Mdthbs

Add region constraint to Graphics

Why is "dark" an adverb in this sentence?

What exactly is the Tension force?

Is this more than a packing puzzle?

Why does the trade federation become so alarmed upon learning the ambassadors are Jedi Knights?

Project Euler, problem # 9, Pythagorean triplet

Why hasn't the U.S. government paid war reparations to any country it attacked?

Why use null function instead of == []

How are "soeben" and "eben" different from one another?

How to draw a gif with expanding circles that reveal lines connecting a non-centered point to the expanding circle using Tikz

GPIO and Python - GPIO.output() not working

Why linear regression uses "vertical" distance to the best-fit-line, instead of actual distance?

Is `curl {something} | sudo bash -` a reasonably safe installation method?

Nested-Loop-Join: How many comparisons and how many pages-accesses?

Did the Shuttle's rudder or elevons operate when flown on its carrier 747?

do not have power to all my breakers

As a DM, how to avoid unconscious metagaming when dealing with a high AC character?

What impact would a dragon the size of Asia have on the environment?

I quit, and boss offered me 3 month "grace period" where I could still come back

Are L-functions uniquely determined by their values at negative integers?

Remove intersect line for one circle using venndiagram2sets

Are lithium batteries allowed in the International Space Station?

How can I legally visit the United States Minor Outlying Islands in the Pacific?

Doing research in academia and not liking competition

Shell script equivalent to PHP $_POST

Print shell arguments in reverse orderTurn a bash and php script into a distributable rpmIssue with bash script running from php as rootecho all *.tex filenames in a specific directoryExiting a shell script if certain child processes exitshell script - multiple ssh connectionEnabling shell script to run as different user with PHPPosting a PHP variable into a bash scriptBash-Script: How to insert Variables into Bash-Script?Bash script to read a web page list from a text file

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

1

1

For example and learning purposes, I have a webpage that uses POST method to submit a text field. I have a server running script (bash) that I want to display what the "Query_string" is. I'm not completely familiar with PHP either, but I think $_POST would be used to print the submitted text. The script I am using is bash. What could I use to print out the submitted text?

bash shell-script html cgi

share|improve this question

edited 43 mins ago

mosvy

15k22 gold badges1818 silver badges4949 bronze badges

asked Nov 6 '14 at 4:43

swamswam

5822 silver badges77 bronze badges

• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  See the CGI specification; there are environment variables defined in section 5 including QUERY_STRING. Post data will be on standard input. That said, a) I think this may be more of a general programming or protocol question that is off-topic here, and b) conflating the query string and post data probably isn't the best sign for how well you're going to go with this. In particular, please note that it's very easy to write severe security holes in Bash CGI scripts.
  
  – Michael Homer
  Nov 6 '14 at 5:04
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Make sure you have upgraded bash to a recent version if this machine is accessible via a network (schellshock)
  
  – Anthon
  Nov 6 '14 at 5:39
  

  
  
  
  

add a comment | 

1

1

For example and learning purposes, I have a webpage that uses POST method to submit a text field. I have a server running script (bash) that I want to display what the "Query_string" is. I'm not completely familiar with PHP either, but I think $_POST would be used to print the submitted text. The script I am using is bash. What could I use to print out the submitted text?

bash shell-script html cgi

share|improve this question

edited 43 mins ago

mosvy

15k22 gold badges1818 silver badges4949 bronze badges

asked Nov 6 '14 at 4:43

swamswam

5822 silver badges77 bronze badges

• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  
  See the CGI specification; there are environment variables defined in section 5 including QUERY_STRING. Post data will be on standard input. That said, a) I think this may be more of a general programming or protocol question that is off-topic here, and b) conflating the query string and post data probably isn't the best sign for how well you're going to go with this. In particular, please note that it's very easy to write severe security holes in Bash CGI scripts.
  
  – Michael Homer
  Nov 6 '14 at 5:04
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Make sure you have upgraded bash to a recent version if this machine is accessible via a network (schellshock)
  
  – Anthon
  Nov 6 '14 at 5:39
  

  
  
  
  

add a comment | 

For example and learning purposes, I have a webpage that uses POST method to submit a text field. I have a server running script (bash) that I want to display what the "Query_string" is. I'm not completely familiar with PHP either, but I think $_POST would be used to print the submitted text. The script I am using is bash. What could I use to print out the submitted text?

bash shell-script html cgi

share|improve this question

edited 43 mins ago

mosvy

15k22 gold badges1818 silver badges4949 bronze badges

asked Nov 6 '14 at 4:43

swamswam

5822 silver badges77 bronze badges

share|improve this question

edited 43 mins ago

mosvy

15k22 gold badges1818 silver badges4949 bronze badges

asked Nov 6 '14 at 4:43

swamswam

5822 silver badges77 bronze badges

share|improve this question

edited 43 mins ago

mosvy

15k22 gold badges1818 silver badges4949 bronze badges

asked Nov 6 '14 at 4:43

swamswam

5822 silver badges77 bronze badges

edited 43 mins ago

mosvy

15k22 gold badges1818 silver badges4949 bronze badges

edited 43 mins ago

mosvy

15k22 gold badges1818 silver badges4949 bronze badges

asked Nov 6 '14 at 4:43

swamswam

5822 silver badges77 bronze badges

asked Nov 6 '14 at 4:43

swamswam

5822 silver badges77 bronze badges

1 Answer
1

active

oldest

votes

1

As noted by the first comment, the CGI spec says that the POST data will be on standard input, encoded with the enctype specified by the form. However all methods should be supported: multipart/form-data, application/x-www-form-urlencoded, and HTML5's text/plain

Here's a really quick test script you can play with:

#!/bin/sh

echo Content-type: text/plain

echo

echo Environment

printenv



echo POST contents

cat

The CONTENT_TYPE variable will be set to the method used for the data.

