Perhaps try using the value of $search somewhere in your code? A second grep would be good.

Also, be sure to sanitize your input or it will run arbitrary code many times.

I would strongly recommend using -wT in the shebang line (the first line), w turns on warnings, and T does taint checking (as was just mentioned above). This forces you to run your input through a regex that checks for only valid characters (0-9, a-z, A-Z, _, -, etc) and not code that can be executed on your webserver.

I also recommend 'use strict;' to force proper programming technique.

Incorporating your $search in a grep or in your original regex would fix your problem. Right now you're not looking for what was typed, only things with 'jpg' in the title. You can also reduce your regex by using the 'i' operator after the last slash to make your search case-insensitive. I'd suggest you do some searching on google for regexs (you might find a good tutorial here, I haven't looked lately) and how they work.

How do i sanitize my input?

#!/usr/bin/perl -w
-T
[download]

Ive tried using the <STDIN> and added it to grep but im unable to get it to work. Im not sure how im ment to add the input to grep.

Thanks

Update: This was intended as an answer to re ^2; specifically, how to untaint. Apologies for any confusion caused by my confusion. :-)
 

Anonymonk gave you the bullet version; sierpinski provided the details. Very simply, write a regular expression to reject anything which is NOT acceptable -- for your purposes, acceptable input might well be constrained to

/^[A-Za-z0-9]+\.jpg$/i

...that is, a name beginning with an upper or lowercase alpha character or a digit, followed by any number of alphas or digits, followed by a period and "jpg". The "^" and "$"mark the beginning and end of your $search string, thus preventing someone from sending you a file called

foo.jpg.delete_everything.exe.

Alternately, your could reject everything except the char set just discussed by using

/^[^A-Za-z0-9]+\.jpg$/i

...which is the inverse set-- anything that is NOT an upper or lowercase alpha or digit matches, in which case you would want to reject anything that DOES match this one. (if you wish to accept "*.jpeg" you'll need to extend these regexen.)

BTW, the shebang is better written as

#!/usr/bin/perl -wT

I suspect your version will fail. And, for your own sanity and safety:

• use strict; use warnings;
• ALWAYS untaint any user input that's coming from anyone other than you, yourself
• Read (re-read?) Ovid's CGI course (Super Search will find a recent link for you if it's not currently listed in Tutorials) and perlretut
• Use chomp rather than chop when you're trying to remove the newline from input
• and, re line 13 in your re ^3, below, the single quotes around $search mean your're telling the regex to match the string comprised of a dollar-sign followed by the letters s,e,a,r,c,h. Read about interpolation: oversimplified, a variable which is in inside single quotes is treated as a literal; a var inside double quotes -- or, in this case, NOT INSIDE QUOTES AT ALL -- is interpolated (meaning, its content is used). See walkingthecow's regex -- but don't use that code without adding -wT, at which time you will have to include a routine (regex) to untaint the untrusted user input.

And, as to your question in re ^3, consider: Where do you expect the value of $_ to come from? Again, see walkingthecow's answer, below.

This is my attempt however is doesnt work and i get the error message:

Use of uninitialized value $_ in pattern match (m//) at search2.pl line 11, <STDIN> line 1.

Any ideas?

#!/usr/bin/perl -w 
-T

print "Please enter text for string search? \n";

$search=<STDIN>;

chop $search;

opendir(DIR, ".");

@files = grep (/\.jpg|\.jpeg|\.JPEG|\.JPG/, readdir(DIR))
 and ($_ =~ m/\.'$search'/, readdir(DIR));

closedir(DIR);

foreach $file (@files) {
   
    print "$file\n";

}
[download]

#!/usr/bin/perl
use strict;
use warnings;

print "Please enter text for string search: ";
my $search=<STDIN>;
chomp $search;

opendir(DIR, ".") or die "Cannot open dir ($!)\n";

while (my $file = readdir(DIR)) {
    print "$file\n" if ( $file =~ /$search\.jpg|$search\.jpeg/i );
}
closedir(DIR);
exit 0;
[download]

It isn't clear to me at this point that this is a CGI application or what that would have to do with a "disk image" question in the other node (if any)? An app for an authenticated user on your internal network typing in some input data can be quite a different thing than a CGI web app in regards to the need for taint checking.

Maybe I'm just pointing out the obvious here, but opendir(DIR, "."); is usually not a good idea. I do that for quick hacks and testing, but not in code designed for others. The problem is that "." is the directory that THIS Perl script is executing in! Normally you want to separate the program code from the data. This allows the code to be more general purpose and you don't wind up with copies of the source code in a whole bunch of directories (which will eventually get "out of sync" with any updates to the "main code".

Anyway I think there has been some good advice given in the thread. I would move the Perl program to a different directory from the .jpg files. If I have some directory like this that will be used by many, I sometimes even take *myself* off of the "write permissions" for all of the files. This does add an extra step for me to change data for the files that I "own", but prevents some accidental modification when I am testing.

The "Perl Script for searching an Image" node and this one are not related. This one was for a friend.

Thanks for everyone's help. I have managed to add a few more lines so that i can specify the directory as well. My code is below:

#!/usr/bin/perl
use strict;
use warnings;

print "Please enter text for string search: ";
my $search=<STDIN>;
chomp $search;

print "Please specific a directory: ";
my $directory=<STDIN>;
chomp $directory;

opendir(DIR, $directory) or die "Cannot open dir ($!)\n";
while (my $file = readdir(DIR)) {
   
    print "$file\n" if ( $file =~ /$search\.jpg|$search\.jpeg/i );
}
closedir(DIR);
exit 0;
[download]

Ok.
I think what you have is a bit complex. Consider the below... The two regex terms in the "grep{}" can be combined. I show a simple formulation without doing that. If you have just a few hundred files, tweaking this further won't make any performance difference at all. Clarity is often a lot more important than getting the nth degree of performance.

#!/usr/bin/perl
use strict;
use warnings;

print "Please enter text for string search: ";
my $search=<STDIN>;
chomp $search;

print "Please specific a directory: ";
my $directory=<STDIN>;
chomp $directory;

opendir(DIR, $directory) or 
        die "Cannot open directory: $directory \n";

my @files = grep{   m/$search\.jpg$/i 
                         or
                    m/$search\.jpeg$/i
                }readdir (DIR);

print "No files found in $directory\n" unless @files;

foreach my $file (@files)
{
   print "$directory/$file\n";
}
[download]

Oops: if $search is a regex, you will need \Q$search\E

This is much more simple and isn't as sloppy.

#!/usr/bin/perl 
use strict;
use warnings;

print "Please enter text for string search: ";
my $search=<STDIN>;
chomp $search;

print "Please specify directory: ";
my $directory=<STDIN>;
chomp $directory;

opendir(DIR, $directory) or die "Cannot open dir ($!)\n";

my @files = grep(/\.JPEG|\.JPG/i, readdir(DIR));
@files = grep(/$search/, @files);

closedir(DIR);

my $file;
foreach $file(@files){
    print "$file\n";
}
[download]