CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Advanced:
fileparse and $query->param('Image_Upload')

 



razman
Novice

Jun 14, 2009, 9:49 AM

Post #1 of 8 (4142 views)
fileparse and $query->param('Image_Upload') Can't Post

Question One:

I posted this on the beginners forum but received no results. Because of that, I thought I would repost with the experts.

The author of a file upload script (KevinR) has the following comments and code within the script.

# get the filename and the file extension
# this could be used to filter out unwanted filetypes
# see the File::Basename documentation for details
my ($filename,undef,$ext) = fileparse($file,qr{\..*});

This page tells me what fileparse is doing: http://perldoc.perl.org/File/Basename.html

Am I correct to understand that ultimately $ext contains the file extension.

Now what? How do I only allow .jpg uploads?

Thanks for pointing me in the right direction.

Question Two:

I am using an HTML form with <input type=file name="Image_Upload">. Yes, the action statement includes ...METHOD="post" ENCTYPE="multipart/form-data">

Within the Perl script, I am using $Image_Upload=$query->param('Image_Upload');

My script works with Internet Explorer 7, but not with Firefox or Opera. I am guessing that the information contained in "Image_Upload" is determined by the browser's internal coding, and I also imagine that coding follows (or should) some RFC somewhere.

It is apparent that IE, Firefox, and Opera are each bringing something different to the "Image_Upload" table. How do I sort this out?

Thanks, Rich


KevinR
Veteran


Jun 14, 2009, 10:20 AM

Post #2 of 8 (4141 views)
Re: [razman] fileparse and $query->param('Image_Upload') [In reply to] Can't Post

Yes, $ext stores the value of the file extension. As far as using this feature to filter file extensions, here is a brief example of how it can be done:


Code
use File::Basename; 
my @ext_list = qw(jpeg jpg);
my $filename = 'path/to/frog.gif';
my ($name,undef,$ext) = fileparse($filename,@ext_list);
print "<$name> <$ext>";


Now change frog.gif to frog.jpg and rerun the code and see what happens.

Because gif is not in the array File::Basename will not assign it to $ext: $ext will be left undefined. So you can check if $ext has a true/false value and proceed from there, something like:


Code
use File::Basename; 
my @ext_list = qw(jpeg jpg);
my $filename = 'path/to/frog.gif';
my ($name,undef,$ext) = fileparse($filename,@ext_list);
unless ($ext) {
print "Invalid file extension";
exit(0); #<-- or whatever you want to do from here
}


Note that this is a primitive filtering routine because its only checking the file extension. This is generally an indication that the file is what the extension says it should be, but not always. Someone could name a text file with a jpg extension and the script will thinks its valid. For more secure (but not bullet-proof) MIME type filtering you can use File::MimeInfo::Magic and there may be other modules too that can be used to do a more indepth check of a file.

You second question is too vague. You have to try and explain the problem you are having. Just saying it works with IE is not enough information. But maybe this is what your code should be:


Code
$Image_Upload=$query->upload('Image_Upload');


Where did you get the uploader code from?
-------------------------------------------------


razman
Novice

Jun 21, 2009, 8:19 AM

Post #3 of 8 (4112 views)
Re: [razman] fileparse and $query->param('Image_Upload') [In reply to] Can't Post

You said:

You second question is too vague. You have to try and explain the problem you are having. Just saying it works with IE is not enough information. But maybe this is what your code should be:


Code
 $Image_Upload=$query->upload('Image_Upload');



I reply:

Here's the upload code. I am not the author. I am reverse engineering the code due to lack of support by the author: $Image_Upload=$query->param('Image_Upload');

I think the following line is my problem:

if (($Image_Upload=~?/\\/ || $Image_Upload=~/\:/ || $checkcontent) && $Image_Upload!~/delete/i){

I translate that line to read: if i get a pattern match on \ OR if I get a pattern match on : OR if $checkcontent is true AND I do not get a pattern match on delete, THEN DO THIS....

