issue to upload a file

[imad77]

Hi,

I try to upload a file from a local disk located in Windows machine to a Linux server via HTTP application developed in Perl. But when I check the upload result, I find that the size is zero. I think that is something wrong related to the path where the script try to get.

Have you any idea about his issue?

Thanks.

Here is the code:
======================
#!/usr/bin/perl

my $b_r=0;
my $size='';
my $buffer='';
$fpath='E:\Documents and Settings\Administrator\My Documents\test_aa.pps';
$upload_path="/pcs/plac";

if ($fpath =~ /([^\/\\]+)$/)
{
$fname="$1";
}
else
{
$fname="$fpath";
}


$fname =~ s/\s+//g;
$wfile="$upload_path" . "/" . "$fname";

if (!open(FILE1,">$wfile"))
{
print "problem \n";
return;
}

while ($b_r=read($fpath,$buffer,2096))
{
$size += $b_r;
binmode FILE1;
print FILE1 $buffer;
}

close(FILE1);

 

[Kirsle]

$fpath='E:\Documents and Settings\Administrator\My Documents\test_aa.pps';

You can't do this. Browser security settings (in *every* browser out there) don't allow the user to upload a file to the server unless the user explicitly selects the file to upload, via an <input type="file"> field.

You can't hardcode a preset file path anywhere. On the HTML form side, <input type="file"> won't accept a "value" attribute, and JavaScript isn't allowed to modify the value of a file field. The end user must explicitly click on the "Browse" button, browse for the file, select it, and then submit the form.

When the form is submitted, the user's browser sends the file path and/or name (from the "file" field), and additionally sends the binary data of the file the user uploaded. This information is *ONLY* sent to the web server if the user explicitly selected this file for upload as mentioned above.

There is nothing that HTML, JavaScript, or server-side Perl can do to force the user to upload a file from their computer. They must manually do it themselves.

So the best bet is to just put a bit of text on the upload page telling the user what file to upload. The user still has to click on "Browse" themselves and browse for and select that file.

If you think it's a dumb security restriction in browsers, consider this: what if you went to a site that forced your browser to upload your saved passwords file, or your cookies for a different site, or your e-mail address book, or ...? This is why the HTTP spec forbids stuff like this from being possible.

Cuvou.com | My personal homepage

perl -e '$|=$i=1;print" oo\n<|>\n_|_";x:sleep$|;print"\b",$i++%2?"/":"_";goto x;'

 

[imad77]

Hi Kirsle,

You are right.

My script ask the user to browse the file and when he chooses the file and clickes on the upload button, the script upload the file with the good size and it works fine but when the file already exists in the Linux server, the user should choose between Yes or No to overwrite the file. If he hits the Yes button, it will overwrite the original file, but the size is zero.

Before hitting the Yes button, I keep the content in a hidden variable:

$fpath=$q->param('upfile');
print $q->hidden('fpath1',$fpath);

When he hits Yes, it should call the following subroutine :
sub up_file {
my $b_r=0;
my $size='';
my $buffer='';
$fpath=;
$fpath=$q->param('fpath1')
$upload_path="/pcs/plac";

if ($fpath =~ /([^\/\\]+)$/)
{
$fname="$1";
}
else
{
$fname="$fpath";
}


$fname =~ s/\s+//g;
$wfile="$upload_path" . "/" . "$fname";

if (!open(FILE1,">$wfile"))
{
print "problem \n";
return;
}

while ($b_r=read($fpath,$buffer,2096))
{
$size += $b_r;
binmode FILE1;
print FILE1 $buffer;
}

close(FILE1);
}

 

[KevinADC]

The code does not appear to be using any CGI or HTML forms but instead is trying to use the open() function to transfer a file from machine to machine. He needs to look into using some type of file transfer protocol.

------------------------------------------
- Kevin, perl coder unexceptional!

 

[Kirsle]

So, sequence of events is:

1) User's presented a file upload page, they manually select the file and upload it

2) File data is uploaded to a CGI script, (which doesn't wanna save it necessarily yet). The CGI sees the file already exists, gives the user an option to overwrite it or not.

3) User says yes. When he submits this form, all he sends to the server is that he picked yes. The file data wasn't re-uploaded on this request, because there was no file form given in step 2 where the user selected the file and uploaded it again.

So, only step 2 here can receive the file data, unless the page given at step 2 gives them the option to re-select the file and upload it a second time.

So at step 2, if the file exists, you might want to save it in a temporary location on the server. If the user selects yes, then move it from the temp location to its final destination. If the user selects no, delete the file from the temp folder. If the user doesn't select either option but closes his browser, you'll need a system of cleaning up old temp files (possibly checking their modified time and deleting files that were last modified 5 hours ago, or some criteria like this).

To ensure that files written to your temp folder don't clobber eachother, you could create subfolders based on the current time + the perl script's process ID + the user's IP address, etc. so that even if 2 users upload a file with the same name at the same time, they'll be stored in separate locations on disk in the temp folder.

Cuvou.com | My personal homepage

perl -e '$|=$i=1;print" oo\n<|>\n_|_";x:sleep$|;print"\b",$i++%2?"/":"_";goto x;'

 

[imad77]

oh it makes sense, I will try it if I have not another way or solution.

Thanks a lot guys