steviewonder
asked on
upload file using CGI
How can I default the filename/pathname in the form, used to upload the file to the server?
<FORM ENCTYPE="multipart/form-da
Upload this file: <INPUT NAME="userfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Upload File">
</FORM>
I'd like the user does NOT have to click on Browser button to select a file. But the file already selected and ready to send.
thanks.
<FORM ENCTYPE="multipart/form-da
Upload this file: <INPUT NAME="userfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Upload File">
</FORM>
I'd like the user does NOT have to click on Browser button to select a file. But the file already selected and ready to send.
thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I do kow that, lexx and I totally agree.
But as this is one of those answers, the people don't want to hear as they don'T provide a solution and will not satisfy him/her, WE - the experts, giving this "bad news", will be blamed with either answer not beeing accepted or a bad grade.
This is happening to most security-related questions.
I should have said "blame the vendors, not me" - or in a more historical way "don't kill the messanger" :-)
Have fun
CirTap
PS The only way this may be solved is using an "HTML Application" (HTA) with MSIE (MSHTA.EXE) as they are so calles "trusted applications" and have full access to the client machine.
http://msdn.microsoft.com/workshop/author/hta/hta_node_entry.asp
But as this is one of those answers, the people don't want to hear as they don'T provide a solution and will not satisfy him/her, WE - the experts, giving this "bad news", will be blamed with either answer not beeing accepted or a bad grade.
This is happening to most security-related questions.
I should have said "blame the vendors, not me" - or in a more historical way "don't kill the messanger" :-)
Have fun
CirTap
PS The only way this may be solved is using an "HTML Application" (HTA) with MSIE (MSHTA.EXE) as they are so calles "trusted applications" and have full access to the client machine.
http://msdn.microsoft.com/workshop/author/hta/hta_node_entry.asp
i understand
:)
:)
i'm an expert
.1.6 What is Full Disclosure?
Full Disclosure is a security philosophy that believes:
A truly secure system must be able to withstand open review at all levels (e.g. protocol, source code, etc).
The details of security vulnerabilities should be available to everyone.
Benefits include:
A large number of individuals get to review the system for security weaknesses.
Vendors are pressured into providing security fixes quickly.
Programmers and system designers can learn from others mistakes.
Users can identify similar vulnerabilities on systems other than the original.
Cons include:
At the same time you inform constructive people of security vulnerabilities, you also inform destructive people.
0.1.7 What is Security Through Obscurity?
Security Through Obscurity is a security philosophy that believes:
Thats if the details of a system are not made publicly available the system will be more secure.
Vulnerability details should be restricted to vendors and a few security experts.
0.1.8 What is the proper protocol to report a security vulnerability?
A sensible protocol to follow while reporting a security vulnerability is as follows:
Contact the product's vendor or maintainer and give them a one week period to respond. If they don't respond post to the list.
If you do hear from the vendor give them what you consider appropriate time to fix the vulnerability. This will depend on the vulnerability and the product. It's up to you to make and estimate. If they don't respond in time post to the list.
If they contact you asking for more time consider extending the deadline in good faith. If they continually fail to meet the deadline post to the list.
When is it advisable to post to the list without contacting the vendor?
When the product is no longer actively supported.
When you believe the vulnerability to be actively exploited and not informing the community as soon as possible would cause more harm then good.
All this being said, we rather have people report vulnerabilities to the list and not inform the vendors, whatever their reasons may be, than to have them keep the information to themselves.
0.1.9 What should be included in a vulnerability report?
A list of vulnerable applications/operating systems/device/etc with version numbers and patch levels.
A list of non-vulnerable applications/operating systems/devices/etc with version numbers and patch levels.
A detailed discussion of the vulnerability and the environment in which it was found.
A detailed discussion on how to reproduce the vulnerability, possibly including exploit programs.
A detailed discussion of solutions, fixes or possible work-arounds.
References to information related to the vulnerability.
Appropriate credit if the vulnerability was found by someone else.
0.1.10 Do you verify the information on the list?
No, we do not. The BUGTRAQ moderation process is not meant to verify and validate any information, patches, exploits or programs send out via the list. It is in place to keep the discussion in the list on topic.
You should not assume that any of the information in the list is correct, or that any of the patches, exploits and programs do not contain backdoors or trojans without verifying this yourself. If you can't verify it yourself we recommend that you wait until other subscribers verify the validity of the information and post their result to the list.
It is quite likely that there will be times when live exploits will be sent to the list. Some may even may affect your mail reading program. You should assume this will be the case and prepare for such situation.
Caveat Emptor
0.2 History
0.2.1 When was BugTraq created?
BugTraq was created on Friday the 5th of November, 1993 by Scott Chasin. Aleph One took over BugTraq on Tuesday the 14th of May, 1996 and it was passed on to David Ahmad on Oct 15, 2001. Over the years BugTraq has grown into a well respected security mailing list with over thirty thousand subscribers.
