CGI.PM File Upload

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi Perl Monks!

I am using CGI.pm to handle a file upload section of a script but I'm encountering a problem when it comes to limiting the size of the file uploads. I am presently using $CGI::POSTMAX to set the max upload size to 100KB but it seems when someone tries to upload a file larger, say 1MB, they are simply taken back to the main page - no error or anything which is confusing.

I have been searching for a way to print an error if the file is too large but the only solutions I have found are to upload the file, then check the size and delete it if it is too big which doesn't really prevent abuse from people uploading 10MB files.

Thanks for any advice!!

Comment on CGI.PM File Upload

Replies are listed 'Best First'.
Re: CGI.PM File Upload by rob_au (Abbot) on Dec 05, 2002 at 03:44 UTC
I wrote a node on this topic previously, Custom error handling for oversized CGI request entities, which provides an outline for achieving this goal. `perl -le 'print+unpack("N",pack("B32","00000000000000000000000111110010"))'`	[reply]
Re: CGI.PM File Upload by chromatic (Archbishop) on Dec 05, 2002 at 03:05 UTC
Assuming you've set `$CGI::POST_MAX` correctly, it should return a 413 error if there's a `CONTENT_LENGTH` header and if the reported length exceeds the max. If you haven't simply forgotten the underscore, you'll have to post your code before anyone can do more than guess.	[reply] [d/l] [select]
Re: Re: CGI.PM File Upload by tachyon (Chancellor) on Dec 05, 2002 at 03:27 UTC
Actually this is wrong. What CGI.pm does is this: `if (($POST_MAX > 0) && ($content_length > $POST_MAX)) { $self->cgi_error("413 Request entity too large"); last METHOD; sub cgi_error { my ( $self, $err ) = @_; if ( $err ) { $self->{'.cgi_error'} = $err; $self->{'.globals'}->{'FATAL'} == 1 ? croak $err : $self->{'.globals'}->{'FATAL'} == 0 ? carp $err : return +$err; } return $self->{'.cgi_error'}; }` [download] What this achieves is to set the cgi_error() method which behaves depending on $CGI::FATAL. A 413 header is not generated. All that generally happens is that CGI.pm exits its multipart parsing loop (METHOD:) and proceeds happily along (unless it croaked in cgi_error). As it has not got any data it end up doing zip. With no params the general behaviour written into most CGIs is to display the default/login page.... All that is required is to check for this error and do whatever.... `my $q = new CGI; do_file_too_big() if $q->cgi_error =~ m/413/;` [download] cheers tachyon s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print	[reply] [d/l] [select]
Re: Re: Re: CGI.PM File Upload by Anonymous Monk on Dec 05, 2002 at 04:12 UTC
This is most helpfull, thank you !	[reply]