Hello all, we want to let the users upload files from their local machine to our file server using the perl module Net::FTP the problem is when i upload a file from the development server i.e., the file in /var/www/html folder, its working fine, which i access using ssh. but when i upload a file fom a webpage, the script doesn't find the file. Help of any kind would deeply be appreciated. Rakesh Gupta
Here's how to upload the POSTed file to a FTP server. Code: #!/usr/bin/perl use CGI; use CGI::Carp qw/fatalsToBrowser warningsToBrowser/; use Net::FTP; my $q = new CGI; print "Content-Type: text/html\n\n"; if($q->param("File")) { # my $h = $q->upload("File"); open UP,">/tmp/$h"; binmode UP; while(<$h>) { print UP; } close UP; $ftp = Net::FTP->new("ftpserver.com", Debug => 0) or die "Cannot connect to ftpserver.com: $@"; # connect $ftp->login("ftpuser",'ftppassword') or die "Cannot login ", $ftp->message; # login $ftp->cwd("/pub") or die "Cannot change working directory ", $ftp->message; # change dir if required $ftp->binary(); # change the mode to binary $ftp->put("/tmp/$h","$h"); # upload the file $ftp->quit(); # close the control connection } else { print<<HTML; <form method="post" enctype="multipart/form-data"> <input type="file" name="File"> <input type="submit"> </form> HTML }
Hi pradeep, I tried this with taint mode on and perl says: Software error: Insecure dependency in open while running with -T switch at /var/www/cgi-bin/netftp.pl line 15.
Freeware CGI Scripts are available for download all over the Web. But how many of them are really secure? When you download a script do you check all the logic to make sure it is secure? Do you read through each line of code and anticipate all the ramifications? Most of the time the answer is "no". After all, the whole point of downloading software is to get it and run it for free WITHOUT having to do a lot of work. I'm writing this to tell you that there isn't any free lunch out there. The more complicated a CGI script is, the more likely you will want to find someone else who has already programmed it and avoid doing the work yourself. The problem is that regardless of how good the author is, every large program has a good probability of having bugs -- some of them may be security bugs. One very good way to lock out security bugs in Perl code is to turn on TAINT mode. TAINT mode puts a Perl script into "PARANOID" mode and treats ALL user supplied input as tainted and bad unless the programmer explicitly "OKs" the data. I guess here you are writing your own program, so you needn't use taint mode.
Thanks for the suggestion, Now i have also becomea lil more PARANOID towards free downloads. Thanks, Rakesh
I also have a question about using Net::FTP I am transfering large files from 1 server to another. When sending the files the webpage times out. How can I display a progress meter for each file being trensfered?