1#!/usr/bin/perl 2# 3# File Upload Script, slightly modified by Caolan.McNamara@ul.ie to 4# serve as a msword to html gateway. 5# original notice follows 6# 7# modify lines 89 & 401 for your own configuration. 8# 9# 10# 11# 12# File Upload Script Version 6.00 13# Created by Jeff Carnahan jeffc@terminalp.com 14# Created on: 4/8/95 Last Modified on: 01/23/98 23:06 15# Scripts Archive: http://www.terminalp.com/scripts/ 16# 17# --------------------------------------------------------------------- 18# 19# Copyright (C) 1996 Jeffrey D. Carnahan 20# 21# This program is free software; you can redistribute it and/or modify 22# it under the terms of the GNU General Public License as published by 23# the Free Software Foundation; either version 2 of the License, or (at 24# your option) any later version. 25# 26# This program is distributed in the hope that it will be useful, but 27# WITHOUT ANY WARRANTY; without even the implied warranty of 28# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 29# General Public License for more details. 30# 31# A full copy of the GNU General Public License can be retrieved from 32# http://www.terminalp.com/scripts/license.shtml 33# 34# - Jeff Carnahan <jeffc@terminalp.com 35# 36# --------------------------------------------------------------------- 37# Program Specific Quickie Notes: 38# * Make Sure The First Line Is Pointing To The Correct Location Of Perl 5. 39# * Make Sure This Program is chmodded with the permissions '755'. 40# 41# Version: Time Stamp: History: 42# ____________________________________________________________________ 43# 44# 1.00 04/08/96 00:00 The script was created. 45# 1.10 04/23/96 00:00 Added User and Group ID to allow file 46# changing by the actual user, also updated 47# a security hole which allowed any user with 48# the UID of 1376 to own the uploaded files. 49# Also Updated the INSTALL program and README 50# files. 51# 3.00 05/07/96 00:00 New release with group and user id fixes, it 52# updates a previously unreleased version (2.0) 53# 3.10 05/10/96 00:00 Stupid Typo in script fixed, it was 54# causing problems for some users. 55# 4.00 08/04/96 23:16 Security hole regarding '../' paths 56# fixed. Thanks to: Rus Berrett. Mime 57# type error fixed. Thanks to: Bob Stewart. 58# 4.01 08/07/96 11:20 Typo fixed in &NoOpen. Thanks to Marco 59# Dings. 60# 5.00 10/06/96 21:42 Fully rewrote script around CGI.pm library. 61# As soon as I get the time, I'll write more 62# features into it, but for now, this version 63# is stable (to the best of my knowledge). 64# 5.01 02/09/97 12:41 Fixed some typo's, and added support for 65# Netscape Communicator. 66# 5.02 05/07/97 15:37 Fixed a possible binary file uploading, 67# added easier support for NT, and fixed 68# documentation problems. Added the FAQ. 69# 5.03 06/19/97 17:30 Fixed a bug which resulted in all files 70# appearing to be less than one byte in 71# size, thus uploads weren't saved. 72# 6.00 01/23/98 23:06 Added multiple-file uploading. You can 73# now upload more than one file at a time. 74# Also added $MAXIMUM_UPLOAD variable to 75# restrict file upload sizes. Script 76# completely re-written. Removed buggy 77# NT support, and simplified variables. 