Re: On uploading a file

CGI has a list of hardcoded paths it tries when it needs a temporary directory. In the current version 3.50, the relevant code is:

package CGITempFile;

sub find_tempdir {
  $SL = $CGI::SL;
  $MAC = $CGI::OS eq 'MACINTOSH';
  my ($vol) = $MAC ? MacPerl::Volumes() =~ /:(.*)/ : "";
  unless (defined $TMPDIRECTORY) {
    @TEMP=("${SL}usr${SL}tmp","${SL}var${SL}tmp",
       "C:${SL}temp","${SL}tmp","${SL}temp",
       "${vol}${SL}Temporary Items",
           "${SL}WWW_ROOT", "${SL}SYS\$SCRATCH",
       "C:${SL}system${SL}temp");
    
    if( $CGI::OS eq 'WINDOWS' ){
         # PeterH: These evars may not exist if this is invoked within
+ a service and untainting
         # is in effect - with 'use warnings' the undefined array entr
+ies causes Perl to die
         unshift(@TEMP,$ENV{TEMP}) if defined $ENV{TEMP};
         unshift(@TEMP,$ENV{TMP}) if defined $ENV{TMP};
         unshift(@TEMP,$ENV{WINDIR} . $SL . 'TEMP') if defined $ENV{WI
+NDIR};
    }

    unshift(@TEMP,$ENV{'TMPDIR'}) if defined $ENV{'TMPDIR'};

    # this feature was supposed to provide per-user tmpfiles, but
    # it is problematic.
    #    unshift(@TEMP,(getpwuid($<))[7].'/tmp') if $CGI::OS eq 'UNIX'
+;
    # Rob: getpwuid() is unfortunately UNIX specific. On brain dead OS
+'es this
    #    : can generate a 'getpwuid() not implemented' exception, even
+ though
    #    : it's never called.  Found under DOS/Win with the DJGPP perl
+ port.
    #    : Refer to getpwuid() only at run-time if we're fortunate and
+ have  UNIX.
    # unshift(@TEMP,(eval {(getpwuid($>))[7]}).'/tmp') if $CGI::OS eq 
+'UNIX' and $> != 0;

    for (@TEMP) {
      do {$TMPDIRECTORY = $_; last} if -d $_ && -w _;
    }
  }
  $TMPDIRECTORY  = $MAC ? "" : "." unless $TMPDIRECTORY;
}
[download]

$SL is the OS-specific path separator, typically a slash or backslash.

This code usually "just works", but of course the -d and -w tests in the last part will probably fail to detect a read-only filesystem.

Find out where CGI attempts to store its temporary files, then ask your hoster why the filesystem is read-only, and where you should store temporary files instead.

The following script should give you the location, upload it as CGI, run it, and remove it.

#!/usr/bin/perl -w
# ^-- change as needed
use strict;
use CGI qw(header);
print CGI::header('text/plain'),CGITempFile->find_tempdir();
[download]

Once you know a "better", i.e. writeable location, setting $ENV{'TMPDIR'} before loading CGI should help. Modify your code to start like this:

#!/usr/bin/perl -T
# ^-- change as needed
use strict;

BEGIN {
    $ENV{'TMPDIR'}='/home/mralbert/cgitemp';
    #               ^-- change as needed
}

use CGI ...
[download]

If your hoster does not give you a useful answer, consider changing the hoster. As a temporary workaround, create a directory in a writeable location, add a .htaccess file as shown below to deny access, chmod it the directory to 1777 (i.e. world writeable plus sticky), and use that directory as shown above.

order deny,allow
deny from all
[download]

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Comment on Re: On uploading a file Select or Download Code