File upload problem

[JimJx]

Hi all,

I am using the following script to upload files. The user is presented a form, the only element is a way to browse for a file, and the users name that comes in a hidden input.

What I would like to do is have a dir created under secure using $name and then write the file to that dir.

But, I am getting the error

Short Read: wanted 8292, got 0

Any insight greatly appreciated.
Jim

#!/usr/bin/perl -w

use CGI;

use CGI qw(:standard Vars);
use CGI::Carp qw(fatalsToBrowser warningsToBrowser);

$inv_dir = "/htdocs/secure/Inv/";

$query = new CGI;
&ReadParse(*input);      # Read query input.

my $filename = $query->param("fileUp");
$filename =~ s/.*[\/\\](.*)/$1/;
my $upload_filehandle = $query->upload("fileUp");
my $name = $query->param("name");
my $inv_dir .= $name;

if(-e $inv_dir){ 
  print "Folder $inv_dir exists."; 
} else {
  mkdir ($inv_dir);
}

open UPLOADFILE, ">$inv_dir/$fileUp, 0755";
binmode UPLOADFILE;
while ( <$upload_filehandle> )
{
  print UPLOADFILE;
}

close UPLOADFILE;

 

[KevinADC]

this line is not needed at all, remove it from your script:

&ReadParse(*input);      # Read query input.

then retry the script. I'm not sure it that is causing the problem but it might be.

You're also doing something very bad: using unvalidated user input to create a folder on the server. You need to make sure nobody is trying any funny business with the "name" field. For example:

my $name = $query->param("name");
unless ($name =~ /^[\w-]+$/ ) {
   die "Only a-zA-Z0-9_- are allowed in file names";
}

You should be using "strict" and the "-T" switch on the shebang line and "warnings" instead of -w, like so:

#!/usr/bin/perl -T

use warnings;
use strict;

- Kevin, perl coder unexceptional!