http://qs321.pair.com?node_id=129822

transmission_err has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: I need a simple web upload script.
by atcroft (Abbot) on Dec 08, 2001 at 10:48 UTC

    Below is some code I wrote a while back for doing something similar, though not necessarily exactly the same. Below that is the HTML form, so you can see the enctype entry.

    There are some issues with this code, such as the chance of files being overwritten, but this should give you a starting point.

    This script also lets the uploader send an email. Of course, this could be abused, so some restrictions on this should probably be put in place.

    Relevant thread: Security issues when allowing file upload via CGI.

    My post-upload.cgi script:

    #!/usr/bin/perl -- use CGI qw( :standard escapeHTML ); use strict; my $megabyte = 1024 * 1024; # bytes my $max_mb = 10; # max no. of MB we will allow $CGI::DISABLE_UPLOADS = 0; # CGI module variable for en/disabling uploads (non-zero to disable) $CGI::POST_MAX = $megabyte * $max_mb; # CGI module variable for maximum upload size (bytes) my $base_dir = "/var/www/site1/web/"; my $base_dom = "http://www.website.here/"; my $target_dir = "../uploads"; my $directory = $base_dir . $target_dir; my $sendmail = "/usr/bin/sendmail"; my @sendmail_opts = ( '-oi', '-t' ); $| = 1; my $query = new CGI; my @names = $query->param; my $url = $query->param("URL"); my $fh = $query->upload('upload_file'); my $filename = $query->param('name'); $filename =~ s/[^A-Za-z0-9\.\_]/_/g; open OUTF, "> $directory$filename" or die; binmode OUTF; while ( $bytesread = read $fh, $buffer, 1024 ) { print OUTF $buffer; } close OUTF; if ( !$file && $query->cgi_error ) { print $query->header( -status => $query->cgi_error ); exit 0; } open MAIL, "| $sendmail @sendmail_opts" or die "Can't fork sendmail: $ +!\n"; print MAIL "From: $0\n", "To: ", $query->param("TO"), "\n", "Subject: ", ( $query->param("SUBJECT") || "mailed form submission +" ), "\n\n"; for my $param ( @names ) { printf MAIL "%s: %s\n", $para, $query->param($param); } print MAIL "\n\nThe link to the uploaded file is $base_dom$target_dir$filenam +e . ", "It was renamed by the upload script, so you will need to rename i +t.\n"; close MAIL; print $query->redirect( -URL => $url );

    My sample upload form (body only):

    <form action="/cgi-bin/post-upload.cgi" method="post" enctype="multipa +rt/form-data"> <!-- hidden inputs --> <input name="TO" type="hidden" value="my.address@my.domain" /> <input name="URL" type="hidden" value="http://www.website.here/submiss +ion.done.htm" /> <input name="SUBJECT" type="hidden" value="From Your Upload Center on +Website" /> <!-- visible inputs --> File to send: <input name="upload_file" type="file" size="30" /><br> Your name: <input name="name" size="42" /><br> E-mail: <input name="Email" size="42" /><br> <input type="submit" value="SEND FILE" /> <input type="reset" value="CLEAR" /> </form>

      To make this portable to Win32 web servers, add   bindmode(OUT); after the open()
      And I forgot the ending  </FORM> on the upload form snippet, too.
Re: a simple picture upload script
by Anonymous Monk on Jun 11, 2004 at 22:51 UTC
    almost perfect... but i miss the only jpg or gif extention (they could now upload all extention files)
Re: a simple picture upload script
by transmission_err (Initiate) on Jan 07, 2002 at 08:10 UTC
    is there anyway to do this without using the cgi_lib? and what should the file permissions be (as in the folder to be uploaded too).

    Originally posted as a Categorized Answer.