+ if (defined($incoming{$tag}) && defined($value)) {
+ $incoming{$tag} = uri_unescape( $value );
+ ++$validIncoming;
+ }
}
}
if ($validIncoming != 5) {
# not a legitimate request from our own business, do nothing.
print "\n";
exit 0;
}
printf "\n";
printf "- name: '%s'
\n", $incoming{"name"};
printf "- email: '%s'
\n", $incoming{"email"};
printf "- asmId: '%s'
\n", $incoming{"asmId"};
printf "- betterName '%s'
\n", $incoming{"betterName"};
printf "- comment '%s'
\n", $incoming{"comment"};
printf "
\n";
my $DS=`date "+%F %T"`;
chomp $DS;
open (FH, "|/usr/sbin/sendmail -t -oi");
printf FH "To: hclawson\@ucsc.edu,clayfischer\@ucsc.edu
From: %s
Subject: gar request: %s
name: '%s'
email: '%s'
asmId: '%s'
betterName: '%s'
comment: '%s'
date: '$DS'
", $incoming{"email"}, $incoming{"asmId"}, $incoming{"name"}, $incoming{"email"}, $incoming{"asmId"}, $incoming{"betterName"}, $incoming{"comment"};
close (FH);
print "