Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??

Below is some code I wrote a while back for doing something similar, though not necessarily exactly the same. Below that is the HTML form, so you can see the enctype entry.

There are some issues with this code, such as the chance of files being overwritten, but this should give you a starting point.

This script also lets the uploader send an email. Of course, this could be abused, so some restrictions on this should probably be put in place.

Relevant thread: Security issues when allowing file upload via CGI.

My post-upload.cgi script:

#!/usr/bin/perl -- use CGI qw( :standard escapeHTML ); use strict; my $megabyte = 1024 * 1024; # bytes my $max_mb = 10; # max no. of MB we will allow $CGI::DISABLE_UPLOADS = 0; # CGI module variable for en/disabling uploads (non-zero to disable) $CGI::POST_MAX = $megabyte * $max_mb; # CGI module variable for maximum upload size (bytes) my $base_dir = "/var/www/site1/web/"; my $base_dom = ""; my $target_dir = "../uploads"; my $directory = $base_dir . $target_dir; my $sendmail = "/usr/bin/sendmail"; my @sendmail_opts = ( '-oi', '-t' ); $| = 1; my $query = new CGI; my @names = $query->param; my $url = $query->param("URL"); my $fh = $query->upload('upload_file'); my $filename = $query->param('name'); $filename =~ s/[^A-Za-z0-9\.\_]/_/g; open OUTF, "> $directory$filename" or die; binmode OUTF; while ( $bytesread = read $fh, $buffer, 1024 ) { print OUTF $buffer; } close OUTF; if ( !$file && $query->cgi_error ) { print $query->header( -status => $query->cgi_error ); exit 0; } open MAIL, "| $sendmail @sendmail_opts" or die "Can't fork sendmail: $ +!\n"; print MAIL "From: $0\n", "To: ", $query->param("TO"), "\n", "Subject: ", ( $query->param("SUBJECT") || "mailed form submission +" ), "\n\n"; for my $param ( @names ) { printf MAIL "%s: %s\n", $para, $query->param($param); } print MAIL "\n\nThe link to the uploaded file is $base_dom$target_dir$filenam +e . ", "It was renamed by the upload script, so you will need to rename i +t.\n"; close MAIL; print $query->redirect( -URL => $url );

My sample upload form (body only):

<form action="/cgi-bin/post-upload.cgi" method="post" enctype="multipa +rt/form-data"> <!-- hidden inputs --> <input name="TO" type="hidden" value="my.address@my.domain" /> <input name="URL" type="hidden" value=" +ion.done.htm" /> <input name="SUBJECT" type="hidden" value="From Your Upload Center on +Website" /> <!-- visible inputs --> File to send: <input name="upload_file" type="file" size="30" /><br> Your name: <input name="name" size="42" /><br> E-mail: <input name="Email" size="42" /><br> <input type="submit" value="SEND FILE" /> <input type="reset" value="CLEAR" /> </form>

In reply to Re: I need a simple web upload script. by atcroft
in thread I need a simple web upload script. by transmission_err

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    Domain Nodelet?
    and the web crawler heard nothing...

    How do I use this?Last hourOther CB clients
    Other Users?
    Others having a coffee break in the Monastery: (9)
    As of 2024-07-15 09:31 GMT
    Find Nodes?
      Voting Booth?

      No recent polls found

      erzuuli‥ 🛈The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.