Re (tilly) 1: Help with a File Upload

If I were you I would check the error logs. I would also suggest adding more informative dies, and paying attention to security. For instance look at perlsec, turn on taint checking, and stop trusting that user-supplied filenames will be clean.

Here is a simple working example I did a while ago which just echoes the file back to the browser. For more information on some of the security issues that need to be addressed, you may wish to visit the WWW Security FAQ including this section on CGI scripts. Or you can just wander by some samples of how people actually crack scripts. (Hint, it is your vulnerability to some of these cracks that made me sit down and write this. I leave it to you to figure out which ones...)

For a random past discussion on this (which explains both why you cannot safely ignore these attacks and gives some pointers on how to protect yourself) take a look at Warning our Fellow Monks.

Comment on Re (tilly) 1: Help with a File Upload

Replies are listed 'Best First'.
Re: Re (tilly) 1: Help with a File Upload by elusion (Curate) on Feb 18, 2001 at 04:23 UTC
...turn on taint checking... If you look up to my original post it says that it's not the whole script. grin Taint checking's on. ...adding more informative dies... I know where the script breaks. Right after the call to upload. I do my research. grin - p u n k k i d "Reality is merely an illusion, albeit a very persistent one." -Albert Einstein	[reply]
Re (tilly) 3: Help with a File Upload by tilly (Archbishop) on Feb 18, 2001 at 04:40 UTC
If taint checking is on then your probable problem is the fact that there is tainted data. Check your logs. As for "doing your research", wrong answer. If you follow the advice in perlstyle you will minimize the chance that an unexpected error will wind up in a bad state but proceeding blindly. And by actually capturing error in an informative way you make it so that if something goes wrong then you generally have your answer in front of you before you start trying to debug. This is item which I feel very strongly about. Not knowing that error checks are important is one thing. But having a programmer be unwilling to learn to put in those checks is a fireable offence in my books. (And there are not a lot of things that I call fireable offences!)	[reply]