Need Help - CGI Script for Upload

[clyde]

I admit upfront I need Help.

In a nutshell I would like the Client to be able to upload
from an HTML to My server, an iSERIES (AS/400).

From doing some reading I think my best bet would be a
CGI Script.

I cannot Find any Examples.

If You cab help me I would Appreciate it.

[pyro]

Did you try looking on http://cgi.resourceindex.com? Or, the direct link to file uploading scripts... http://cgi.resourceindex.com/Program...ile_Uploading/

[JanKok]

The script below let you upload a file to your server.
You have to change the path suitable for the directory on the server.
The script will store additional to the uploaded file a file which contain the email address of the sender with the extention email.

Create a form containing a file input an a email input.

#!/usr/bin/perl -w
use CGI;
$upload_dir = "/home/underone/public_html/uploads";
$query = new CGI;
$filename = $query->param("photo" );
$email_address = $query->param("email_address" );
$filename =~ s/.*[\/\\](.*)/$1/;
$upload_filehandle = $query->upload("photo" );

open UPLOADFILE, ">$upload_dir/$filename";
while (<$upload_filehandle> ) { print UPLOADFILE; }
close UPLOADFILE;

open EMAILFILE, ">$upload_dir/$filename.email";
print EMAILFILE $email_address;
close EMAILFILE;

print $query->header();
print <<END_HTML;
<HTML>
<HEAD>
<TITLE>Thanks!</TITLE>
</HEAD>
<BODY>
<P>Thanks for uploading your photo!</P>
<P>Your email address: $email_address</P>
<P>Your photo:</P>
<img src="/upload/$filename" border="0">
</BODY>
</HTML>
END_HTML
1;

[jeffmott]

Just a few comments on that script. First, always use strict and taint mode.

$filename =~ s/.*[\/\\](.*)/$1/;

Slashes are not the only special characters used by OSs. It is safer to have a list of characters that you know are allowed and remove all else. Or just encode the entire sequence into a hex string.

Code:

$filename =~ tr/a-zA-Z0-9_.//cd;  # -or-
$filename = unpack 'H*', $filename;

open UPLOADFILE, ">$upload_dir/$filename";
while (<$upload_filehandle> ) { print UPLOADFILE; }
close UPLOADFILE;

Always check the return value of open. What if two files are uploaded with the same name? The file should be locked. What if they're uploaded at the same time (known as a race condition)? By default files are written to and read from as text. Use binmode so it is treated as binary data.

print <<END_HTML;
<HTML>
<HEAD>
...

This isn't valid HTML. Not really a Perl issue, but still should be fixed.

1;

This isn't doing anything.