SitePoint Sponsor

User Tag List

Page 7 of 8 FirstFirst ... 345678 LastLast
Results 151 to 175 of 181
  1. #151
    Bob
    SitePoint Community Guest
    Thanks for this! I've used it for a while and it works great. However, my hosting service just moved me to a new platform and this no longer works. I get a permission denied error writing to the tempfile. They tell me I have to define a path the the tempfile in my own directory because I can not write to the system temfile anymore. I know of no way to do this, as I thought this was totally transparent to my script and defined by CGI.pm. Any help would be VEY much appreciated. Thanks again!

  2. #152
    SitePoint Zealot elated's Avatar
    Join Date
    Dec 2004
    Location
    Sydney, Australia
    Posts
    117
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    http://search.cpan.org/dist/CGI.pm/CGI.pm

    1. if the current user (e.g. "nobody") has a directory named
    "tmp" in its home directory, use that (Unix systems only).

    2. if the environment variable TMPDIR exists, use the location
    indicated.

    3. Otherwise try the locations /usr/tmp, /var/tmp, C:\temp,
    /tmp, /temp, ::Temporary Items, and \WWW_ROOT.
    So you could try either creating a "tmp" folder in your home directory, or setting TMPDIR to a folder somewhere in your home directory.

    Matt

  3. #153
    Rodney
    SitePoint Community Guest
    This script would be a big security hole on your website. Using it would allow any user to replace the content of the website with whatever they wanted!

    Just make the filename: dummyname | echo hacker_content > hacker_script.cgi

    A decent fix would be the following:

    Insert the following after the line
    "$filename =~ s/.*[\/\\](.*)/$1/;"

    $filename =~ s/[^a-zA-Z0-9_.]//g;

  4. #154
    SitePoint Guru mattymcg's Avatar
    Join Date
    Oct 2005
    Location
    Melbourne, Australia
    Posts
    574
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Rodney.

    This article has now been updated, addressing the security concerns you mentioned and others.

    Cheers
    Matt
    I design beautiful, usable interfaces. Oh, and I wrote a kids' book.
    Follow me on Twitter.
    Read my blog.
    Buy my book, Charlie Weatherburn and the Flying Machine.

  5. #155
    Confused
    SitePoint Community Guest
    WTF?! This article would've made sense 10 years ago but NO ONE uses Perl anymore. Also get rid of this guy's hideous photo. Geez.

  6. #156
    SitePoint Wizard bronze trophy KevinR's Avatar
    Join Date
    Nov 2004
    Location
    Moon Base Alpha
    Posts
    1,053
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Nobody uses perl? I guess I better tell all those biology and genetics students to stop using perl to working on DNA research.
    Last edited by r937; Mar 15, 2008 at 16:57. Reason: disrespectful remarks removed

  7. #157
    SitePoint Guru mattymcg's Avatar
    Join Date
    Oct 2005
    Location
    Melbourne, Australia
    Posts
    574
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    @Confused: If you have criticisms of the article, please try to deliver them in a more professional manner. And perhaps next time you choose to make a personal attack you'll do so from a signed-up forum account that shows your own (no doubt, extremely handsome) face.
    I design beautiful, usable interfaces. Oh, and I wrote a kids' book.
    Follow me on Twitter.
    Read my blog.
    Buy my book, Charlie Weatherburn and the Flying Machine.

  8. #158
    SitePoint Wizard bronze trophy KevinR's Avatar
    Join Date
    Nov 2004
    Location
    Moon Base Alpha
    Posts
    1,053
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    r937,

    WTF?! Why did you remove all the references to other active perl forums? What did that have to do with being disrespectful to this a$$hole?

  9. #159
    SitePoint Zealot
    Join Date
    Apr 2005
    Location
    Baku, Azerbaijan
    Posts
    156
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Guys, I have been looking for a tutorial to get the idea of making a progress bar with PHP & Perl. I know while perl uploads the file to the server, it also provides the info about how much percent of it is uploaded and the php reads it and shows the progress bar. But what I do not know is how to do these things. I would be more than grateful if you could show me some way to go to(But, please, do not show me the way to the Hell )

  10. #160
    SitePoint Wizard bronze trophy KevinR's Avatar
    Join Date
    Nov 2004
    Location
    Moon Base Alpha
    Posts
    1,053
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I know while perl uploads the file to the server, it also provides the info about how much percent of it is uploaded
    That is wrong. Perl provides no such information. A progress bar in the browser would have to be written using javascript or other client side scripting language.

  11. #161
    SitePoint Zealot
    Join Date
    Apr 2005
    Location
    Baku, Azerbaijan
    Posts
    156
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    KevinR, javascript or other client side scripting language can not interact with the server side in terms of getting the info about what percent of a file is uploaded, etc. Javascript gets the info like that from a server side script via XMLHttPRequest and changes the value on the progress bar page.

