Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

allowing form uploading

by sulfericacid (Deacon)
on Oct 15, 2002 at 16:42 UTC ( #205424=perlquestion: print w/replies, xml ) Need Help??

sulfericacid has asked for the wisdom of the Perl Monks concerning the following question:

This node falls below the community's threshold of quality. You may see it by logging in.

Replies are listed 'Best First'.
Re: allowing form uploading
by George_Sherston (Vicar) on Oct 15, 2002 at 17:33 UTC
    I can understand your reluctance to use modules or, for example, scripts written by others - understand, but not condone. It really *is* worth making the effort to get up the learning curve so you can do this. I speak as one who wasted time and effort not doing this for a long time. The fab thing about Perl is that for most of the things you want to do, someone else has already thought through the problem and written stuff to help you do it better. CPAN is your friend, and worth geting to know.

    You say your webhost doesn't allow you to use non-standard modules. Please don't let this stand in your way. Most of the modules you will want *are* standard by now. Or, on the other hand, there are many free or cheap webhosts that let you do what you want (for example install your own choice of modules) - cubesoft in the us or uklinux in uk are good.

    Finally, I encourage you not to be touchy about a vigorous critique of your code. Would you rather people sugar-coated it and didn't tell you what was really wrong? Anyway, a good beasting from merlyn as well as being good for the soul is very much a rite of passage around here. It's not personal.

    § George Sherston

    PS in answer to your substantive question I wouldn't dream of doing this without a module. Mail::Sendmail handles attachments, though not in a very memory-friendly way. See this faq for more. Then you'll need a form field in your original form, and you'll need to use CGI.pm to help you manage processing the form once uploaded. NB that you will want your form to be a multipart encoded form - if you're generating your form from CGI.pm, you can set this up using the start_multipart_form() method. Forty-five minutes reading the docs on CGI and Mail::Sendmail will be time well spent. Enjoy! And please come back here with any problems you encounter.
Re: allowing form uploading
by swiftone (Curate) on Oct 15, 2002 at 18:37 UTC
Re: allowing form uploading
by charnos (Friar) on Oct 15, 2002 at 18:12 UTC
    Firstly, in answer to your question, I agree with George_Sherston. Installing Mail::Sendmail seems like the way to go. I don't believe it's a standard module, but it appears to be a pure Perl module, so you should be able to download it from CPAN (see above link), upload it to your home directory, and add something like
    use lib "$ENV{HOME}"; use Mail::Sendmail;
    to your script (after configuring it).

    Secondly, you may not have deserved the severity of the browbeating you received, but you deserved some of it. I don't mean to fan the flames, but surely you must concede that asking a benevolent group of software professionals to help you write code that is truly very dangerous and deleterious to yourself, the Perl community, and the Internet itself. Sure, it may be only for a few users to abuse (before being shutdown), but it comes down to what you were told as a kid by your parents: "What if everyone threw their trash on the ground?" You can see that already there's a lot of insecurity over the web, and fostering one more leak is just out of the question. I think that merlyn thought that you were knowingly writing this hole to abuse yourself, though it appears to me that this is not true, though I can certainly see why he thought that (I did too until I read this post). Realize it was not necessarily the content of the code that was being attacked, it was the security.

    This is the best I can do and would prefer not being mocked.
    If you open yourself to suggestion (but not attack) from others, this doesn't have to be so. "Experience is a dear teacher, but fools will learn at no other." - Poor Richard's Almanac

    (Ok, so I stole that from The Mythical Man-Month ;) )

    Update: upon inspecting this, I don't think I made my own gut reaction to this code clear. I second merlyn's sentiment: Please do not deploy this code. It's great that you learned from writing real-world code, it really is, but this is not an Internet-ready email application, and shouldn't be deployed as one.
•Re: allowing form uploading
by merlyn (Sage) on Oct 15, 2002 at 18:45 UTC
    This code is still insecure. It allows the abuse of your server to send arbitrary mail to arbitrary addresses (minus a little boilerplate). The original suspect will not be traceable, but your server will get the brunt (rightfully so) of being an accessory to the crime.

    Please do not deploy this code. Please.

    -- Randal L. Schwartz, Perl hacker

Re: allowing form uploading
by sulfericacid (Deacon) on Oct 15, 2002 at 16:49 UTC
    Ugh, I meant to say I want the users to be able to send attachments via this script, sorry.
A reply falls below the community's threshold of quality. You may see it by logging in.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://205424]
Approved by TStanley
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (3)
As of 2022-06-25 11:57 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My most frequent journeys are powered by:









    Results (82 votes). Check out past polls.

    Notices?