If it's application/x-www-form-urlencoded, then you're going to see the classic key=value&key=value syntax, and you have to remember to URL-unescape it.

If it's multipart/form-data, then it's MIME, and you should watch out, there have been exploits against MIME parsers before.

If it's the new HTML5 text/plain, then just take the entire input from stdin as-is. This method is meant for file uploads, not form submission; you can feed the stdin file descriptor to another process safely, without having to decode URLs or MIME.

And I'd like to echo the warnings of the others here. If you aren't patched against shellshock, just letting an attacker run the CGI can be enough to exploit your system (all they have to do is override all your common shell commands, and they are bound to find one you use).

share|improve this answer

answered Nov 6 '14 at 6:01

robbat2robbat2

2,6161111 silver badges2828 bronze badges

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f166311%2fshell-script-equivalent-to-php-post%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

1

As noted by the first comment, the CGI spec says that the POST data will be on standard input, encoded with the enctype specified by the form. However all methods should be supported: multipart/form-data, application/x-www-form-urlencoded, and HTML5's text/plain

Here's a really quick test script you can play with:

#!/bin/sh

echo Content-type: text/plain

echo

echo Environment

printenv



echo POST contents

cat

The CONTENT_TYPE variable will be set to the method used for the data.

If it's application/x-www-form-urlencoded, then you're going to see the classic key=value&key=value syntax, and you have to remember to URL-unescape it.

If it's multipart/form-data, then it's MIME, and you should watch out, there have been exploits against MIME parsers before.

If it's the new HTML5 text/plain, then just take the entire input from stdin as-is. This method is meant for file uploads, not form submission; you can feed the stdin file descriptor to another process safely, without having to decode URLs or MIME.

And I'd like to echo the warnings of the others here. If you aren't patched against shellshock, just letting an attacker run the CGI can be enough to exploit your system (all they have to do is override all your common shell commands, and they are bound to find one you use).

share|improve this answer

answered Nov 6 '14 at 6:01

robbat2robbat2

2,6161111 silver badges2828 bronze badges

add a comment | 

1

As noted by the first comment, the CGI spec says that the POST data will be on standard input, encoded with the enctype specified by the form. However all methods should be supported: multipart/form-data, application/x-www-form-urlencoded, and HTML5's text/plain

Here's a really quick test script you can play with:

#!/bin/sh

echo Content-type: text/plain

echo

echo Environment

printenv



echo POST contents

cat

The CONTENT_TYPE variable will be set to the method used for the data.

If it's application/x-www-form-urlencoded, then you're going to see the classic key=value&key=value syntax, and you have to remember to URL-unescape it.

If it's multipart/form-data, then it's MIME, and you should watch out, there have been exploits against MIME parsers before.

If it's the new HTML5 text/plain, then just take the entire input from stdin as-is. This method is meant for file uploads, not form submission; you can feed the stdin file descriptor to another process safely, without having to decode URLs or MIME.

And I'd like to echo the warnings of the others here. If you aren't patched against shellshock, just letting an attacker run the CGI can be enough to exploit your system (all they have to do is override all your common shell commands, and they are bound to find one you use).

share|improve this answer

answered Nov 6 '14 at 6:01

robbat2robbat2

2,6161111 silver badges2828 bronze badges

add a comment | 

As noted by the first comment, the CGI spec says that the POST data will be on standard input, encoded with the enctype specified by the form. However all methods should be supported: multipart/form-data, application/x-www-form-urlencoded, and HTML5's text/plain

Here's a really quick test script you can play with:

#!/bin/sh

echo Content-type: text/plain

echo

echo Environment

printenv



echo POST contents

cat

The CONTENT_TYPE variable will be set to the method used for the data.

If it's application/x-www-form-urlencoded, then you're going to see the classic key=value&key=value syntax, and you have to remember to URL-unescape it.

If it's multipart/form-data, then it's MIME, and you should watch out, there have been exploits against MIME parsers before.

If it's the new HTML5 text/plain, then just take the entire input from stdin as-is. This method is meant for file uploads, not form submission; you can feed the stdin file descriptor to another process safely, without having to decode URLs or MIME.

And I'd like to echo the warnings of the others here. If you aren't patched against shellshock, just letting an attacker run the CGI can be enough to exploit your system (all they have to do is override all your common shell commands, and they are bound to find one you use).

share|improve this answer

answered Nov 6 '14 at 6:01

robbat2robbat2

2,6161111 silver badges2828 bronze badges

#!/bin/sh

echo Content-type: text/plain

echo

echo Environment

printenv



echo POST contents

cat

share|improve this answer

answered Nov 6 '14 at 6:01

robbat2robbat2

2,6161111 silver badges2828 bronze badges

answered Nov 6 '14 at 6:01

robbat2robbat2

2,6161111 silver badges2828 bronze badges

answered Nov 6 '14 at 6:01

robbat2robbat2

2,6161111 silver badges2828 bronze badges