78# CGI.pm is no longer bundled with this 79# script. If you need it, download it 80# from: 81# http://www.genome.wi.mit.edu/ftp/pub/software/WWW/cgi_docs.html 82# 83# --------------------------------------------------------------------- 84# Configurable Options Follow: 85# 86 87BEGIN { 88 89 $SAVE_DIRECTORY = "/tmp"; 90 # 91 # --> Variable: 92 # $SAVE_DIRECTORY 93 # --> Function: 94 # Defines the path to the directory 95 # on the server that should be used 96 # as the folder to save files into. 97 # --> Directory Permissions: 98 # a+rwx 99 # --> Additional Notes: 100 # This path should not have a 101 # trailing forward slash. Also 102 # remember that this is a path, not 103 # a URL. Use something similar to: 104 # 105 # /home/myself/www/uploads 106 # 107 108 $MAXIMUM_UPLOAD = 0; 109 # 110 # --> Variable: 111 # $MAXIMUM_UPLOAD 112 # --> Function: 113 # Defines the number of bytes that 114 # can be uploaded. Files that exceed 115 # this limit will not be saved on the 116 # server. 117 # --> Additional Notes: 118 # Set this to zero in order to 119 # disable size checking. 120 # 121 122 $ALLOW_INDEX = 0; 123 # 124 # --> Variable: 125 # $ALLOW_INDEX 126 # --> Function: 127 # If set to zero, files whose 128 # names begin with the word 129 # index will not be saved. 130 # 131 # Set to one to allow files 132 # named index* to be uploaded. 133 # --> Additional Notes: 134 # 135 136 $SUCCESS_LOCATION = "" 137 # 138 # --> Variable: 139 # $SUCCESS_LOCATION 140 # --> Function: 141 # Defines the URL that users 142 # should be redirected to if 143 # the script works properly. If 144 # this is left blank, a default 145 # page will be returned to the 146 # user. 147 # --> Additional Notes: 148 # This is a COMPLETE URL, not 149 # a path. 150} 151# 152# End of Configurable Options. 153# --------------------------------------------------------------------- 154# --------------------------------------------------------------------- 155# --> Do Not Change Anything Below This Line. <-- # 156# --------------------------------------------------------------------- 157# --------------------------------------------------------------------- 158 159 $| = 1; 160 chop $SAVE_DIRECTORY if ($SAVE_DIRECTORY =~ /\/$/); 161 use CGI qw(:standard); 162 $query = new CGI; 163 164 if ( (!(-e $SAVE_DIRECTORY)) || 165 (!(-W $SAVE_DIRECTORY)) || 166 (!(-d $SAVE_DIRECTORY)) ) { 167 print header; 168 print <<__END_OF_HTML_CODE__; 169 170 <HTML> 171 <HEAD> 172 <TITLE>Error: Bad Directory</TITLE> 173 </HEAD> 174 <BODY link="#CC0000" alink="#FF3300" vlink="#330099" text="#000000" bgcolor="#ffffff" background="../pics/weave.jpg"> 175 <table border=0 width=590> <!-- begin table--> 176 <tr> 177 <tr> 178 <td valign="top" width="110"> 179 <img src="../pics/sidebar.gif" usemap="#sidebar.gif" border="0"> 180 <br> 181 </td> 182 <td width="480"> <!-- total = 590 --> 183 184 185 <H1>Bad Directory</H1> 186 <P> 187 The directory you specified: 188 <BR> 189 <BLOCKQUOTE> 190 <TT>\$SAVE_DIRECTORY = "<B>$SAVE_DIRECTORY</B>";</TT> 191 </BLOCKQUOTE> 192 <BR> 193 is invalid. This problem is caused by one of the three following reasons: 194 <OL> 195 <LI>The directory doesn't exist. Make sure that this directory is a complete path name, not 196 a URL or something similar. It should look similar to <TT>/home/username/public_html/uploads</TT> 197 <P> 198 <LI>The directory isn't writable. Make sure that this directory is writable by all users. At 199 your UNIX command prompt, type <TT>chmod 777 $SAVE_DIRECTORY</TT> 200 <P> 201 <LI>The directory you specified isn't really a directory. Make sure that this is indeed a directory 202 and not a file. 203 </OL> 204 <HR SIZE=1> 205 </td> 206 </tr> 207 </table> 208 </BODY> 209 </HTML> 210 211__END_OF_HTML_CODE__ 212 exit; 213 } 214 215 foreach $key (sort {$a <=> $b} $query->param()) { 216 next if ($key =~ /^\s*$/); 217 next if ($query->param($key) =~ /^\s*$/); 218 next if ($key !