Re^2: at job help ?

Yes i have abandoned symlink idea- I am doing what ikegami suggested. The octet stream thingie.It works marvelous.

Here's the chunk of code..

  # the SV hash is non-tainted data, that means at this point the data is     
  # coming from the server, not the client 
  # $SV{file_selected_path} is the path to the file in the document     
  # directory, here there are multiple directories etc
  # here we make ugly/azz/filename.pdf to filename.pdf
  my $filename = $SV{file_selected_path};$filename=~s/^.+\///;

# $DOC has the absolute path on server to the documents directory
my $FILE;
if (!open($FILE, '<',"$DOC/$SV{file_selected_path}")) {
   print "Location: $WWW/?sorry\n\n"; 
	exit;
}

# the next code line makes it so if you go to download.cgi,
# the user gets prompted to do what with filename.pdf, cute.
print(qq|Content-Disposition: attachment; filename="$filename"\n
Content-Type: application/octect-stream\n\n|);

binmode(STDOUT);
binmode($FILE);
$/ = \1024; # Read in blocks of 1024 bytes;
print while <$FILE>;

exit;

Comment on Re^2: at job help ?

Replies are listed 'Best First'.
Re^3: at job help ? by merlyn (Sage) on Nov 29, 2005 at 15:28 UTC
`application/octect-stream` [download] that's `application/octet-stream`. And you should actually send the proper mime type if you can... see File::MMagic for example. -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply] [d/l]
Re^4: at job help ? by leocharre (Priest) on Dec 07, 2005 at 19:43 UTC
Ok.. update .. This is much better now, fixed some stupidity with mimetypes, this is actually important so the client will know what to do with the data. i installed File::MMagic on the server and here's the code to my downloader.. i high-lighted what applies here. #!/usr/bin/perl -T =pod DOWNLOAD A FILE does not need to be sent form data, it makes a temp download link +from the last selected file =cut use strict; use lib 'xxxxxxxxxxxx'; use DMS; use DMS::Admin; use DMS::Database; use DMS::Shared; use Hstat; use File::MMagic; #first test and sanitize all tainted data my %FD=DMS::tainted_data; #will poop out on its own if bad my $db=DMS::Database::dbstart; #///////// THIS IS THE DOG //////////////////////////////////////// +///// my %SV = DMS::Database::SV('u,m',\$db,\%FD); #then get all form data that may exist if ($SV{usertype} eq 'u'){ #make sure they have rights over file id my $c=$db->prepare(qq\|select users_id from files_users where users +_id="$SV{users_id}" and inode="$SV{file_selected}"\|); $c->execute; unless($c->rows){ #user has no rights to file. $c->finish; $db->disconnect; print "Location: $WWW?you.do.not.have.rights.to.that.file.u\n\ +n"; exit; } $c->finish; } elsif ($SV{usertype} eq 'm'){ #find parentmost's inode unless ( find_parentmost($SV{file_selected},\$db) eq $SV{project_s +elected} ){ $db->disconnect; print "Location: $WWW?you.have.no.rights.to.that.file.m.$SV{pr +oject_selected}.$SV{users_id}\n\n"; exit; } #$q->finish; } # else.. they are admin or superadmin. $db->disconnect; # #stream my $filename = $SV{file_selected_path};$filename=~s/^.+\///; # $DOC/$SV{file_selected_path} is something like /my/file/on/server/he +re.pdf my $FILE; if (!open($FILE, '<',"$DOC/$SV{file_selected_path}")) { print "Content-type: text/html\n\n Sorry $DOC/$SV{file_selected_path}"; exit; } #ok we are all go. #find out mime type!!! my $mm= new File::MMagic; #use internal magic file my $res = $mm->checktype_filename("$DOC/$SV{file_selected_path}"); print(qq\|Content-Disposition: attachment; filename="$filename"\nConten +t-Type: $res\n\n\|); binmode(STDOUT); binmode($FILE); $/ = \1024; # Read in blocks of 1024 bytes; print while <$FILE>; exit; # sub find_parentmost { my ($inode,$db)=@_; #my $parent=1; my $q=$$db->prepare(qq{SELECT link FROM files WHERE inode=?}); my $parentmost; while ($inode){ $q->execute($inode); $parentmost=$inode; ($inode) = ($q->fetchrow); } $q->finish; return $parentmost; } [download] Edit: g0n - replaced pre with code tags	[reply] [d/l]