Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

@CGI $q->upload() doesnt work properly

by AlexTape (Monk)
on Mar 08, 2012 at 12:43 UTC ( #958464=perlquestion: print w/ replies, xml ) Need Help??
AlexTape has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks, im desperated ;-) im want to use the cgi.pm to upload a file via a webinterface, but the filehandle <$upload_Handle> give exactly nothing back.. :-(
if ($main::var{upload_file} ne "") { my @new_IP_data; if ($main::var{submit} eq "read") { my $loaded_IP_list; my $allowed_Types = "txt"; my $max_Size = 4096; my $filename = $q->param('upload_file'); $filename =~ s/.*[\/\\](.*)/$1/; $filename =~ s/\s/_/; my $upload = $q->param('upload_file'); my $file_Size = -s $upload; #$file_Size /= 1000; if ($file_Size > $max_Size) { print "<p>file is too big - only $max_Size all +owed - your file got $file_Size bytes</p>\n"; (my $kbsize,my $byt) = split(/\./, $file_Size) +; print "~ $kbsize KB"; exit; } (my $file_ID,my $type) = split(/\./, $filename); if($filename !~ /^\w+\.($allowed_Types)/) { print "only *.txt allowed"; exit; } $file_ID = time(); if (-e "$upload_Dir/$file_ID.$type") { print "Content-type: text/html\n\n"; print "file already exist"; } else { #### doesnt work $main::q::DISABLE_UPLOADS = 0; my $upload_Handle = $q->upload($filename); chdir($upload_Dir) or die "could not read target folder: $!"; if (!$upload_Handle && $q->cgi_error) { print $q->header(-status=>$q->cgi_error); exit 0; } my $error = $q->cgi_error; if ($error) { print $q->header(-status=>$error), $q->start_html('Problem'), $q->strong($error); exit 0; } while (<$upload_Handle>) { print; } print Dumper $q; print $upload; while(<$upload_Handle>){print $_;} print $upload_Dir; exit;
i still get no output. $q is initialised. dont know how to fix it. fyi: on an windows apache it works fine. but now i ported the script to a opensuse box. if i try to upload a file from my windows machine to the linux webserver where the script runs it give nothing back, even no errors.
$perlig =~ s/pec/cep/g if 'errors expected';

Comment on @CGI $q->upload() doesnt work properly
Download Code
Re: @CGI $q->upload() doesnt work properly
by Eliya (Vicar) on Mar 08, 2012 at 14:35 UTC
    my $upload_Handle = $q->upload($filename);

    Looks like you're specifying a file name here.

    It should be the name of the respective file input field in the form, presumably

    <input type="file" name="upload_file" /> ^^^^^^^^^^^

    just like you're already using it to get the file name via $q->param('upload_file').

    my $filename = $q->param('upload_file'); # returns (client-side) +name of the file my $filehandle = $q->upload('upload_file'); # returns handle to the +server-side temp file
Re: @CGI $q->upload() doesnt work properly
by Anonymous Monk on Mar 09, 2012 at 00:19 UTC
      hm ok..

      but thats not new to me.. the code i show you is only part of an package. the cgi object lies in the main. for that its not a scoping issue.
        my $filename = $q->param('upload_file');
      gives exactly the filename of the uploaded file. but not full qualified.
      here you are right:
      $CGI::DISABLE_UPLOADS
      $main::q is initialised in the main with
      our $q = new cgi;
      but the attribute should set like
      use CGI qw/:standard/; use CGI::Carp 'fatalsToBrowser'; $CGI::POST_MAX=1024 * 100; # max 100K posts $CGI::DISABLE_UPLOADS = 1; # no uploads
      thanks for the pointer.
      like Eliya said:
      my $filename = $q->param('upload_file'); # returns (client-side) +name of the file my $filehandle = $q->upload('upload_file'); # returns handle to the +server-side temp file
      thats still my code. but the filehandle is empty. thats what i want to fix. i want to know what this function do:$q->upload('upload_file'); because it might be that there is a problem with fetching the data from the client..?!
      sorry 4 my worse diction..
      $perlig =~ s/pec/cep/g if 'errors expected';

        hm ok.. but thats not new to me.. the code i show you is only part of an package. the cgi object lies in the main. for that its not a scoping issue.

        :) Um, if you know this is bad way to code (multiple exit points, action at a distance, not maintainable), why continue to use globals like that and call exit?

        my $filename = $q->param('upload_file'); gives exactly the filename of the uploaded file. but not full qualified.

        Except that it only gives what the browser sends, and the browser can send anything, including a full path full of dots, or anything at all. You're trusting the browser/user to not be evil. Don't trust, code so as to protect yourself. Full path for uploaded file, Security issues when allowing file upload via CGI, use taint and launder dirty data

        but the filehandle is empty. thats what i want to fix.

        Do you have the latest version of CGI? You should. Then, if filehandle is still empty, there must be something in cgi_error or in server logs

        i want to know what this function do

        Well, see both CGI documentation and sourcecode and you'll know :) its undef on error

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://958464]
Approved by marto
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (8)
As of 2014-09-16 05:38 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite cookbook is:










    Results (156 votes), past polls