1. Home
  2. Forums Index
  3. Server Side / Perl Server Side CGI Scripting 8:46 am May 21, 2026

Forum Moderators: coopster & phranque

Message Too Old, No Replies

File Type using cgi-lib.pl

Verify File Type before Uploading to Server

         

bncooper

8:53 am on Aug 13, 2005 (gmt 0)



I am using the upload script that is available on the cgi-lib.pl home page for uploading files and receiving other form data. This script has some features like restricting the size of the file to be uploaded and also for setting the path of the directory on the server that the file needs to go to. However, there is no way to determine the type of the file being uploaded. I want only MS Word (.doc) or Rich Text Format (.rtf) files to be uploaded and nothing else. Is there a way of doing this with cgi-lib.pl. If not, is there a way of doing it without cgi-lib.pl. I started with cgi-lib.pl and am sticking with it. There is tremendous presure on me to switch to CGI.pm, but that would be quite a difficult task for me.

The code of this script is: 


#!/usr/bin/perl
# Copyright (c) 1996 Steven E. Brenner
# $Id: fup.cgi,v 1.2 1996/03/30 01:35:32 brenner Exp $
use CGI::Carp qw(fatalsToBrowser);
require "./cgi-lib.pl";
$ref_number = 12345;
#Delete old file
$delfile = "/home/easy/public_html/cvs/$ref_number.doc";
unlink $delfile;
# When writing files, several options can be set... here we just set one
# Limit upload size to avoid using too much memory
$cgi_lib'maxdata = 50000;
$cgi_lib'writefiles = "/home/easy/public_html/cvs";
# Start off by reading and parsing the data. Save the return value.
# We could also save the file's name and content type, but we don't
# do that in this example.
$ret = &ReadParse;
# A bit of error checking never hurt anyone
&CgiDie("Error in reading and parsing of CGI input") if!defined $ret;
&CgiDie("No data uploaded", "Please enter it in <a href='fup.html'>fup.html</a>.")
if!$ret;
# Munge the uploaded text so that it doesn't contain HTML elements
# This munging isn't complete -- lots of illegal characters are left as-is.
# However, it takes care of the most common culprits.
$in{'upfile'} =~ s/</&lt;/g;
$in{'upfile'} =~ s/>/&gt;/g;
$uploadedfile = $in{'upfile'};
rename($uploadedfile, "/home/easy/public_html/cvs/"."$ref_number".".doc");
# Now produce the result: an HTML page...
#print &PrintHeader;
print &HtmlTop("File Upload Results");
print <<EOT;
<p>You've uploaded a file $uploadedfile. Your notes on the file were:<br>
<blockquote>$in{'note'}</blockquote><br>
EOT
print &HtmlBot;

Any help in this regard will be appreciated. This is one stumbling block I really must overcome. The other uploading scripts available on the web do not allow me to include other data, only the file.

Thanks.

WWMike

1:36 am on Aug 14, 2005 (gmt 0)

10+ Year Member



First, read this:

[search.cpan.org...]

I think you'll have to allow the upload and delete the file afterward if it has an unallowable extension or rely on JavaScript to check the extension before you post.

KevinADC

1:58 am on Aug 14, 2005 (gmt 0)

10+ Year Member



Note the article is almost 10 years old! There are zero reason to continue using cgi-lib.pl with any new code, and old code should be ported over.

Didn't you try File::Type?

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Perl Server Side CGI Scripting 8:46 am May 21, 2026