0.2.2 When did BugTraq become moderated?
BugTraq became moderated on the 5th of June, 1995. At the same time BugTraq was moved to netspace.org. The list became moderated after the noise level became unacceptable.
0.3 List Management
0.3.1 How do I subscribe?
Send an e-mail message to bugtraq-subscribe@security
0.3.2 How do I unsubscribe?
Send an e-mail message to bugtraq-unsubscribe@securi
If your email address has changed email listadmin@securityfocus.co
0.3.3 How do I disable mail delivery temporarily?
.1.6 What is Full Disclosure?
Full Disclosure is a security philosophy that believes:
A truly secure system must be able to withstand open review at all levels (e.g. protocol, source code, etc).
The details of security vulnerabilities should be available to everyone.
Benefits include:
A large number of individuals get to review the system for security weaknesses.
Vendors are pressured into providing security fixes quickly.
Programmers and system designers can learn from others mistakes.
Users can identify similar vulnerabilities on systems other than the original.
Cons include:
At the same time you inform constructive people of security vulnerabilities, you also inform destructive people.
0.1.7 What is Security Through Obscurity?
Security Through Obscurity is a security philosophy that believes:
Thats if the details of a system are not made publicly available the system will be more secure.
Vulnerability details should be restricted to vendors and a few security experts.
0.1.8 What is the proper protocol to report a security vulnerability?
A sensible protocol to follow while reporting a security vulnerability is as follows:
Contact the product's vendor or maintainer and give them a one week period to respond. If they don't respond post to the list.
If you do hear from the vendor give them what you consider appropriate time to fix the vulnerability. This will depend on the vulnerability and the product. It's up to you to make and estimate. If they don't respond in time post to the list.
If they contact you asking for more time consider extending the deadline in good faith. If they continually fail to meet the deadline post to the list.
When is it advisable to post to the list without contacting the vendor?
When the product is no longer actively supported.
When you believe the vulnerability to be actively exploited and not informing the community as soon as possible would cause more harm then good.
All this being said, we rather have people report vulnerabilities to the list and not inform the vendors, whatever their reasons may be, than to have them keep the information to themselves.
0.1.9 What should be included in a vulnerability report?
A list of vulnerable applications/operating systems/device/etc with version numbers and patch levels.
A list of non-vulnerable applications/operating systems/devices/etc with version numbers and patch levels.
A detailed discussion of the vulnerability and the environment in which it was found.
A detailed discussion on how to reproduce the vulnerability, possibly including exploit programs.
A detailed discussion of solutions, fixes or possible work-arounds.
References to information related to the vulnerability.
Appropriate credit if the vulnerability was found by someone else.
0.1.10 Do you verify the information on the list?
No, we do not. The BUGTRAQ moderation process is not meant to verify and validate any information, patches, exploits or programs send out via the list. It is in place to keep the discussion in the list on topic.
You should not assume that any of the information in the list is correct, or that any of the patches, exploits and programs do not contain backdoors or trojans without verifying this yourself. If you can't verify it yourself we recommend that you wait until other subscribers verify the validity of the information and post their result to the list.
It is quite likely that there will be times when live exploits will be sent to the list. Some may even may affect your mail reading program. You should assume this will be the case and prepare for such situation.
Caveat Emptor
0.2 History
0.2.1 When was BugTraq created?
BugTraq was created on Friday the 5th of November, 1993 by Scott Chasin. Aleph One took over BugTraq on Tuesday the 14th of May, 1996 and it was passed on to David Ahmad on Oct 15, 2001. Over the years BugTraq has grown into a well respected security mailing list with over thirty thousand subscribers.
0.2.2 When did BugTraq become moderated?
BugTraq became moderated on the 5th of June, 1995. At the same time BugTraq was moved to netspace.org. The list became moderated after the noise level became unacceptable.
0.3 List Management
0.3.1 How do I subscribe?
Send an e-mail message to bugtraq-subscribe@security
0.3.2 How do I unsubscribe?
Send an e-mail message to bugtraq-unsubscribe@securi
If your email address has changed email listadmin@securityfocus.co
0.3.3 How do I disable mail delivery temporarily?
StevieWonder - I ain't superstitious ...
are you?
so believe the experts (see critap above), and not the vendors
:-)
are you?
so believe the experts (see critap above), and not the vendors
:-)
Upload this file: <INPUT NAME="userfile" TYPE="file" VALUE="path/to/file/">
you are now down to only a submit click.
you are now down to only a submit click.
hi teamatomic,
before posting ANYTHING you should read the question!
Beside that, your "answer" was not even worth beeing submitted as it's what StevieWonder alread had in his question!
CirTap
before posting ANYTHING you should read the question!
Beside that, your "answer" was not even worth beeing submitted as it's what StevieWonder alread had in his question!
CirTap
Dear teamatomic
I've rejected your proposed answer as Experts Exchange holds an experiment to work without the answer button.
See: https://www.experts-exchange.com/jsp/communityNews.jsp
Paragraph: Site Update for Wednesday, November 06, 2002
By this rejection the Asker will be notified by mail and hopefully he will take his responsibility to finalize the question or post an additional comment.
The Asker sees a button beside every post which says "Accept This Comment As Answer" (including rejected answers) -- so if he/she thinks yours is the best, you'll be awarded the points and the grade.
EXPERTS: I will return in seven days to close this question. Please leave your thoughts and recommendations here
Thanks !
Jgould
Community Support Moderator
Experts Exchange
I've rejected your proposed answer as Experts Exchange holds an experiment to work without the answer button.
See: https://www.experts-exchange.com/jsp/communityNews.jsp
Paragraph: Site Update for Wednesday, November 06, 2002
By this rejection the Asker will be notified by mail and hopefully he will take his responsibility to finalize the question or post an additional comment.
The Asker sees a button beside every post which says "Accept This Comment As Answer" (including rejected answers) -- so if he/she thinks yours is the best, you'll be awarded the points and the grade.
EXPERTS: I will return in seven days to close this question. Please leave your thoughts and recommendations here
Thanks !
Jgould
Community Support Moderator
Experts Exchange
IMHO points to cirtap, the first one to say it is not possible.
I have noticed that you have 9 opened questions that are quite old. You have a responsibility to close these questions out.
You can get to them by clicking on your name link at the upper left of the web page.
https://www.experts-exchange.com/questions/20181671/usr-xpg4-bin-id-command-results-different-on-solaris-8-and-2-6.html
https://www.experts-exchange.com/questions/20181063/configuring-multi-home-solaris-8-box.html
https://www.experts-exchange.com/questions/20357606/java-applet-error-running-our-Internet-Explorer-5-5.html
https://www.experts-exchange.com/questions/20375901/CGI-to-display-result-on-a-new-broser-window-in-IE.html
https://www.experts-exchange.com/questions/20361952/upload-file-using-CGI.html
https://www.experts-exchange.com/questions/20336471/CGI-script-to-download-a-file-from-server-to-client's-directory.html
https://www.experts-exchange.com/questions/20164644/Using-Internet-Connection-Sharing-on-Win98-with-a-WinNT-PC.html
https://www.experts-exchange.com/questions/20338617/get-error-failure-audit-when-creating-custom-receipient-in-exchange.html
https://www.experts-exchange.com/questions/20164835/Import-Exchange-5-5-data-into-Exchange-2000-in-a-different-box.html
Please close all of your old questions (older than a month) within 7 days or I have a duty to report this to the site administrators who may take action on your account.
If you have question on how to dispose of a question that doesn't have an answer, just ask me by dropping a line on this question and I will assist you.
Thanks for helping keep Experts Exchange clean
DigitalXtreme
CS Moderator
You can get to them by clicking on your name link at the upper left of the web page.
https://www.experts-exchange.com/questions/20181671/usr-xpg4-bin-id-command-results-different-on-solaris-8-and-2-6.html
https://www.experts-exchange.com/questions/20181063/configuring-multi-home-solaris-8-box.html
https://www.experts-exchange.com/questions/20357606/java-applet-error-running-our-Internet-Explorer-5-5.html
https://www.experts-exchange.com/questions/20375901/CGI-to-display-result-on-a-new-broser-window-in-IE.html
https://www.experts-exchange.com/questions/20361952/upload-file-using-CGI.html
https://www.experts-exchange.com/questions/20336471/CGI-script-to-download-a-file-from-server-to-client's-directory.html
https://www.experts-exchange.com/questions/20164644/Using-Internet-Connection-Sharing-on-Win98-with-a-WinNT-PC.html
https://www.experts-exchange.com/questions/20338617/get-error-failure-audit-when-creating-custom-receipient-in-exchange.html
https://www.experts-exchange.com/questions/20164835/Import-Exchange-5-5-data-into-Exchange-2000-in-a-different-box.html
Please close all of your old questions (older than a month) within 7 days or I have a duty to report this to the site administrators who may take action on your account.
If you have question on how to dispose of a question that doesn't have an answer, just ask me by dropping a line on this question and I will assist you.
Thanks for helping keep Experts Exchange clean
DigitalXtreme
CS Moderator
Force Accepted to cirtap
SpideyMod
Community Support Moderator @Experts Exchange
SpideyMod
Community Support Moderator @Experts Exchange
we cant blame the vendors, can we? this sure should be the way it is..
you cant do it steve.