  12. #162
    SitePoint Member
    Join Date
    Nov 2006
    Location
    Bulgaria
    Posts
    0
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    bamAZy, here is a solution using javascript and flash - swfupload.org

  13. #163
    Lal
    SitePoint Community Guest
    How do I CURL that ?
    fails 4 me

  14. #164
    SitePoint Guru DeNasio's Avatar
    Join Date
    May 2001
    Posts
    830
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It seems that everyone is getting this script to work besides me. Any idea why I get a file with 0KB?
    Ballot-Box.net - free polls for webmasters
    FormLog.com - free form processor

  15. #165
    SitePoint Wizard bronze trophy KevinR's Avatar
    Join Date
    Nov 2004
    Location
    Moon Base Alpha
    Posts
    1,053
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Your question was answered on devshed, where you posted the relevant code. The code from the tutorial/article works but you altered it and made it not work. See devshed.

  16. #166
    SitePoint Guru DeNasio's Avatar
    Join Date
    May 2001
    Posts
    830
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by KevinR View Post
    Your question was answered on devshed, where you posted the relevant code. The code from the tutorial/article works but you altered it and made it not work. See devshed.
    Are you referring to the "$upload_dir is out of the loop" answer? I saw the answer but I didn't pay much attention to it cause the code is basically like this:

    Code:
    sub Upload_File {
    if (param("upload_file") ne '')
       {
       my $upload_dir = "/home/domain/uploads/subdomain";
       ....
       if ($filename !~ /^([$filename_characters]+)$/)
          {
          ....
          }
       else {
              ....
            }
       }
    }
    Are you telling me the $upload_dir is not defined in the else block? I think it is. By the way, I put the $upload_dir line in the else block but the problem remains the same.

    Actually, I don't think I've altered the code that much. I still think it's basically the same code as posted here.
    Ballot-Box.net - free polls for webmasters
    FormLog.com - free form processor

  17. #167
    SitePoint Wizard bronze trophy KevinR's Avatar
    Join Date
    Nov 2004
    Location
    Moon Base Alpha
    Posts
    1,053
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Are you telling me the $upload_dir is not defined in the else block?
    You may think it is but it isn't. Read the "my" documentation. Write it like this:

    sub Upload_File {
    my $upload_dir = "/home/domain/uploads/subdomain";
    if (param("upload_file") ne '')
    {


    now $upload_dir will be scoped (readable) to the entire Upload_File subroutine instead of just the "if" block. Your code still may not work even after making that change but at least the scalar will be scoped correctly. Your code should have actually not even run if "strict" was on, unless you had defined $upload_dir somewhere else in the code.

  18. #168
    G.Szekely
    SitePoint Community Guest
    The script is fine and working. Could you please insert an additional line into upload.cgi, where one can set the owner (chown) of the uploaded file?

  19. #169
    SitePoint Guru DeNasio's Avatar
    Join Date
    May 2001
    Posts
    830
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    KevinR, it's a very stupid rule if you ask me. I was just starting to appreciate Perl and now I hear this. I still believe you guys are wrong about this. By the way, in the previous code I was using Strict and the file was being stored in the right directory, the only problem was that the size was 0.

    But ok, let's stick with the problem. I have moved all "my" declarations all the way to the top out of the if statement. But I'm still getting the same results. Any other advice?

    You won't believe this, but a couple of year ago I read the article and tried to create a upload Perl script and had the same problem. After a trying I gave up and created it with PHP. Worked like a charm!
    Ballot-Box.net - free polls for webmasters
    FormLog.com - free form processor

  20. #170
    SitePoint Guru DeNasio's Avatar
    Join Date
    May 2001
    Posts
    830
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Problem solved KevinR, see Devshed forum. Thanks for your time and input.
    Ballot-Box.net - free polls for webmasters
    FormLog.com - free form processor

  21. #171
    SitePoint Wizard bronze trophy KevinR's Avatar
    Join Date
    Nov 2004
    Location
    Moon Base Alpha
    Posts
    1,053
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DeNasio View Post
    Problem solved KevinR, see Devshed forum. Thanks for your time and input.
    Yes, I read the thread. Don't think that variable declaration is a stupid thing, especially in the insecure CGI environment it is very important. Eventually you will come to realize that variable scoping is a good thing and needs to be paid careful attention to. It is a very fundamental part of perl programming and needs to be done properly.

  22. #172
    chorny
    SitePoint Community Guest
    Please use Perl::Critic to write your programs using modern Perl.
    Also please add "use warnings;' instead of -w.

  23. #173
    Anonymous
    SitePoint Community Guest
    Final Thoughts
    A couple of points about this script are worth a mention:

    If you were doing this on a real Website with lots of users, it would be a good idea to create a separate upload directory for each user, so that one user's photo won't be overwritten with another user's photo of the same name!

    File upload isn't perfect. All browsers handle file uploads slightly differently, and some browsers can have trouble uploading files to certain types of servers and scripts. On the whole, though, most users won't have any problem with the most popular browsers.

    That's it. Have fun with your file uploads!

  24. #174
    subramani
    SitePoint Community Guest
    Really a good one

  25. #175
    Anonymous
    SitePoint Community Guest
    In firefox, the code works fine. But, while uploading a file using IE, the whole remote desktop path get's attached with the file name.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •