-1

The following code doesn't have any syntax errors, but still doesn't working.Can I use server ip(like 100.100.100.100) for $Domain and what path should be given for $directory(i mean adding the serverip or domain name?Please help

#!/usr/bin/perl
use CGI;
$CGI::POST_MAX= 100 * 1024;
$CGI::DISABLE_UPLOADS=0;
$Referer = $ENV{HTTP_REFERER};
$Domain = "xxx.com";
$cgi = new CGI;
$file=$cgi->upload('text');
print $cgi->header,
$cgi->start_html
(
        -title=>'CGI.pm File Upload'
);
print <<EOF;
<form action="" method="post" enctype="multipart/form-data">
<input type="file" name="text" size=60><br>
<input type="submit" value="Upload">
</form>
EOF
if($file)
{
        if($Referer =~ "$Domain")
        {
                $directory="var/www/cgi-bin/uploads";
                open UPLOAD, ">$directory$file";
                binmode UPLOAD;
                while(<$file>) {print UPLOAD;}
                close UPLOAD;
        }
}
$cgi->end_html;
exit;
Vamsee Bond
  • 163
  • 1
  • 11
  • 5
    [Don't write Perl without `use strict; use warnings;`](https://stackoverflow.com/questions/8023959/why-use-strict-and-warnings) – Quentin Jul 08 '17 at 12:32
  • 3
    [CGI is not recommended for new development](https://metacpan.org/pod/distribution/CGI/lib/CGI.pod#CGI.pm-HAS-BEEN-REMOVED-FROM-THE-PERL-CORE) – Quentin Jul 08 '17 at 12:33
  • 4
    [The HTML generating functions in CGI.pm are no longer maintained](https://metacpan.org/pod/distribution/CGI/lib/CGI.pod#HTML-Generation-functions-should-no-longer-be-used). – Quentin Jul 08 '17 at 12:33
  • 2
    `open UPLOAD, ">$directory$file";` — [Avoid typeglobs for `open`](https://stackoverflow.com/questions/3276674/which-one-is-good-practice-a-lexical-filehandle-or-a-typeglob) **and** [Avoid the two argument form of `open`](https://stackoverflow.com/questions/8561008/perlcritic-two-argument-open-error) **and** *test to see if the open is successful (this could be the cause of your problem)*! – Quentin Jul 08 '17 at 12:36
  • *what path should be given for $directory(i mean adding the serverip or domain name* — It's a path, not a URL! – Quentin Jul 08 '17 at 12:36
  • @Quentin will it work if i replace them with html tags? – Vamsee Bond Jul 08 '17 at 12:37
  • 4
    You're also missing a slash `/`. It should be `open my $fh, '>', $directory . '/' . $file or die $!`. Right you you'll have `"var/www/cgi-bin/uploadsfilename.foo"`, which is wrong. – simbabque Jul 08 '17 at 13:04

1 Answers1

1

Looks like you need to read the documentation on file upload basics again. The sample code they have is:

use autodie;

# undef may be returned if it's not a valid file handle
if ( my $io_handle = $q->upload('field_name') ) {
    open ( my $out_file,'>>','/usr/local/web/users/feedback' );
    while ( my $bytesread = $io_handle->read($buffer,1024) ) {
        print $out_file $buffer;
    }
}

There are some stylistic differences to your code, but the important thing to note that is that when your code runs this line:

$file=$cgi->upload('text');

Then $file contains an open filehandle. It does not contain the filename. This means that there are at least three errors in these lines of your code:

$directory="var/www/cgi-bin/uploads";
open UPLOAD, ">$directory$file";
  1. The value you store in $directory should almost certainly start with a / (so it's /var/www/cgi-bin/uploads).
  2. You also need another / between $directory and $file (otherwise, it will contain something like /var/www/cgi-bin/uploadsmyfile.dat).
  3. You need to call $cgi->param('text') to get the name of the file that is being uploaded.

This is what is stopping your program from working. The upload section of your code should look like this:

my $filename = $cgi->param('text');
my $fh       = $cgi->upload('text');

my $directory = '/var/www/cgi-bin/uploads';

open my $upload_fh, '>', "$directory/$filename"
  or die "Can't open '$directory/$filename': $!";

print $upload_fh $_ while <$fh>;

Note that I've made some stylistic improvements here:

  1. Used 3-argument version of open()
  2. Used lexical filehandles
  3. Checked the success of the open() call and killed the program with a useful error message if it fails

All in all, you seem to have learned CGI programming from a resource that is about twenty years out of date. Your code looks like it comes from the 1990s.

A few other tips:

  1. Always use strict and use warnings.
  2. Indirect object notation (new CGI) is potentially very confusing. Use CGI->new instead.
  3. We've known that the HTML-generation functions in CGI.pm are a terrible idea since the end of the last millennium. Please don't use them. Many good templating solutions are available for Perl.
  4. Writing a CGI program in 2017 is a terrible idea. Take a look at CGI::Alternatives for an introduction to Modern Perl Web Development tools.
Dave Cross
  • 68,119
  • 3
  • 51
  • 97