homepage Welcome to WebmasterWorld Guest from 54.227.34.0
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
Forum Library, Charter, Moderators: coopster & jatar k & phranque

Perl Server Side CGI Scripting Forum

    
CGI and Linux
sabongio

10+ Year Member



 
Msg#: 4082 posted 10:01 pm on Jun 1, 2005 (gmt 0)

I need help having CGI fetch pages/files in a selected directory...

Actually what my problem is is that I am using a cgi program called Webmin (google it) to host files at my school (I am a student) and I am trying to make it so that other students can upload files and such... but that's not THE problem. The problem is that the user files are stored outside of the directory that the server serves... ie /dir/users/ (the computer is running linux redhat)

If I had a script that could fetch files my problem would be solved... so have this script in the main server directory and then have it get files from another directory and display them (ie get.cgi?user=student&file=index.html)

Where student is the username (directory) and file is the file that you want...

thanks!

 

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4082 posted 1:01 am on Jun 2, 2005 (gmt 0)

user=student&file=index.html)

if (-f "path_to_other/$qs{'student'}/$qs{'file'}") {
open(FILE,"path_to_other/$qs{'student'}/$qs{'file'}") or &error("Cannot open file: $!");
while ($line = <FILE>) { $out .= $line; }
close (FILE);

print "content-type: text/html\n\n";
print $out;
exit 0;
}
else { &error("File does not exist."); }

This is, of course, assuming your uid has permissions to read this other directory - if you do not, $! will tell you so. You can do this from a list or assemble some scheme for reading in multiple directories, but this should work.

wdr1



 
Msg#: 4082 posted 6:32 am on Jun 2, 2005 (gmt 0)

Careful... it's really easy to shoot yourself in the foot doing something like this & open a significant security whole in your system.

Imagine if the user passed "file=../../../../etc/passwd"...

-Bill

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4082 posted 4:43 pm on Jun 2, 2005 (gmt 0)

Bills rool. :-) Well if an admin still has their passwd file named passwd and in the default location, and any uid has permissions to it, wouldn't you say they had it coming?

Even so, you're correct - what is required here is to cleanse the data, if the incoming query string is not within a list of valid directories, error out.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved