in reply to Not Strictly A perl question.

It's Perl enough for me. I'm a bit tired so you don't get the full answer, but here's the quick rundown.

When you put a link in a webpage, the browser loads the HTML, then loads the images as if you were following links to the images. In short, an <img src="lalala"> tag acts exactly like a <a href="lalala"> tag. There is no problem at all with having the target of a img tag being a cgi.

So your img tag becomes <img src=">.

The CGI becomes:

#!/usr/local/bin/perl -w use CGI qw/:all/; my $query = CGI::new(); my $file = $query->param("image"); open ( IMAGE, $file ); while ( <IMAGE> ) { print $_; } exit ;

You are on the right track. A lot of sites have "image servers" - web servers that just host images. Cuts down the load on any one server. I'll let someone else shout about security, but consider what could happen if someone typed "" into their browser...

I didn't believe in evil until I dated it.

Replies are listed 'Best First'.
Re: Re: Not Strictly A perl question.
by Zaxo (Archbishop) on Jul 01, 2001 at 00:19 UTC

    I'll fill out some of the bits jepri left out

    As it stands the code has a classic cgi security hole. It trusts user input for file system locations (e.g. ?image=/etc/passwd). Here is a safer rewrite:

    #!/usr/local/bin/perl -wT use strict; use CGI qw/:all/; my %images = ( 'tophat'=> { 'path'=>"/usr/somewhere/way/out/of/reach/Top Hat.jpeg", 'mime'=>"image/jpeg"}, 'racecar'=> { 'path'=>"/usr/somewhere/way/out/of/reach/Bugatti.png", 'mime'=>"image/png"}, #etc... ); my $query = CGI::new(); my $file = $query->param("image"); $|=1; if (defined $images{$file}) { print $query->header({-type=>$images{$file}{'mime'}});} open ( IMAGE, $images{$file}{'path'} ); print while ( <IMAGE> ); close(IMAGE); } else { print $query->header({-type=>'text/html', -status=>"404 File Not Found"}); } exit ;

    This is a forgiving approach to bad input, more BOFHish to log and play games.

    After Compline,