ItsMe
asked on
download script for video files
Hi ! I want to write a script which makes it possible for the user to download special files, which normally would be opened by the web server. This is my solution, but the script just downloads
parts of files.... (mostly about 400 Bytes)
#! perl
$x = $ENV{'PATH_INFO'};
@values = split(/\&/,$x);
($dname,$trash) = split(/&/,@values[0]);
($trash,$dname) = split(/download\.pl/,$dnam
($trash,$endung) = split(/\./,$dname);
$dname = '/www/milleniumserver/vide
#$dname =~ s/\//\\/g;
open (FILE, $dname) or &fehler;
print "Content\-type\: application\/$endung\n\n";
print join('',<FILE>);
close (FILE);
open (STAT, '>>download.log');
($sek,$min,$std,$tag,$mon,
print STAT "downloaded\: $dname\; $std\:$min\:$sek \/ $tag\.$mon\.$jahr\n";
close(STAT);
sub fehler
{
print "Content-type:text/html\n\
print "\<h1\>Fehler \! Datei konnte nicht ge\ö\;ffnet werden \! \($dname\)";
die;
}
regards
ItsMe
parts of files.... (mostly about 400 Bytes)
#! perl
$x = $ENV{'PATH_INFO'};
@values = split(/\&/,$x);
($dname,$trash) = split(/&/,@values[0]);
($trash,$dname) = split(/download\.pl/,$dnam
($trash,$endung) = split(/\./,$dname);
$dname = '/www/milleniumserver/vide
#$dname =~ s/\//\\/g;
open (FILE, $dname) or &fehler;
print "Content\-type\: application\/$endung\n\n";
print join('',<FILE>);
close (FILE);
open (STAT, '>>download.log');
($sek,$min,$std,$tag,$mon,
print STAT "downloaded\: $dname\; $std\:$min\:$sek \/ $tag\.$mon\.$jahr\n";
close(STAT);
sub fehler
{
print "Content-type:text/html\n\
print "\<h1\>Fehler \! Datei konnte nicht ge\ö\;ffnet werden \! \($dname\)";
die;
}
regards
ItsMe
Depending on what operating system you're on, you may need
binmode
And you don't need to \quote - < > ! ( ) . in qq strings
binmode
And you don't need to \quote - < > ! ( ) . in qq strings
ASKER
binmode ??? What di I have to change in the source ?
regards
ItsMe
regards
ItsMe
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
why is it dangerous ? tell me. i'm new in perl. does the open command executes system commands ???
yes, see
perldoc -f open
perldoc -f open
A simple way to protect yourself from trying to open a system command would be to say:
open(FILE, "<$dname") or &fehler;
and by the way,cc
perl -Mdiagnostics -wc
($dname,$trash) = split(/&/,@values[0]);
Scalar value @values[0] better written as $values[0] at - line 1 (#1)
(W) You've used an array slice (indicated by @) to select a single element of
an array. Generally it's better to ask for a scalar value (indicated by $).
The difference is that $foo[&bar] always behaves like a scalar, both when
assigning to it and when evaluating its argument, while @foo[&bar] behaves
like a list when you assign to it, and provides a list context to its
subscript, which can do weird things if you're expecting only one subscript.
On the other hand, if you were actually hoping to treat the array
element as a list, you need to look into how references work, because
Perl will not magically convert between scalars and lists for you. See
perlref.
open(FILE, "<$dname") or &fehler;
and by the way,cc
perl -Mdiagnostics -wc
($dname,$trash) = split(/&/,@values[0]);
Scalar value @values[0] better written as $values[0] at - line 1 (#1)
(W) You've used an array slice (indicated by @) to select a single element of
an array. Generally it's better to ask for a scalar value (indicated by $).
The difference is that $foo[&bar] always behaves like a scalar, both when
assigning to it and when evaluating its argument, while @foo[&bar] behaves
like a list when you assign to it, and provides a list context to its
subscript, which can do weird things if you're expecting only one subscript.
On the other hand, if you were actually hoping to treat the array
element as a list, you need to look into how references work, because
Perl will not magically convert between scalars and lists for you. See
perlref.
ASKER