Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

need to pass on a file from a form to cgi script to perl program

Status
Not open for further replies.
kavi98

kavi98

Programmer
Dec 14, 2000
48
0
0
US
the html form is to take the file name upload it to the cgi script and then the file is to be passed on to a perl program to be used in execution there.

the form
<!Form to upload a text file to generate a script .>
<HTML>
<HEAD>
<TITLE>Uploading File</TITLE>
</HEAD>
<BODY>
<FONT size=6 type=&quot;ariel&quot; color = #0000FF align =&quot;center&quot;>Please click browse to Upload the File</FONT>
<TABLE width=&quot;510&quot; border=&quot;0&quot; cellpadding=&quot;0&quot; cellspacing=&quot;0&quot; bgcolor=&quot;#FFFFFF&quot;>
<tr><td align=&quot;left&quot; valign=&quot;top&quot; height=&quot;20&quot;>
<FORM METHOD = POST ACTION =&quot; ENCTYPE=&quot;multipart/form-data&quot;>


Local File: <INPUT TYPE =&quot;file&quot; value= &quot;UPLOAD&quot; ACCEPT=&quot;text/plain,image/gif&quot;>
</td></tr><br>

<tr><td align=&quot;left&quot; valign=&quot;top&quot; height=&quot;20&quot;><br>
&amp;#032;&amp;#032;<INPUT TYPE = &quot;submit&quot; value =&quot;Transfer File&quot;>
<INPUT TYPE = &quot;reset&quot; value= &quot;Reset &quot;>
</td></tr>
</FORM>
</TABLE>
</BODY></HTML>

the cgi script which i am still trying to understand and write.So it still has a lot of loose ends.

#!/usr/local/bin/perl

print &quot;Content-type:text/html\n\n&quot;;

read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&amp;/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$FORM{$name} = $value;
}
print &quot;$value \n&quot;;
print &quot;<html><head><title>Form Output</title></head><body>&quot;;
print &quot;<h2>Results from FORM post</h2>\n&quot;;

foreach $key (keys(%FORM)) {
print &quot;$key = $FORM{$key}<br>&quot;;
}

print &quot;</body></html>&quot;;

~
from this script i want to pass the file to the perl program and use the data in the text file passed

thanks for the help
 
Sort by date Sort by votes
Well, my first observation is that you need to use a valid system path, not a URL. In other words, if &quot; is the url to your file, then you have to reference it like &quot;/home/users/karora/cgi-bin/filename.txt&quot; assuming that is your file structure. You'll have to ask your sysadmin the full path to your account. Also, you should never put data files in your cgi-bin. Instead you should put it somewhere like &quot;/home/users/karora/datadir/filename.txt&quot;. But that is just a security precaution... your system should let you write your file to your cgi-bin if you want to as long as it is owned by the webserver user and is chmod 777.

The second suggestion would be to try commenting out the flock code. Some systems to not provide flock compatibility. So, try commenting it out and see if that changes anything.

Does it run correctly from the command line?
Sincerely,

Tom Anderson
CEO, Order amid Chaos, Inc.
 
Upvote 0 Downvote
owned by the webserver user and is chmod 777

i would definately not do this. firstly you should probably never have a data file in your cgi directory chmoded 777. i would make it 666, meaning read and write privledges for everyone. if you have it 777 you are, which is read/write/execute for everyone, you are just asking for problems. secondly, i would also not have any of my files owned by the webservers user account. that means someone else hosted on the system can arbitrarily change the permissions on your file, or do much worse, just by running a cgi program of their own. or, someone else could have it change things by writing to your chmod 777 file then running it.

if you have to make a file publicly writiable, dont give it execute permissions, and if you have to make a file publicly executable, dont give it write permission. adam@aauser.com
 
Upvote 0 Downvote
I meant owned by the webserver user or chmod 777. Otherwise you won't have permission to write the file from your perl script (unless you are using some sort of cgi-wrapper which changes the owner in some way). This is also why I suggested NOT putting data files in your cgi-bin, but in a non-web-accessible directory.
Sincerely,

Tom Anderson
CEO, Order amid Chaos, Inc.
 
Upvote 0 Downvote
chmod 777 is still not a good idea for data files. even if its in a non web accessible directory. adam@aauser.com
 
Upvote 0 Downvote
Well, if the webserver user does not have permission to write to that directory otherwise, you have no choice but to chmod 777. In most cases, you'd be better off chowning that directory to the webserver user, though. Sorry if I wasn't specific in my recommendation.
Sincerely,

Tom Anderson
CEO, Order amid Chaos, Inc.
 
Upvote 0 Downvote
no. why do you need 777? if you want to give it execute 755 is fine. if you want to give it write 666 is fine. you dont need to give the webserver write privledges to a file its going to execute. adam@aauser.com
 
Upvote 0 Downvote
We're talking about writing a file. The script needs to write a new datafile to the target directory. So, it either needs to own that directory or have write permission. You're right in that 666 would be sufficient for writing data files, but adding execution priviledges to non-executable files doesn't add any security risk as far as I know.
Sincerely,

Tom Anderson
CEO, Order amid Chaos, Inc.
 
Upvote 0 Downvote
Hi ,Thanks for all the help ,When i run the code on the command line it asks for the input and i set the variable $upload to the path of the file name and then it hangs up ,i think it does not assign the file contents to the variable $upload so it never enters the loop.

Please see the code below ,when i try to print the contents of the form it gives me the file name ,how can i find out if the contents are being uploaded.


