Ovid's CGI Course describes security and debugging issues. Spend time reading and understanding this and you'll be in a better position to debug the problem/provide further problem details.

I am not able to provide any error messages as such. Can some one help me out?

If you can't provide error messages how do you know where your code is failing. There are many reasons for a file upload script failing. Others have posted very good suggestions of where to go from here. Without error messages of some sort it is like your doctor trying to diagnose an illness over the telephone when you can't speak.

#!/usr/bin/perl

use CGI::Carp qw(fatalsToBrowser);

local $SIG{__WARN__} = \&Carp::cluck;
[download]

If you havn't discovered it on your own yet, try running this script to get your cgi info.

#!/usr/bin/perl  

# Don't buffer output
$| = 1;

# Ask for server name and information
chomp($hostname = `hostname`);
chomp($uname = `uname -a`);

# Ask system for user name
chomp($user = `/usr/bin/whoami`);

# Ask system for user id and group id for this user
($uid, $gid) = (getpwnam($user))[2, 3];

# Get path for sendmail program
chomp($sendmail = `which sendmail`);

#
# Generate the complete form
#
print "Content-type: text/html\n\n";

print qq(
<html>
<head>
<title>CGI Environment</title>
</head>

<body bgcolor="white">
<b>
Host name is $hostname.<br>
CGI programs execute as user $user ($uid, $gid).<br>
System description is $uname.<br>
</b>
<hr>

<h2 align="center">CGI Environment</h2>
<p>
<br>
SERVER_SOFTWARE = $ENV{'SERVER_SOFTWARE'}<br>
SERVER_NAME = $ENV{'SERVER_NAME'}<br>
GATEWAY_INTERFACE = $ENV{'GATEWAY_INTERFACE'}<br>
SERVER_PROTOCOL = $ENV{'SERVER_PROTOCOL'}<br>
SERVER_PORT = $ENV{'SERVER_PORT'}<br>
REQUEST_METHOD = $ENV{'REQUEST_METHOD'}<br>
HTTP_FROM = $ENV{'HTTP_FROM'}<br>
HTTP_ACCEPT = $ENV{'HTTP_ACCEPT'}<br>
HTTP_USER_AGENT = $ENV{'HTTP_USER_AGENT'}<br>
HTTP_REFERER = $ENV{'HTTP_REFERER'}<br>
PATH_INFO = $ENV{'PATH_INFO'}<br>
PATH_TRANSLATED = $ENV{'PATH_TRANSLATED'}<br>
SCRIPT_NAME = $ENV{'SCRIPT_NAME'}<br>
QUERY_STRING = $ENV{'QUERY_STRING'}<br>
REMOTE_HOST = $ENV{'REMOTE_HOST'}<br>
REMOTE_ADDR = $ENV{'REMOTE_ADDR'}<br>
REMOTE_USER = $ENV{'REMOTE_USER'}<br>
REMOTE_IDENT = $ENV{'REMOTE_IDENT'}<br>
AUTH_TYPE = $ENV{'AUTH_TYPE'}<br>
CONTENT_TYPE = $ENV{'CONTENT_TYPE'}<br>
CONTENT_LENGTH = $ENV{'CONTENT_LENGTH'}<br>
<p>
<hr>
<p>
<h2 align="center">Complete Environment</h2>
);

foreach $key (sort keys %ENV)
{
    print "$key = $ENV{$key}<br>\n";
}

print qq(
<h2 align="center">System Programs</h2>
Sendmail program path : $sendmail

</body>
</html>
);
[download]

use CGI::Carp qw(fatalsToBrowser);

local $SIG{__WARN__} = \&Carp::cluck;
[download]

I tried putting this code. (I was looking for this piece of code. Thanks). It thrown this error "Software error: CGI open of tmpfile: Permission denied".

On googling I found like CGI defaults the temp directory to /usr/tmp. Is there any way to override this temporary path.

It thrown this error "Software error: CGI open of tmpfile: Permission denied".

The way I interpret that error, is that your file upload script dosn't have permission to write to the designated upload directory. This is usually because it is not mode 0777 or world-writable, which is needed by file uploads ( unless your apache server is using su-exec).

You really should post a minimal running code example which fails, so we can see where your problems are.

It is 99% probable that the problem IS NOT due to the CGI module. People successfully run http file uploads all the time, but you must have your file paths and permissions correct.

Here is a simple upload script to test with. In your cgi directory, where you place this script, make a subdir called "uploads" and chmod it to 0777. Then run this script thru the browser.

#!/usr/bin/perl
use warnings;
use strict;
use CGI;
use CGI::Carp 'fatalsToBrowser';

my $maxsize = 1024 * 100; #max 100K

my $query = new CGI;
my $upload_dir = "uploads";  #permissions for dir are set 0777

print $query->header();

if($ENV{CONTENT_LENGTH} > $maxsize){
 print "file too large - must be less than $maxsize bytes";
 exit; 
 }
 
my $file = $query->param("file");
my $filename = $file;
$filename =~s/.*[\/\\](.*)/$1/;


open (UPLOADFILE, ">$upload_dir/$filename") or die "$!\n";

$/= \8192;  # sets 8192 byte buffer chunks, perldoc perlvar
while ( <$file> ){
        print UPLOADFILE $_;
    }
    close UPLOADFILE;
     

print <<END_HTML;
<HTML>
<HEAD> <TITLE>Thanks!</TITLE> </HEAD>
<BODY bgcolor="#ffffff"><br>
<P>Thanks for uploading file : $filename!</P>
</BODY>
</HTML>
END_HTML
[download]

---

I'm not really a human, but I play one on earth.
Old Perl Programmer Haiku ................... flash japh

One side note: CGI::Carp::warningsToBrowser might be worth looking into.

On googling I found like CGI defaults the temp directory to /usr/tmp. Is there any way to override this temporary path.

What does the CGI documentation say?

CGI open of tmpfile: Permission denied

Hoster error. Contact support. See also Re: On uploading a file.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Help yourself, use these checklists CGI Help Guide and Troubleshooting Perl CGI scripts

See also How do I post a question effectively?

Two of the most immediately useful tools you can use to troubleshoot this sort of thing are:   on the client side, a debugger such as Firefox; and on the server side, the Apache logs.   You need to conclusively see what the client is actually sending, and then to see what the server recorded in its own logs.   (What it sends back to the client is probably not very useful for this purpose.   You won’t get far, just looking at that.)

Any of us could rattle off a “rogue’s gallery” of likely suspects, particularly in the case of file uploads, but the list is long enough that speculation won’t help much.   You need facts.

Is the reason that you're unable to provide any error messages because your code is failing silently, because you have a policy against providing error messages when asking questions, or because you don't know where to find error messages in the server logs?

Without error messages, how do you know that the line you quoted is where the code is failing? You put print statements before and after that line to see if you arrived there?

If your code is failing silently, fix it. Since you didn't provide any code example, we can't tell you what exactly to fix, but I can tell you that anything that can fail should be checked, and errors logged. Any time you make an assertion as to the state of a component of your code, you should be checking that assertion. Did a regex match. Did a file really get opened? Did a file really get written to? Did a particular parameter really get passed? These are all things you can check programatically. And when you do check, if a state comes up where there's no point going on, you log it and die. If you can recover from it, you log it and recover.

If you have a policy against providing error messages when asking questions, change it so that your questions will become answerable.

If you don't know where to find error messages, you have to check the log files for your server. This will be different for different server configurations. Either you need to read the documentation for your server, or contact your server's administrator to ask where the error logs can be found. Without access to them, your CGI adventures will be painful and non-productive.