GenArk Request assembly build

ca81b42b47cd5b6419d87f3b8697a0806ce85e99 hiram Tue Sep 20 11:45:40 2022 -0700 see if the referer and referDomain can be recorded for possible protection refs #28930 diff --git src/hg/gar/gar.cgi.pl src/hg/gar/gar.cgi.pl index cf95979..bd4f4a7 100755 --- src/hg/gar/gar.cgi.pl +++ src/hg/gar/gar.cgi.pl @@ -1,87 +1,101 @@ #!/usr/bin/perl ## ## gar -- GenArk Request - receive requests for GenArk assemblies ## use URI::Escape; # use strict; # use warnings; +my $httpRefer = "noReference"; +my $referDomain = "noDomain"; + +if (defined($ENV{'HTTP_REFERER'})) { + my @a = split('/', $ENV{'HTTP_REFERER'}); + $httpRefer = $a[-1]; # should be "assemblyRequest.html" + my @b = split('\.', $a[-2]); + $referDomain = "$b[-2].$b[-1]"; # should be "ucsc.edu" +} + print "Content-type: text/html\n\n"; print "GenArk Request assembly build\n"; print "\n"; # QUERY_STRING name=some%20name&email=some@email.com&asmId=GCF_000951035.1_Cang.pa_1.0 my %incoming = ( "name" => "noName", "email" => "noEmail", "asmId" => "noAsmId", "betterName" => "noBetterName", "comment" => "noComment", ); my $validIncoming = 0; +my $extraneousArgs = 0; if (defined($ENV{"QUERY_STRING"})) { my $qString = $ENV{"QUERY_STRING"}; my @idVal = split("&", $qString); foreach $id (@idVal) { my ($tag, $value) = split("=", $id, 2); # only accept known inputs, the five defined above for %incoming defaults if (defined($incoming{$tag}) && defined($value)) { $incoming{$tag} = uri_unescape( $value ); ++$validIncoming; } + ++$extraneousArgs if (!defined($incoming{$tag})); } } -if ($validIncoming != 5) { +if ( ($validIncoming != 5) || ($extraneousArgs > 0) ) { # not a legitimate request from our own business, do nothing. print "\n"; exit 0; } printf "

name: '%s'
email: '%s'
asmId: '%s'
betterName '%s'
comment '%s'
betterName: '%s'
comment: '%s'

\n"; my $DS=`date "+%F %T"`; chomp $DS; open (FH, "|/usr/sbin/sendmail -t -oi"); printf FH "To: hclawson\@ucsc.edu,clayfischer\@ucsc.edu From: %s Subject: gar request: %s name: '%s' email: '%s' asmId: '%s' betterName: '%s' comment: '%s' +httpRefer '%s' +referDomain '%s' date: '$DS' -", $incoming{"email"}, $incoming{"asmId"}, $incoming{"name"}, $incoming{"email"}, $incoming{"asmId"}, $incoming{"betterName"}, $incoming{"comment"}; +", $incoming{"email"}, $incoming{"asmId"}, $incoming{"name"}, $incoming{"email"}, $incoming{"asmId"}, $incoming{"betterName"}, $incoming{"comment"}, $httpRefer, $referDomain; close (FH); print "\n"; __END__ print "\n"; foreach $var (sort(keys(%ENV))) { $val = $ENV{$var}; $val =~ s|\n|\\n|g; $val =~ s|"|\\"|g; print "\n"; } print "

hgwdev-hiram CGI gar
${var}	${val}

\n"; print "\n";