#!/opt/ZDperl/bin/perl -w
> # CGI routines
> use CGI_Lite;
> #use Fcntl qw:)flock);
> my $cgi = new CGI_Lite;
> my %in = $cgi->parse_form_data;
>
> # get the file from the input stream
> my $upload = $in{&quot;UPLOAD&quot;};
>
> my $filename = &quot;home/karora/textDir/filename.txt&quot;;
> # print your html header
> print &quot;Content-type: text/html\n\n&quot;;
>
> # check if it's there, and write it to disk
> if ($upload)
> {
> open(TEXT, &quot;>$filename&quot;) || CgiDie(&quot;Cannot open $filename for
> writing&quot;);
> #unless (flock (TEXT, LOCK_EX)) {CgiDie(&quot;Cannot lock $filename: $!&quot;);}
> print TEXT $upload;
> close(TEXT);
> }
> else {CgiDie(&quot;Error: file did not upload.&quot;);}
>
> # print the page
> print &quot;<html><head><title>Form Output</title></head>&quot;;
> print &quot;<body>&quot;;
> print &quot;<h2>Results from FORM post:</h2><br>&quot;;
> #print &quot;$upload&quot;;
> $view=$cgi->print_form_data;
> print $view;
> print &quot;</body></html>&quot;;
>
> sub CgiDie
> {
> my ($message) = @_;
> print $message;
> #die (&quot;$message&quot;);
> }

Thanks again for all the help.

 
Upvote 0 Downvote
To test your CGI script on the command line, you have to pass it your parameters in the same fashion that they would appear through CGI. In your case, do something like this:

perl your_script.pl &quot;UPLOAD='this is the contents of the file'&quot;

Your script should then parse that into the %in array just as it would a file if you were uploading a text file with that line in it.
Sincerely,

Tom Anderson
CEO, Order amid Chaos, Inc.
 
Upvote 0 Downvote
if the file has a write privledge for everyone, there is a risk. adam@aauser.com
 
Upvote 0 Downvote
Of course there is a risk in having anything world-writable. But that is the only way that your script can write the file unless it owns the directory. It is not too much of a risk if nobody but you has an account on your server, which ought to be the case if you are dealing with any sensitive data. Or, if you have to share the system, then put your data in an RDMS protected by a password -- but that is still not too secure since the password must be contained in your necessarily readable script. The point is, that in order for kavi98 to be able to write his uploaded file to his server's filesystem, then the directory he is writing to must be owned by the webserver user or world-writable. Agreed?
Sincerely,

Tom Anderson
CEO, Order amid Chaos, Inc.
 
Upvote 0 Downvote
perl load1.cgi
[ Reading query from standard input. Press ^D to stop! ]
UPLOAD = this has to be uploaded and the contents should alsio be a part of it
Content-type: text/html

Error: file did not upload.<html><head><title>Form Output</title></head><body><h
2>Results from FORM post:</h2><br>UPLOAD = this has to be uploaded and the con
tents should alsio be a part of it
</body></html>>

This is the error generated,it still does not enter th loop,
 
Upvote 0 Downvote
yes, i agrred on that, but there is no reason to make a world-writeable file world executeable. adam@aauser.com
 
Upvote 0 Downvote
That makes absolutely no sense whatsoever. First, it outputs the error message which would only occur if $upload did not contain any data. At that point, it should have died. But, it continued running anyway despite the explicit die command. And then, in the output, it printed the contents of $upload as what you typed in! So, like I said, this makes no sense to me. It should work just fine. If $upload contains data, as it apparently does since it printed it out, then it shouldn't return an error.

Try putting the parameter on the command line like I showed you in my last post rather than allowing it to read from STDIN. Also, is it still giving you an error if you do it from the web page form?
Sincerely,

Tom Anderson
CEO, Order amid Chaos, Inc.
 
Upvote 0 Downvote
Thanks for all the help,the script works fine.


 
Upvote 0 Downvote
No it actually does on the command line it transfers perfectly but then when i use it from the browser it just does not load.
Any reasons you can think why it does that.
 
Upvote 0 Downvote
Gotta' be getting close....;^)

Exactly what do you mean 'it does not load'? Step by Step..... you bring up an HTML input page, identify a file to upload and click a submit button.... and so on........where exactly in the string of events does it 'not load'. And what, in descriptive language, does it do or not do.






keep the rudder amid ship and beware the odd typo
 
Upvote 0 Downvote
If i type in the contents of the file on the command line it transfers then to the file given in the path,but when i try to run the same script as above i get a file not loaded error which is in the code,it does not get the contents of the file which i am trying to upload.

it is just not getting any contents from the web page.
this does not work .

my %in = $cgi->parse_form_data;

Thanks

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rob54321
  • Question
Perl how to read line from file with interpolation 1
Replies
6
Views
274
rob54321
rob54321
newbie1238585
  • Locked
  • Question
Perl how to read string in csv file * as wildcard operator
Replies
2
Views
179
mikrom
mikrom
eslie
  • Locked
  • Question
Perl script behavior makes no sense!!!
Replies
0
Views
107
eslie
eslie
Bob6739
  • Locked
  • Question
Perl Beginner - Need Help
Replies
6
Views
174
feherke
feherke
ss_ham
  • Locked
  • Question
in Perl find call looking to exclude folder and ignore duplicate finds.
Replies
2
Views
166
ss_ham
ss_ham

Part and Inventory Search

Sponsor

Back
Top