In the script that I am reverse engineering, the "then do this" part works perfectly with Internet Explorer 7, but does not work with Internet Explorer 8. What changed? My original question in the post asked what does $query->param('Image_Upload') bring to the table to work with? Apparently in IE7 it brought either a slash \ or a colon :

Thanks, Rich


KevinR
Veteran


Jun 21, 2009, 9:05 AM

Post #4 of 8 (4109 views)
Re: [razman] fileparse and $query->param('Image_Upload') [In reply to] Can't Post

You said the author was KevinR, did you not notice that is me?

You're right about one thing, I do not provide "support" for code I post because its free code. But I do try and help people using code I wrote when I can, via the various forums I post on.

l can tell you this though, IE8 is a bucket of crap browser and I simply can't help you with its inability to function properly.

As it is I am trying to help you but you didn't answer my question about where you got the code from.

And that bit of code you posted does not look like anything I wrote so I am becoming sceptical that you have code that I wrote. I think the only other forum I post on as KevinR is sitepoint, and the code posted on Sitepoint does not have the line you posted.

http://www.sitepoint.com/forums/showpost.php?p=3457533&postcount=144

Not even Matt Doyles somewhat plagarized code has that line in it.

Post a link to where you got the code from if you want me to try and continue to help you.
-------------------------------------------------


(This post was edited by KevinR on Jun 21, 2009, 9:08 AM)


razman
Novice

Jun 21, 2009, 8:12 PM

Post #5 of 8 (4097 views)
Re: [razman] fileparse and $query->param('Image_Upload') [In reply to] Can't Post

Interesting response.

I reviewed my post, and I do not see anywhere that I say that KevinR is the author. I DO say that the author is non-responsive to fixing his code. YOU are not the author. The script in question is about seven or more years old. This thread to you, KevinR, is a followup to a post I made a month or more ago where I asked for your help. Do a search on my nickname to refresh your memory.

I appreciated your past support. I appreciate your current support. I appreciate that you provided an image upload script that works. BUT... the script I am trying to repair... to de-engineer/understand, is code that YOU DID NOT AUTHOR. My post to you was to ask you for your assistance.

I try hard to understand the issues presented to me by IE8. I pour over and read and read and read my Perl manual to get educated to understand seven year old code. When I get stuck, I turn to the forum.

Regards, Rich


KevinR
Veteran


Jun 21, 2009, 10:27 PM

Post #6 of 8 (4095 views)
Re: [razman] fileparse and $query->param('Image_Upload') [In reply to] Can't Post

 

Quote
the author of a file upload script (KevinR) has the following comments and code within the script.


maybe I misunderstood you. But you make it seem as If I am the authuor and your first post is quoting some code I wrote:

# get the filename and the file extension
# this could be used to filter out unwanted filetypes
# see the File::Basename documentation for details
my ($filename,undef,$ext) = fileparse($file,qr{\..*});

Which is posted on bytes.com

http://bytes.com/topic/perl/insights/672398-how-upload-files-using-cgi-pm-module-perl

So I was assuming I was the author of the code based on that. On the bytes.com forum I post as KevinADC as I do on a number of forums.
-------------------------------------------------


(This post was edited by KevinR on Jun 21, 2009, 10:35 PM)


razman
Novice

Jun 22, 2009, 8:12 AM

Post #7 of 8 (4077 views)
Re: [KevinR] fileparse and $query->param('Image_Upload') [In reply to] Can't Post

If you read the post you excerpted, you will see it's a two-part question. The first part asked about $ext and how to use that to qualify filtering. That's where your code is displayed. I did my homework on your suggested reading and wanted to understand that I understood the documentation correctly.

The second question is about IE7 versus IE8. Your code is not in question.


KevinR
Veteran


Jun 22, 2009, 8:34 AM

Post #8 of 8 (4076 views)
Re: [razman] fileparse and $query->param('Image_Upload') [In reply to] Can't Post

OK. All I can tell you is that IE8 has known issues, but I can't help solving those issues. Maybe ask on www.stackoverflow.com
-------------------------------------------------

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives