Uploading a file

anirudh_sml has asked for the wisdom of the Perl Monks concerning the following question:

Hi,
I am using mason perl when i am using code to upload a file

#!/usr/bin/perl -w

 use CGI;

 my $upload_dir = "/tmp/jobs";

 my  $query = new CGI;

 my $filename = $query->param("photo");
 my $email_address = $query->param("email_address");
 $filename =~ s/.*[\/\\](.*)/$1/;
 my $upload_filehandle = $query->upload("photo");

 open UPLOADFILE, ">$upload_dir/$filename";

 binmode UPLOADFILE;

 while ( <$upload_filehandle> )
 {
   print UPLOADFILE;
 }

 close UPLOADFILE;
[download]

-------------------------------------------

PROBLEM:
i use this code in cgi-bin filename.pl file it is working fine but when i pass all information through params from html file in the function which is wrriten as in .pm file the output file which is uploaded does not contain any data .

Please help me out give me code and reason why it is not working in .pm but working fine in cgi-bin filename.pl

20070110 Janitored by Corion: Added formatting, code tags, as per Writeup Formatting Tips

Comment on Uploading a file Download Code

Replies are listed 'Best First'.
Re: Uploading a file by wazoox (Prior) on Jan 10, 2007 at 09:44 UTC
First of all, it is tremendously important that you use secure tainted mode (-T flag). Writing files based upon user input is a huge potential security risk, and now you simply can't publish unsecure code on the internet anymore without having it explode to your face right away. Second, you probably need to figure out permissions properly. Third you show us the code that works, not the code which isn't working. It's hard to guess what's wrong in code you didn't show... Fourth I advise you to first read Ovid's CGI course and also check Perlmod documentation, I guess you're not getting the concept of namespaces and variable scoping right.	[reply]
Re: Uploading a file by davorg (Chancellor) on Jan 10, 2007 at 09:56 UTC
Adding `use strict` to your code and checking the return value from your call to open would no doubt give useful clues. -- <http://dave.org.uk> "The first rule of Perl club is you do not talk about Perl club." -- Chip Salzenberg	[reply]
Re: Uploading a file by SFLEX (Chaplain) on Jan 10, 2007 at 14:30 UTC
I posted the answer here problem in ciode. Good Luck	[reply]
Re^2: Uploading a file by SFLEX (Chaplain) on Jan 10, 2007 at 14:39 UTC
to secure your filename variable you could try this when using Taint, also added use strict. #!/usr/bin/perl -Tw # Now uses Taint and strict use CGI; use strict; my $upload_dir = "/tmp/jobs"; my $query = new CGI; my $email_address = $query->param("email_address"); my $filename = $query->param("photo"); # Upload param check unless($filename =~ /^([^\/\\]+)$/) { print "File Not Writable! at upload param check"; exit; } $filename =~ s/.[\/\\](.)/$1/; my $upload_filehandle = $query->upload("photo"); open UPLOADFILE, ">$upload_dir/$filename"; binmode ($upload_filehandle); binmode (UPLOADFILE); while ( <$upload_filehandle> ) { print UPLOADFILE $_; # this was your problem $_ } close UPLOADFILE; [download]	[reply] [d/l]
A reply falls below the community's threshold of quality. You may see it by logging in.
A reply falls below the community's threshold of quality. You may see it by logging in.

Back to Seekers of Perl Wisdom