Uploading Images 
Author Message
 Uploading Images

Hi everyone,

I have a problem that I can't work out. I had a script that was allowing a
user to upload an IMAGE. The server my site is hosted on was then updated to
perl v5.6.0 and thge upload stopped working..

Does anyone have any ideas why this would happen? And if there is a better
way to upload images would also be great.:)

Thanks in advance..

----------------------------------------------------------------------------
----
my $filename = param('file');

open (IMAGEOUT, "> $imagedir/$imagename");
binmode(IMAGEOUT);

close (IMAGEOUT);
----------------------------------------------------------------------------
----

Best Regards
Murray Wasley
Webtec Designs
http://www.*-*-*.com/



Wed, 11 Aug 2004 20:27:10 GMT  
 Uploading Images

(snipped)

Quote:
> I had a script that was allowing a user to upload an IMAGE.
> upload stopped working..
> way to upload images

Beneath my signature you will find one of my generic
upload scripts. This script has been tested using
Win32-Unix-Linux / Apache. This is a skeleton script
intended to be accessorized as needed.

This script uploads any file to the directory in which
this script is located.

My $File_Upload[1] contains the name of a user file to
upload if you want to add a parsing routine to allow
only specific file extensions. An appropriate directory
path may be added to my open NEW_FILE command.

A caveat to not ignore, is a file currently in a directory
with the same name as a file being uploaded, will obviously
be overwritten. You may want to add code to check for existence
of a file name and, add coding to protect against file overwrites.

You will discover this methodology to be faster, to be more efficient,
to be less memory wasteful and certainly more reliable than your
current cgi.pm methodology.

Godzilla!
--

This script is currently named "upload.cgi"

#!perl

$upload = "false";
$no_upload = "false";

if ($ENV{'CONTENT_LENGTH'})
 {
  binmode (STDIN);
  read (STDIN, $upload_data, $ENV{'CONTENT_LENGTH'});



  while ($File_Upload[1] =~ /\\/)
   { $File_Upload[1] =~ s/^.*\\//; }
  $File_Upload[1] =~ s/"//;
  substr ($File_Upload[1], -1, 1, "");
  substr ($File_Upload[4], -2, 2, "");

  if ($File_Upload[4])
   {
    open (NEW_FILE, ">$File_Upload[1]") or die "Open $File_Upload[1] Failed - $!";
    binmode (NEW_FILE);
    print NEW_FILE $File_Upload[4] or die "Print $File_Upload[1] Failed - $!";
    close (NEW_FILE) or die "Close $File_Upload[1] Failed - $!";
    $upload = "true";
   }
  else
   { $no_upload = "true" }
 }

print "Content-type: text/html\n\n";

print "
    <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">
    <HTML>
    <HEAD>
    <TITLE>Purl Gurl File Upload</TITLE>
    <META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=ISO-8859-1\">
    </HEAD>
    <BODY BGCOLOR=\"#ffffff\">
    <BR>
    <CENTER>
    <FONT FACE=\"arial rounded mt bold\" COLOR=\"#000000\" SIZE=\"4\">
    <u>File Upload Utility</u>
    <BR>
    </FONT>
    <IMG SRC=\" http://www.*-*-*.com/ ~{*filter*}/webchat/pictures/purlgurl.gif\">
    <FONT FACE=\"arial rounded mt bold\" COLOR=\"#6f6f6f\" SIZE=\"4\">
    <BR>
    Powered By Purl Gurl
    <BR><BR>
    </FONT>
    <HR SIZE=\"5\" WIDTH=\"40%\">
    <P>
    Use The Browse Button To Locate A File To Upload
    <P>
    <FONT FACE=\"arial rounded mt bold\" COLOR=\"#000000\" SIZE=\"3\">
    <FORM NAME=\"Upload\" ACTION=\"upload.cgi\" METHOD=\"POST\" enctype=\"multipart/form-data\">
    <INPUT TYPE=\"file\" NAME=\"file_upload\" size=\"25\">
    <P>
    <INPUT TYPE=\"submit\" VALUE=\"Upload File\">
    </FORM>";

if ($upload eq "true")
 { print "    <P>Your Previous Upload Was Successful<P>"; }
if ($no_upload eq "true")
 { print "    <P>You Did Not Enter A Filename. No Upload Took Place.<P>"; }

print "    </FONT></BODY></HTML>";

exit;



Wed, 11 Aug 2004 18:37:37 GMT  
 Uploading Images
Thank you so much for that........

