Uploading Files Using CGI and Perl

system · September 14, 2005, 9:55pm

I got INTERNAL SERVER ERROR even though I have checked the URLs, Paths, and the permissions. Any other suggesstions on this??

elated · September 20, 2005, 7:08am

Can you install/run other Perl CGI scripts on your site without problems?

At what point do you get an internal server error?

Also, you could try ELATED’s Troubleshooting CGI Scripts tutorial, which explains how to narrow down internal server error problems.

Cheers,
Matt

system · September 20, 2005, 8:41pm

If you’re running on a unix box, try running perl -cwT /whatever/the/file’s/path/is - that should tell you any errors. Alternatively, add “use CGI::Carp qw(warningsToBrowser fatalsToBrowser);” underneath the use CGI (without the inverted commas) - this tells you what the error is when you load your page (but it doesn’t show as many errors as the first method) - you’ll want to remove the line before publishing your site though… it could show hackers potential weaknesses…

elated · September 22, 2005, 10:43am

Great idea to use CGI::Carp, Tom - hadn’t thought of that

Matt

system · September 25, 2005, 5:42pm

this page its really good

system · October 5, 2005, 4:15pm

Thanks very much. A very well written doc.
Should also add that the webserver must have write access to the upload directory.

system · October 26, 2005, 6:06am

Hello,

Im looking at useing this on my site but i have a questions.

whats the size limit for the files (i need away so that users can upload files bigger then 2mb in size (IE’s file size limit))

thank you.

elated · October 27, 2005, 4:22am

AFAIK IE doesn’t have an upload file size limit.

To set a limit server-side, use CGI.pm’s $CGI::POST_MAX variable. See http://search.cpan.org/~lds/CGI.pm-3.11/CGI.pm#Avoiding_Denial_of_Service_Attacks for details. I believe the default behaviour is to have no limit.

Cheers
Matt

system · November 7, 2005, 8:02am

You might wish to add that if using apache under unix a ‘chmod apache scriptname’ command will be needed to allow the script to run correctly.

elated · November 7, 2005, 10:42pm

Did you mean ‘chown apache scriptname’ ?

It depends on your server setup really. If you’re on a shared host then you probably don’t have the required permission to chown.

Usually ‘chmod 755 scriptname’ will do the job.

Cheers
Matt

system · November 9, 2005, 5:47pm

I was wondering if anyone got this script working in OS X Server 10.4?

After I click submit the script brings me to the error page, rather than outputing the HTML in the end of script

system · November 10, 2005, 5:40pm

hi, Is there a way to append the uploaded photo to an existing page of photos? rather a novice at cgi, if it’s possible ?

elated · November 12, 2005, 12:59am

What’s the exact error message that you’re getting? (Take a look in your web server’s error log.)

Cheers,
Matt

elated · November 12, 2005, 1:08am

Yes, you could extend the script so that each time an image is uploaded, the corresponding img tag is added to the page in question. Put marker comments in the page such as:


<!-- BEGIN IMAGES -->
.
.
.
<!-- END IMAGES -->

Your Perl script can then look for the <!-- END IMAGES –> marker and insert the new img tag just before it.

There’s a tutorial on our site that explains how to write to files in Perl.

Cheers,
Matt

system · November 17, 2005, 7:20am

I pretty much just copied and pasted your code into Notepad and saved the files as instructed, then uploaded them to the correct locations and changed permissions. Trying it out, I get an internal server error. I checked my log, and it says “Premature end of script headers” What does that mean? I’m completely ignorant when it comes to Perl/CGI scripting.

system · November 18, 2005, 4:10am

I got the same error “Premature end of script headers” it turns out that the perl script shall not have space before each line.

elated · November 21, 2005, 3:25am

I pretty much just copied and pasted your code into Notepad and saved the files as instructed, then uploaded them to the correct locations and changed permissions. Trying it out, I get an internal server error. I checked my log, and it says “Premature end of script headers” What does that mean? I’m completely ignorant when it comes to Perl/CGI scripting.

Did you upload the file in ASCII (text) format?

aezarien · November 22, 2005, 10:00am

Great article!

I do have two issues thus far though maybe someone can help me out with.
The first issue occurs with the script ran as is, only changing the directory information. The file uploads into the specified directory but throws an internal server error stating that the file was not found.

The second issue is running it -T where it throws a independency error. I get why it would do that but I am concerned about potential security risks involved not running the file in taint mode. I’m kind of wondering if I am being paranoid or if it is wise to untaint that data so it will run -T.

Any thoughts, information, links, etc. will be extremely helpful and much appreciated!

-Tina

aezarien · November 22, 2005, 11:06am

Fixed part one by removing the leading spaces from the code.

elated · November 24, 2005, 1:26am

I think it’s probably failing the taint checking on the filename. If you replace:

$filename =~ s/.*[\\/\\\\](.*)/$1/;

with something like the more thorough:


$filename =~ /(\\w+[\\.\\w]*)$/ or die ( "Filename was not in a recognized format." );
$filename = $1;

…then that should untaint the filename (hopefully!).

Cheers,
Matt