Using FindBin or CWD from within a CGI program

smack has asked for the wisdom of the Perl Monks concerning the following question:

Greetings Monks,
I'm working on a web page that will allow access to documents and accept uploads as well. I have the upload mechanism working properly, but require a path for the file to be uploaded to. The methods I have used in the past to determine the location of the perl script do not work when called by apache, they simply report "/". I have tried using a system call, as well as the following methods (Which works fine when the program is run from the command line) to no avail:

use CGI;
use Cwd;

my $currentdir = getcwd;
print "Current dir is: $currentdir \n";
[download]

Also, FindBin returns the same results:

use FindBin;
print "\nBinary is: $FindBin::Bin \n";
[download]

Both report the location to be "/".I have searched with Google and found no satisfactory solution. I really need to be able to determine where the perl script was executed from, any assistance would be greatly appreciated!

Best Regards!

smack

Comment on Using FindBin or CWD from within a CGI program Select or Download Code

Replies are listed 'Best First'.
Re: Using FindBin or CWD from within a CGI program by Spidy (Chaplain) on Nov 22, 2005 at 00:01 UTC
If you're writing this in a CGI script, (ie, putting it on the net), There's an ENV hash available through CGI. It's got a lot of useful features, but here's a couple you may want to take a look at: $ENV{SCRIPT_NAME} - Gives you the location, after the root directory, of the script. $ENV{HTTP_HOST} - Gives you the original hosting domain. By using both of these, you could perhaps do something like this: `my $location = $ENV{HTTP_HOST} . $ENV{SCRIPT_NAME};` [download] Which should give you the exact path to get to your script. Hope I helped, Spidy My Website	[reply] [d/l]
Re: Getting CWD from within a CGI program by ikegami (Patriarch) on Nov 21, 2005 at 17:09 UTC
Apache sets the the current directory to "/", so even though you say your snippet isn't working, it is. Maybe you want the directory in which the script resides (which is unrelated to the current directory.) If so,FindBin should be of use.	[reply] [d/l]
Re^2: Getting CWD from within a CGI program by Aristotle (Chancellor) on Nov 21, 2005 at 17:13 UTC
FindBin is broken. Makeshifts last the longest.	[reply]
Re: Getting CWD from within a CGI program by holli (Abbot) on Nov 21, 2005 at 17:13 UTC
Looks like your Apache is configured not to give your script access to anything outside your own directory. So "/" is the root of your own directory, not the root of the system itself. What does `use CGI; use Cwd; mkdir "test"; chdir "test"; my $currentdir = getcwd; print "Current dir is: $currentdir \n";` [download] print? holli, /regexed monk/	[reply] [d/l]
Re^2: Getting CWD from within a CGI program by smack (Beadle) on Nov 21, 2005 at 17:29 UTC
The output is still: "Current dir is: /". I am running the script frm my DocumentRoot either. I tried using FindBin as well, the following has the same result: `use FindBin; print "\nBinary is: $FindBin::Bin \n";` [download] It works fine when run from the command line. “There are no cats in America, and the streets are paved with cheese.” -Fievel Mousekewitz	[reply] [d/l]
OT: Non-perl -- but question may be the wrong question by ww (Archbishop) on Nov 22, 2005 at 14:48 UTC
Possibly OT, but I see a possibility that you need to rethink your question... or, at least, the title portion and some matters which grow out of that. My surmise is based in part on your comment "I really need to be able to determine where the perl script was executed from..." and in part on what I see as the implication ( in your observation that CWD and CGI report the location as "/." ) that you don't want to save the uploads there. (Also note that the directory from which perl executes and the cgi-bin where your script is stored are not necessarily the same, and may well involve all manner of sym link magic, which is far beyond the scope of this discussion.) So if you're really looking for answers about how to find and define an appropriate target for uploads, consider this: they might go to a subdirectory of cgi-bin such as /uploads/ *OR* to an .hta-protected directory within your /http-docs/ (or /public-html/ or /http-public/ or /whatever-name/ the admin of your server has defined as the public root -- the highest level directory browseable by the general public). If you use a protected subdir of /http-docs/, you should be able to give your script a full URL to that subdir; eg "http://www.foo.bar/blivitz/" and append a filename supplied by the user (after some cautious untainting). You probably do NOT want to save the uploads in any directory to which access is otherwise available to the uploader -- simply because it makes some mischief easier. Alternately (and still hypothesizeing that you're on a shared Apache or similar nix server from which I've also inferred that you are NOT the admin of the server and that you do not have root priviledges) you might explore your site's root* directory -- *EMPHASIS* on "your site's root" because that and the actual root are not the same. Even a simple tool like your ftp client can be used to check your site's root. Many providers will offer a directory named "ftp" or similarly, with a subdir called "incoming" or "uploads" or somesuch. If so, aiming your users' files at /ftp/uploads/ can be an answer to the question I have so brashly hypothesized to be your real issue.	[reply]
Re: Using FindBin or CWD from within a CGI program by pileofrogs (Priest) on Nov 22, 2005 at 18:46 UTC
I'd like to add to what ww was saying. The security implications of a cgi that handles uploads are many. You might want to consider hard coding the path to the upload directory. If, not, be very very very strict when you check the results from whatever mechanism you do use. Be sure to turn on taint checking.	[reply]