views:

486

answers:

4

How would I write a Perl CGI script that receives a file via a HTTP post and saves that to the file system?

+7  A: 

Just a note: however you will write it, don't save it in a place accessible from your web-server.

And now to the point: below is a script which I was using for some time for photo-uploading. It might need some tweaking, but should show you the way.

As the image isnt uploaded to web-accesible directory, we then have separate process checking it, resizing, putting a watermark and placing it where it can be accessed.

 #!/usr/bin/perl -wT

use strict;
use CGI;
use CGI::Carp qw ( fatalsToBrowser );
use File::Basename;

$CGI::POST_MAX = 1024 * 5000;
my $safe_filename_characters = "a-zA-Z0-9_.-";
my $upload_dir = "/home/www/upload";

my $query = new CGI;
my $filename = $query->param("photo");
my $email_address = $query->param("email_address");

if ( !$filename )
{
 print $query->header ( );
 print "There was a problem uploading your photo (try a smaller file).";
 exit;
}

my ( $name, $path, $extension ) = fileparse ( $filename, '\..*' );
$filename = $name . $extension;
$filename =~ tr/ /_/;
$filename =~ s/[^$safe_filename_characters]//g;

if ( $filename =~ /^([$safe_filename_characters]+)$/ )
{
 $filename = $1;
}
else
{
 die "Filename contains invalid characters";
}

my $upload_filehandle = $query->upload("photo");

open ( UPLOADFILE, ">$upload_dir/$filename" ) or die "$!";
binmode UPLOADFILE;

while ( <$upload_filehandle> )
{
 print UPLOADFILE;
}

close UPLOADFILE;

print $query->header ( );
print <<END_HTML;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
   <title>Thanks!</title>
 </head>
 <body>
   <p>Thanks for uploading your photo!</p>
 </body>
</html>
END_HTML
kender
In perl 5.6 and later, you can separate the file open mode from the filename, making it "safer", e.g., open(my $fh, ">", $file_name) or die "Can't open $filename: $!". In 5.8 and later, you can even use "-|" or "|-" and use arrays for the remaining args for safer fork/execs.
runrig
Right :) I'm far from being a perl-hacker that knows what bugs in each version are allowed by perl golf ;) Thanks for info though :)
kender
+6  A: 

See the CGI.pm documentation for file uploads.

Leon Timmermans
+9  A: 

Use the CGI module.

my $fh = $query->upload('upload_field');
while(<$fh>) {
  print SAVE_FILE $_;
}
Glomek
+4  A: 

I'd start by using CGI and reading CREATING A FILE UPLOAD FIELD, and using open to create a file and print to write to it. (and then close to close it).

runrig