Possible CGI.pm defect

[Moulin Kluge]

Hello all,

I'm using CGI.pm to upload a file to the web server, and it worked
using Redhat 7.3. I upgraded to 9, using Apache2.0.40, mod_perl 1.99,
and 3.04 of CGI.pm, and it no longer works. Here's the error log I
get:

[Tue Jan 27 16:47:34 2004] -e: Use of uninitialized value in <HANDLE>
at /var/www/cgi-bin/trakker/test.pl line 541.
[Tue Jan 27 16:47:34 2004] -e: readline() on unopened filehandle at
/var/www/cgi-bin/trakker/test.pl line 541.

The reason I think that's may be a problem with CGI.pm is because I
can remove an included module that also uses CGI.pm, and the code
works again, making me think that somehow multiple CGI objects are
interacting and invalidating the file upload handle. Here's the code,
in case I'm doing something funny that I'm not seeing:

my $uploadfile = $query->param('uploadfile');
my $filename;

if ($uploadfile =~ /([^\/\\]+)$/)
{
$filename="$1";
}
else
{
$filename="$uploadfile";
}

my $writefile = "$conf{uploaddir}/$filename";

open(OUTFILE,">$writefile")
or die "Problem writing file after upload";

binmode OUTFILE;

while (<$uploadfile>)
{
print OUTFILE $_;
}

close(OUTFILE);

Thanks for any help.

 

[A. Sinan Unur]

(e-mail address removed) (Moulin Kluge) wrote in @posting.google.com:

Hello all,

I'm using CGI.pm to upload a file to the web server, and it worked
using Redhat 7.3. I upgraded to 9, using Apache2.0.40, mod_perl 1.99,
and 3.04 of CGI.pm, and it no longer works. Here's the error log I
get:

[Tue Jan 27 16:47:34 2004] -e: Use of uninitialized value in <HANDLE>
at /var/www/cgi-bin/trakker/test.pl line 541.
[Tue Jan 27 16:47:34 2004] -e: readline() on unopened filehandle at
/var/www/cgi-bin/trakker/test.pl line 541.

I have no idea what your problem is because you have not provided a short
example that we can run and test.

The reason I think that's may be a problem with CGI.pm is because I
can remove an included module that also uses CGI.pm, and the code
works again, making me think that somehow multiple CGI objects are
interacting and invalidating the file upload handle.

I have read this sentence several times but I cannot understand what you
are talking about. What is this other module? If everything works when
you remove the mystery module, why do assume the problem is with CGI.pm?

Here's the code, in case I'm doing something funny that I'm not
seeing:

There are many funny things with the code. Have you actually read:

http://search.cpan.org/~lds/CGI.pm-
3.04/CGI.pm#CREATING_A_FILE_UPLOAD_FIELD

my $uploadfile = $query->param('uploadfile');
my $filename;

if ($uploadfile =~ /([^\/\\]+)$/)

Ouch. You could just use $uploadfile =~ !([^/\]+)$!

OTOH, why are you even doing this? $uploadfile is the name of the file on
the system the web site visitor is using. This seems like a meaningless
check to me.

{
$filename="$1";

Don't quote everything you see. This is a FAQ. Do read the FAQ.

}
else
{
$filename="$uploadfile";
}

ditto.

my $writefile = "$conf{uploaddir}/$filename";
ditto.


open(OUTFILE,">$writefile")
or die "Problem writing file after upload";

binmode OUTFILE;

while (<$uploadfile>)
{
print OUTFILE $_;
}

close(OUTFILE);

Thanks for any help.

Read http://search.cpan.org/~lds/CGI.pm-
3.04/CGI.pm#CREATING_A_FILE_UPLOAD_FIELD

 

[Uri Guttman]

ASU> Don't quote everything you see. This is a FAQ. Do read the FAQ.

agreed on both points.

ASU> ditto.

ditto

ASU> ditto.

that needs the quotes.

uri

 

[A. Sinan Unur]

ASU> ditto.

that needs the quotes.

uri

Hey, thanks for catching that. I went a little overboard on my dittos.

On the other hand, I do prefer catfile in File::Spec to this style.