Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

Re^3: CGI and security

by zentara (Archbishop)
on Jul 12, 2012 at 14:59 UTC ( #981419=note: print w/replies, xml ) Need Help??

in reply to Re^2: CGI and security
in thread CGI and security

It thrown this error "Software error: CGI open of tmpfile: Permission denied".

The way I interpret that error, is that your file upload script dosn't have permission to write to the designated upload directory. This is usually because it is not mode 0777 or world-writable, which is needed by file uploads ( unless your apache server is using su-exec).

You really should post a minimal running code example which fails, so we can see where your problems are.

It is 99% probable that the problem IS NOT due to the CGI module. People successfully run http file uploads all the time, but you must have your file paths and permissions correct.

Here is a simple upload script to test with. In your cgi directory, where you place this script, make a subdir called "uploads" and chmod it to 0777. Then run this script thru the browser.

#!/usr/bin/perl use warnings; use strict; use CGI; use CGI::Carp 'fatalsToBrowser'; my $maxsize = 1024 * 100; #max 100K my $query = new CGI; my $upload_dir = "uploads"; #permissions for dir are set 0777 print $query->header(); if($ENV{CONTENT_LENGTH} > $maxsize){ print "file too large - must be less than $maxsize bytes"; exit; } my $file = $query->param("file"); my $filename = $file; $filename =~s/.*[\/\\](.*)/$1/; open (UPLOADFILE, ">$upload_dir/$filename") or die "$!\n"; $/= \8192; # sets 8192 byte buffer chunks, perldoc perlvar while ( <$file> ){ print UPLOADFILE $_; } close UPLOADFILE; print <<END_HTML; <HTML> <HEAD> <TITLE>Thanks!</TITLE> </HEAD> <BODY bgcolor="#ffffff"><br> <P>Thanks for uploading file : $filename!</P> </BODY> </HTML> END_HTML

I'm not really a human, but I play one on earth.
Old Perl Programmer Haiku ................... flash japh

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://981419]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (3)
As of 2018-12-11 22:04 GMT
Find Nodes?
    Voting Booth?
    How many stories does it take before you've heard them all?

    Results (57 votes). Check out past polls.

    • (Sep 10, 2018 at 22:53 UTC) Welcome new users!