Actually what my problem is is that I am using a cgi program called Webmin (google it) to host files at my school (I am a student) and I am trying to make it so that other students can upload files and such... but that's not THE problem. The problem is that the user files are stored outside of the directory that the server serves... ie /dir/users/ (the computer is running linux redhat)
If I had a script that could fetch files my problem would be solved... so have this script in the main server directory and then have it get files from another directory and display them (ie get.cgi?user=student&file=index.html)
Where student is the username (directory) and file is the file that you want...
thanks!
if (-f "path_to_other/$qs{'student'}/$qs{'file'}") {
open(FILE,"path_to_other/$qs{'student'}/$qs{'file'}") or &error("Cannot open file: $!");
while ($line = <FILE>) { $out .= $line; }
close (FILE);
print "content-type: text/html\n\n";
print $out;
exit 0;
}
else { &error("File does not exist."); }
This is, of course, assuming your uid has permissions to read this other directory - if you do not, $! will tell you so. You can do this from a list or assemble some scheme for reading in multiple directories, but this should work.
Imagine if the user passed "file=../../../../etc/passwd"...
-Bill
Even so, you're correct - what is required here is to cleanse the data, if the incoming query string is not within a list of valid directories, error out.