Murray

--
Best Regards
Murray Wasley
Webtec Designs
http://www.*-*-*.com/


Quote:

> (snipped)

> > I had a script that was allowing a user to upload an IMAGE.
> > upload stopped working..

> > way to upload images

> Beneath my signature you will find one of my generic
> upload scripts. This script has been tested using
> Win32-Unix-Linux / Apache. This is a skeleton script
> intended to be accessorized as needed.

> This script uploads any file to the directory in which
> this script is located.

> My $File_Upload[1] contains the name of a user file to
> upload if you want to add a parsing routine to allow
> only specific file extensions. An appropriate directory
> path may be added to my open NEW_FILE command.

> A caveat to not ignore, is a file currently in a directory
> with the same name as a file being uploaded, will obviously
> be overwritten. You may want to add code to check for existence
> of a file name and, add coding to protect against file overwrites.

> You will discover this methodology to be faster, to be more efficient,
> to be less memory wasteful and certainly more reliable than your
> current cgi.pm methodology.

> Godzilla!
> --

> This script is currently named "upload.cgi"

> #!perl

> $upload = "false";
> $no_upload = "false";

> if ($ENV{'CONTENT_LENGTH'})
>  {
>   binmode (STDIN);
>   read (STDIN, $upload_data, $ENV{'CONTENT_LENGTH'});



>   while ($File_Upload[1] =~ /\\/)
>    { $File_Upload[1] =~ s/^.*\\//; }
>   $File_Upload[1] =~ s/"//;
>   substr ($File_Upload[1], -1, 1, "");
>   substr ($File_Upload[4], -2, 2, "");

>   if ($File_Upload[4])
>    {
>     open (NEW_FILE, ">$File_Upload[1]") or die "Open $File_Upload[1]
Failed - $!";
>     binmode (NEW_FILE);
>     print NEW_FILE $File_Upload[4] or die "Print $File_Upload[1] Failed -
$!";
>     close (NEW_FILE) or die "Close $File_Upload[1] Failed - $!";
>     $upload = "true";
>    }
>   else
>    { $no_upload = "true" }
>  }

> print "Content-type: text/html\n\n";

> print "
>     <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">
>     <HTML>
>     <HEAD>
>     <TITLE>Purl Gurl File Upload</TITLE>
>     <META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html;

charset=ISO-8859-1\">
Quote:
>     </HEAD>
>     <BODY BGCOLOR=\"#ffffff\">
>     <BR>
>     <CENTER>
>     <FONT FACE=\"arial rounded mt bold\" COLOR=\"#000000\" SIZE=\"4\">
>     <u>File Upload Utility</u>
>     <BR>
>     </FONT>
>     <IMG

SRC=\" http://www.*-*-*.com/ ~{*filter*}/webchat/pictures/purlgurl.gif\">
Quote:
>     <FONT FACE=\"arial rounded mt bold\" COLOR=\"#6f6f6f\" SIZE=\"4\">
>     <BR>
>     Powered By Purl Gurl
>     <BR><BR>
>     </FONT>
>     <HR SIZE=\"5\" WIDTH=\"40%\">
>     <P>
>     Use The Browse Button To Locate A File To Upload
>     <P>
>     <FONT FACE=\"arial rounded mt bold\" COLOR=\"#000000\" SIZE=\"3\">
>     <FORM NAME=\"Upload\" ACTION=\"upload.cgi\" METHOD=\"POST\"

enctype=\"multipart/form-data\">

- Show quoted text -

Quote:
>     <INPUT TYPE=\"file\" NAME=\"file_upload\" size=\"25\">
>     <P>
>     <INPUT TYPE=\"submit\" VALUE=\"Upload File\">
>     </FORM>";

> if ($upload eq "true")
>  { print "    <P>Your Previous Upload Was Successful<P>"; }
> if ($no_upload eq "true")
>  { print "    <P>You Did Not Enter A Filename. No Upload Took
Place.<P>"; }

> print "    </FONT></BODY></HTML>";

> exit;



Wed, 11 Aug 2004 22:00:22 GMT  
 Uploading Images

 (snipped)

Quote:
> > > I had a script that was allowing a user to upload an IMAGE.
> > > upload stopped working..
> > > way to upload images
> > Beneath my signature you will find one of my generic
> > upload scripts.
> Thank you so much for that........

My pleasure.

Do remember to run some tests before turning your
customers loose on your script. Any file may be
uploaded with your script as is. Who knows? You
may discover some of my {*filter*} pictures on your site
or, less insulting, one of my sci-fi {*filter*} stories.

Feel free to remove my logo stuff; it's just my ego.

Seriously, do test this methodolgy well to be sure
all performs as you expect. I forgot to add I tested
this method with both Mozilla 4.x and MSIE 6.x with
no problems encountered. I don't think you will run
into problems with older MSIE versions.

Godzilla!



Wed, 11 Aug 2004 19:40:36 GMT  
 Uploading Images

Quote:

>Thank you so much for that........

Warning. Godzilla's script has a massive security hole you
could drive a truck through.


Wed, 11 Aug 2004 21:17:57 GMT  
 Uploading Images

Quote:


> > Thank you so much for that........
> Warning. Godzilla's script has a massive security hole you
> could drive a truck through.

Jeeesshhh... get out of town, you ignorant bozo troll.

Godzilla!



Wed, 11 Aug 2004 22:40:15 GMT  
 Uploading Images

Quote:
"Godzilla!" wrote...

> Jeeesshhh... get out of town, you ignorant bozo troll.

Pot -- Kettle -- Black.


Fri, 13 Aug 2004 17:55:17 GMT  
 Uploading Images
[posted and mailed]

Quote:

> Hi everyone,

> I have a problem that I can't work out. I had a script that was
> allowing a user to upload an IMAGE. The server my site is hosted on
> was then updated to perl v5.6.0 and thge upload stopped working..

> Does anyone have any ideas why this would happen? And if there is a
> better way to upload images would also be great.:)

It's possible that part of your script [something in the part not shown]
took advantage of a bug in the prior version of perl, and the upgrade
eliminated that bug.

I would suggest you use the newest version of CGI.pm, and use the
upload() function.

my $file = upload('file'); # was param(), but upload() is safer.
if( not defined $file ) {
    ... tell user he needs to put in a file ...

Quote:
} else {

    open (IMAGEOUT, ">", "$imagedir/$imagename")
        or die "Couldn't open '$imagedir/$imagename': $!";
    binmode $_ for $file, \*IMAGEOUT;
    print IMAGEOUT while sysread $file, $_, 8192;
    close $_ for $file, \*IMAGEOUT;

Quote:
}

Also... I would advise you add -T on the #! line to help you avoid
certain kinds of security holes.  It won't prevent *all* security holes,
just many.

PS:
Do not pay any attention to what Godzilla says. It is a troll, and has
no decent working knowledge of Perl or programming in general. Search
groups.google.com to see a history of its posts and replies to these
posts.

The code Godzilla suggested will not work with taint checking (-T)
turned on.  The reason for this is that it does something extremely
dangerous and stupid: It reads in a filename from the user, and then
opens that filename for writing.

It also won't work if you have "use strict" (which all good perl code
should have).  The style is abysmal, and reading godzilla code is rather
like reading or writing BASIC:
    http://jargon.net/jargonfile/b/BASIC.html

--
print reverse( ",rekcah", " lreP", " rehtona", " tsuJ" )."\n";



Thu, 19 Aug 2004 08:05:19 GMT  
 
 [ 8 post ] 

 Relevant Pages 

1. uploading images

2. Using CGI and GD to resize uploaded images...

3. Anyone have an example...Uploading Images?

4. Uploading image files..

5. Problem to upload image file

6. Uploading image

7. Upload Image don't refresh

8. uploading images to server

9. Uploading image files

10. Uploading Images

11. Uploading images via Perl script

12. Uploading image troubles

 

 
Powered by phpBB® Forum Software