Solved

robust upload file without CGI.pm

Posted on 2006-10-25
12
853 Views
Last Modified: 2013-12-25
Hi,
Im trying to make a perl-CGI upload script without the CGI.pm module. I know its easier but I want to understand several things. First my upload.html has several fields (and a file input box) and submits via ENCTYPE="multipart/form-data", so when my CGI grabs it all (from POST) via STDIN, I get some strings like:

-----------------------------7d61b51b10426
Content-Disposition: form-data; name="email_address"

mailadd@hotmail.com
-----------------------------7d61b51b10426
Content-Disposition: form-data; name="Submit"

Submit Form
-----------------------------7d61b51b10426--

I was wondering if anyone has a quick way to parse this? Maybe turn it into hashes or something? Also in this is the binary content of the file I uploaded, so Im also trying to not only get field values, but also upload a file (without the CGI module).
Thanks.
0
Comment
Question by:Traltixx
  • 5
  • 2
  • 2
  • +2
12 Comments
 
LVL 84

Expert Comment

by:ozo
ID: 17808962
could you use CGI::Minimal;
0
 
LVL 8

Expert Comment

by:Perl_Diver
ID: 17809209
Can you show the code you use that produced the output you posted?
0
 
LVL 2

Author Comment

by:Traltixx
ID: 17809224
well, I cant use the CGI module at all, so no, I cant use CGI::Minimal.
And code that produced that?
The perl snippet is:
print "\n\nStandard Input:\n";
if ($ENV{'REQUEST_METHOD'}  eq "POST") {
      read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
      print $in;
      }
and the HTML snippet is something like:

<FORM ACTION="upload.cgi" METHOD="post" ENCTYPE="multipart/form-data">
  File to Upload: <INPUT TYPE="file" NAME="filex">
     <br><br>
      Your Email Address: <INPUT TYPE="text" NAME="email_address">
       <br><br>
        <INPUT TYPE="submit" NAME="Submit" VALUE="Submit Form">
       </FORM>

0
 
LVL 84

Expert Comment

by:ozo
ID: 17809244
the CGI::Minimal module is not the CGI module
0
 
LVL 2

Author Comment

by:Traltixx
ID: 17809843
it isnt? is there an example of how to use/upload files with this?
0
 
LVL 2

Author Comment

by:Traltixx
ID: 17809893
OK, i've had a look and it seems that CGI::minimal is a whole module alltogether. I suppose I should change my question to, not using CGI.pm or any downloaded modules (because i cant download them).
Is there another way of doing this?
Thanks alot again!
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 17811854
you have to parse the HTTP header *and* the POST data line by line yourself.
From the header you need to get the value of the Content-Type and extract the boundary string.
Then you need to parse the POST data and search the boundary  string followed by a
  Content-Disposition: form-data; name="whatever"
wher "whatever" is your variable name from the HTML form.
While parsing you need to count the bytes of the data you ignore, the remaining ones 'til the value of the Content-Length *or* #til next boundary string is your file's data.

Simple, isn't it?
You better go with a redy-to-use module. Or go and get one and steal the code from there, if you like the hard way ;-)
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17814754
Why can't you download them?  Is this a homework/assignment question?
0
 
LVL 2

Author Comment

by:Traltixx
ID: 17816347
I cant download them because its a personal restraint (i.e. im trying to understand CGI more by relying less on modules and doing everything standalone).
That is why i was wondering if anyone knew a quick way of parsing the POST data bymyself since if I did it, i would have missed some things due to the nature of my test cases.
Anyway, it seems that there is a more minimal module than CGI::minimal, namely cgi-lib.pl ( http://cgi-lib.berkeley.edu/#intro )
thanks for the info anyway for cgi::minimal
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17816828
cgi-lib is a not a particularly good example to study as it is so out of date and doesn't conform to all the latest standards.  It was good in its day when there wasn't any other choice.

If you really want to learn more about CGI, I'd suggest studying the CGI spec

http://www.w3.org/CGI/

and studying the code of CGI::Minimal or CGI (admittedly, it's not particularly easy code to read as it uses many tricks to be as efficient and broad based as possible)
0
 
LVL 8

Accepted Solution

by:
Perl_Diver earned 350 total points
ID: 17817438
I'm going to wash my hands after posting this. This is a crude way of parsing the from data into a hash:

my %IN = read_parse();

sub read_parse {

   my $buffer;
   if ($ENV{'REQUEST_METHOD'} eq 'GET') {
      $buffer = $ENV{'QUERY_STRING'};
   }
   elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
      read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
   }
   else {die "Invalid request method";}

  my @pairs = split(/&/, $buffer);
   foreach (@pairs) {
      my($name, $value) = split(/=/, $_);
      $value =~ tr/+/ /;
      $value =~ s/%([a-fA-F0-9]{2})/pack("c", hex($1))/eg;
      if (defined($IN{$name})){$IN{$name} .= "\0";}
      $IN{$name} .= $value;
   }
   return %IN;
}

the above is not recommended but it might give you some insight.
 
0
 
LVL 2

Author Comment

by:Traltixx
ID: 17817451
yes, cgi-lib.pl is rather out of date, but it seems to be fine.
Also thanks for the snippet (although it doesnt work really well with uploading file but i found what i was looking for).
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Batch, VBS, and scripts in general are incredibly useful for repetitive tasks.  Some tasks can take a while to complete and it can be annoying to check back only to discover that your script finished 5 minutes ago.  Some scripts may complete nearly …
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now