Re: File upload CGI script with load bar

If you really do want a pure-perl solution which can be used by all visitors to the page then that means relying on a back-end solution such as Raditha's MegaUpload. Otherwise, consider Corion's advice regarding a JS solution.

Comment on Re: File upload CGI script with load bar

Replies are listed 'Best First'.
Re^2: File upload CGI script with load bar by MidLifeXis (Monsignor) on Apr 09, 2015 at 12:36 UTC
While this may work, after taking a look at some of the code, I am uncertain if 1) it is a pure perl solution~~, and 2) if it is a safe solution~~. Headers are parsed by hand, there is a reference to upload2.php in the source (which I did not track down to see if it is used, or if it is just a leftover), creates the upload directory mode 777, assumes the browser puts the session id into the first parameter in the query string, <redacted /> there is a significant security issue with a remote exploit, .... I stopped looking after the last one. In short, this would be on a do not use list for me, about the same level as the original Matt's Script Archive code. Updates: removed description of exploit pending notification of author, remove the "might not be safe" clause. 2015-04-30T10:44-05:00 - No response from the author. Looking into method of applying appropriate pressure. If this is a "top 1% project", having this exposure could be a BadThing™ --MidLifeXis	[reply]

Replies are listed 'Best First'.

Re^2: File upload CGI script with load bar
by MidLifeXis (Monsignor) on Apr 09, 2015 at 12:36 UTC

While this may work, after taking a look at some of the code, I am uncertain if 1) it is a pure perl solution~~, and 2) if it is a safe solution~~.

Headers are parsed by hand, there is a reference to upload2.php in the source (which I did not track down to see if it is used, or if it is just a leftover), creates the upload directory mode 777, assumes the browser puts the session id into the first parameter in the query string, <redacted /> there is a significant security issue with a remote exploit, .... I stopped looking after the last one.

In short, this would be on a do not use list for me, about the same level as the original Matt's Script Archive code.

Updates:

removed description of exploit pending notification of author, remove the "might not be safe" clause.
2015-04-30T10:44-05:00 - No response from the author. Looking into method of applying appropriate pressure. If this is a "top 1% project", having this exposure could be a BadThing™

--MidLifeXis

[reply]