@CGI $q->upload() doesnt work properly

AlexTape has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks, i´m desperated ;-) i´m want to use the cgi.pm to upload a file via a webinterface, but the filehandle <$upload_Handle> give exactly nothing back.. :-(


            if ($main::var{upload_file} ne "") {
                my @new_IP_data;
                if ($main::var{submit} eq "read") {
                    my $loaded_IP_list;
                    my $allowed_Types = "txt";
                    my $max_Size = 4096;
                    my $filename = $q->param('upload_file');
                        $filename =~ s/.*[\/\\](.*)/$1/;
                        $filename =~ s/\s/_/;
                    my $upload = $q->param('upload_file');
                    
                    my $file_Size = -s $upload;
                        #$file_Size /= 1000;
                    if ($file_Size > $max_Size) {
                        print "<p>file is too big - only $max_Size all
+owed - your file got $file_Size bytes</p>\n";
                        (my $kbsize,my $byt) = split(/\./, $file_Size)
+;
                        print "~ $kbsize KB";
                        
                        exit;
                    }
                    (my $file_ID,my $type) = split(/\./, $filename);
                    if($filename !~ /^\w+\.($allowed_Types)/) {
                        print "only *.txt allowed";
                        
                        exit;
                    }
                    $file_ID = time();
                    if (-e "$upload_Dir/$file_ID.$type") {
                        print "Content-type: text/html\n\n";
                        print "file already exist";
                    } else {
    #### doesnt work
    $main::q::DISABLE_UPLOADS = 0;
    my $upload_Handle = $q->upload($filename);
    chdir($upload_Dir) or die "could not read target folder: $!";
    if (!$upload_Handle && $q->cgi_error) {
        print $q->header(-status=>$q->cgi_error);
        exit 0;
    }
    my $error = $q->cgi_error;
    if ($error) {
        print $q->header(-status=>$error),
              $q->start_html('Problem'),
              $q->strong($error);
        exit 0;
    }
    while (<$upload_Handle>) {
        print;
    }
                    
    print Dumper $q;
    print $upload;
    
    while(<$upload_Handle>){print $_;}
    print $upload_Dir;
    exit;
[download]

i still get no output. $q is initialised. dont know how to fix it. fyi: on an windows apache it works fine. but now i ported the script to a opensuse box. if i try to upload a file from my windows machine to the linux webserver where the script runs it give nothing back, even no errors.

$perlig =~ s/pec/cep/g if 'errors expected';

Comment on @CGI $q->upload() doesnt work properly Download Code

Replies are listed 'Best First'.
Re: @CGI $q->upload() doesnt work properly by Eliya (Vicar) on Mar 08, 2012 at 14:35 UTC
`my $upload_Handle = $q->upload($filename);` [download] Looks like you're specifying a file name here. It should be the name of the respective file input field in the form, presumably `<input type="file" name="upload_file" /> ^^^^^^^^^^^` [download] just like you're already using it to get the file name via `$q->param('upload_file')`. `my $filename = $q->param('upload_file'); # returns (client-side) +name of the file my $filehandle = $q->upload('upload_file'); # returns handle to the +server-side temp file` [download]	[reply] [d/l] [select]
Re: @CGI $q->upload() doesnt work properly by Anonymous Monk on Mar 09, 2012 at 00:19 UTC
See this and follow the links deep, it discusses same problems your code has (in addition to what Eliya said) The cgi documentation says $CGI::DISABLE_UPLOADS not $main::q::DISABLE_UPLOADS See also Tutorials: Variable Scoping in Perl: the basics, Coping with Scoping , and start making subs/passing them arguments	[reply]
Re^2: @CGI $q->upload() doesnt work properly by AlexTape (Monk) on Mar 09, 2012 at 11:39 UTC
hm ok.. but thats not new to me.. the code i show you is only part of an package. the cgi object lies in the main. for that it´s not a scoping issue. `my $filename = $q->param('upload_file');` gives exactly the filename of the uploaded file. but not full qualified. here you are right: `$CGI::DISABLE_UPLOADS` $main::q is initialised in the main with `our $q = new cgi;` but the attribute should set like `use CGI qw/:standard/; use CGI::Carp 'fatalsToBrowser'; $CGI::POST_MAX=1024 * 100; # max 100K posts $CGI::DISABLE_UPLOADS = 1; # no uploads` [download] thanks for the pointer. like Eliya said: `my $filename = $q->param('upload_file'); # returns (client-side) +name of the file my $filehandle = $q->upload('upload_file'); # returns handle to the +server-side temp file` [download] thats still my code. but the filehandle is empty. thats what i want to fix. i want to know what this function do:`$q->upload('upload_file');` because it might be that there is a problem with fetching the data from the client..?! sorry 4 my worse diction.. $perlig =~ s/pec/cep/g if 'errors expected';	[reply] [d/l] [select]
Re^3: @CGI $q->upload() doesnt work properly by Anonymous Monk on Mar 09, 2012 at 12:55 UTC
hm ok.. but thats not new to me.. the code i show you is only part of an package. the cgi object lies in the main. for that it´s not a scoping issue. :) Um, if you know this is bad way to code (multiple exit points, action at a distance, not maintainable), why continue to use globals like that and call exit? my $filename = $q->param('upload_file'); gives exactly the filename of the uploaded file. but not full qualified. Except that it only gives what the browser sends, and the browser can send anything, including a full path full of dots, or anything at all. You're trusting the browser/user to not be evil. Don't trust, code so as to protect yourself. Full path for uploaded file, Security issues when allowing file upload via CGI, use taint and launder dirty data but the filehandle is empty. thats what i want to fix. Do you have the latest version of CGI? You should. Then, if filehandle is still empty, there must be something in cgi_error or in server logs i want to know what this function do Well, see both CGI documentation and sourcecode and you'll know :) its undef on error	[reply]
Re^4: @CGI $q->upload() doesnt work properly by AlexTape (Monk) on Mar 09, 2012 at 13:31 UTC


Keep It Simple, Stupid
	PerlMonks