CGI upload and IIS 5

RatArsed has asked for the wisdom of the Perl Monks concerning the following question:

I'm trying to get CGI->upload() to work with our IIS5 server (and no, we can't just use Apache as we require NTLM authentication), yet it doesn't appear to want to work

The source is pretty much identical to example 5.2 from O'Reilly's CGI programming with Perl, but I've included my bastardised version below:

# No Errors detected
# Deal with the uploaded file
my $filename = $request->param('file');
my $filehandle = $request->upload( $filename );
while( $filename =~ s/(.+)\\(.+)/$2/gi ) {}
unless( $request->cgi_error )
{
# No errors so far

    if( open( FILE, "c:\\temp\\$filename" ) )
    {
        binmode( FILE );
        binmode( $filehandle );
        while( read( $filehandle, $buffer, BUFFER_SIZE ) ) { print FIL
+E $buffer; }
        $shorttitle = "Success : Upload :";
    }
}
[download]

It appears that $filehandle is undefined...

Comment on CGI upload and IIS 5 Download Code

Replies are listed 'Best First'.
Re: CGI upload and IIS 5 by BigJoe (Curate) on Jun 05, 2001 at 17:58 UTC
Make sure that the Everyone user has Write access to the temp directory. --BigJoe Learn patience, you must. Young PerlMonk, craves Not these things. Use the source Luke.	[reply]
Re: Re: CGI upload and IIS 5 by RatArsed (Monk) on Jun 05, 2001 at 18:02 UTC
Yep, they do; at least on the test server (which don't work :o( )	[reply]
(jeffa) Re: CGI upload and IIS 5 by jeffa (Bishop) on Jun 05, 2001 at 18:25 UTC
Don't forget to use > to write or >> to append: `if(open FILE, ">c:\\temp\\$filename") { ...` [download] Also, if you just want to get the name of the file from $filename, then use File::Basename, it comes with the standard perl distribution: `use File::Basename; my $full_path = $request->upload($filename); my $filename = fileparse($full_path);` [download] It also wouldn't hurt to die if $filename is undefined: `my $filename = fileparse($full_path); die "couldn't parse the file name" unless $filename;` [download] Hope this helps - UPDATE: in retrospect, I would follow thpfft's advice, take another approach. Jeff R-R-R--R-R-R--R-R-R--R-R-R--R-R-R-- L-L--L-L--L-L--L-L--L-L--L-L--L-L--	[reply] [d/l] [select]
Re: (jeffa) Re: CGI upload and IIS 5 by RatArsed (Monk) on Jun 05, 2001 at 18:31 UTC
fileparse would tidy up my cack regexp to do effectively the same thing, but I do already cover my back for checking that a filename was specified...	[reply]
Re: CGI upload and IIS 5 by thpfft (Chaplain) on Jun 05, 2001 at 18:23 UTC
I don't think you need to do this: `my $filename = $request->param('file'); my $filehandle = $request->upload( $filename );` [download] According to the docs for CGI, 'the filename returned is also a filehandle', which sounds like serious voodoo to me. I can't test it on IIS here, but this normally works: `my $filename = $request->param('file'); binmode ($filename); # etc` [download] Hope this helps.	[reply] [d/l] [select]
Re: Re: CGI upload and IIS 5 by RatArsed (Monk) on Jun 05, 2001 at 18:28 UTC
When I tried this all it wrote to the file was "param('file')". DOH!	[reply]
Re: CGI upload and IIS 5 by mexnix (Pilgrim) on Jun 05, 2001 at 18:43 UTC
First, I would suggest reading Ovid'sCGI course. There is a lot of great info on Taint Checking, decoding your raw HTTP headers, and file security. It was a great help to me. Also, if you haven't already, read thoroughly through the CGI.pm documentation on your server. It has some good examples in there about what your doing. Last, I would set up some "or die" gigs in your script so you know when something fails, that way you'll get a better idea of what's going on. %mexnix = (email => "mexnix@hotmail.com", website => "http://mexnix.perlmonk.org");	[reply]
Re: Re: CGI upload and IIS 5 by RatArsed (Monk) on Jun 05, 2001 at 18:55 UTC
And fourth? Short of re-rolling CGI.pm (which would be bad) I can't see why this isn't working; the code pretty much matches most of the samples (although I omited most of my error/taint checking in my original post)	[reply]