~ /^file-to-upload-(\d+)$/); 219 $Number = $1; 220 221 if ($query->param($key) =~ /([^\/\\]+)$/) { 222 $Filename = $1; 223 $Filename =~ s/^\.+//; 224 $File_Handle = $query->param($key); 225 226 if (!$ALLOW_INDEX && $Filename =~ /^index/i) { 227 print header; 228 print <<__END_OF_HTML_CODE__; 229 230 <HTML> 231 <HEAD> 232 <TITLE>Error: Filename Problem</TITLE> 233 </HEAD> 234 <BODY link="#CC0000" alink="#FF3300" vlink="#330099" text="#000000" bgcolor="#ffffff" background="../pics/weave.jpg"> 235 <table border=0 width=590> <!-- begin table--> 236 <tr> 237 <tr> 238 <td valign="top" width="110"> 239 <img src="../pics/sidebar.gif" usemap="#sidebar.gif" border="0"> 240 <br> 241 </td> 242 <td width="480"> <!-- total = 590 --> 243 244 <H1>Filename Problem</H1> 245 <P> 246 You attempted to upload a file that isn't properly formatted. The system administrator 247 has decided that you can't upload files that begin with the word '<B>index</B>'. Please 248 rename the file on your computer, and try uploading it again. 249 <P> 250 <HR SIZE=1> 251 252 </td> 253 </tr> 254 </table> 255 </BODY> 256 </HTML> 257 258__END_OF_HTML_CODE__ 259 exit; 260 } 261 } else { 262 $FILENAME_IN_QUESTION = $query->param($key); 263 264 print header; 265 print <<__END_OF_HTML_CODE__; 266 267 <HTML> 268 <HEAD> 269 <TITLE>Error: Filename Problem</TITLE> 270 </HEAD> 271 <BODY link="#CC0000" alink="#FF3300" vlink="#330099" text="#000000" bgcolor="#ffffff" background="../pics/weave.jpg"> 272 <table border=0 width=590> <!-- begin table--> 273 <tr> 274 <tr> 275 <td valign="top" width="110"> 276 <img src="../pics/sidebar.gif" usemap="#sidebar.gif" border="0"> 277 <br> 278 </td> 279 <td width="480"> <!-- total = 590 --> 280 281 282 <H1>Filename Problem</H1> 283 <P> 284 You attempted to upload a file that isn't properly formatted. The file in question 285 is <TT><B>$FILENAME_IN_QUESTION</B></TT> Please rename the file on your computer, and 286 attempt to upload it again. Files may not have forward or backward slashes in their 287 names. Also, they may not be prefixed with one (or more) periods. 288 <P> 289 <HR SIZE=1> 290 291 </td> 292 </tr> 293 </table> 294 </BODY> 295 </HTML> 296 297__END_OF_HTML_CODE__ 298 exit; 299 } 300 301 if (!open(OUTFILE, ">$SAVE_DIRECTORY\/$Filename")) { 302 print "Content-type: text/plain\n\n"; 303 print "-------------------------\n"; 304 print "Error:\n"; 305 print "-------------------------\n"; 306 print "File: $SAVE_DIRECTORY\/$Filename\n"; 307 print "-------------------------\n"; 308 print "There was an error opening the Output File\n"; 309 print "for Writing.\n\n"; 310 print "Make sure that the directory:\n"; 311 print "$SAVE_DIRECTORY\n"; 312 print "has been chmodded with the permissions '777'.\n\n"; 313 print "Also, make sure that if your attempting\n"; 314 print "to overwrite an existing file, that the\n"; 315 print "existing file is chmodded '666' or better.\n\n"; 316 print "The Error message below should help you diagnose\n"; 317 print "the problem.\n\n"; 318 print "Error: $!\n"; 319 exit; 320 } 321 322 undef $BytesRead; 323 undef $Buffer; 324 325 while ($Bytes = read($File_Handle,$Buffer,1024)) { 326 $BytesRead += $Bytes; 327 print OUTFILE $Buffer; 328 } 329 330 push(@Files_Written, "$SAVE_DIRECTORY\/$Filename"); 331 $TOTAL_BYTES += $BytesRead; 332 $Confirmation{$File_Handle} = $BytesRead; 333 334 close($File_Handle); 335 close(OUTFILE); 336 337 chmod (0666, "$SAVE_DIRECTORY\/$Filename"); 338 } 339 340 $FILES_UPLOADED = scalar(keys(%Confirmation)); 341 342 343 if ($TOTAL_BYTES > $MAXIMUM_UPLOAD && $MAXIMUM_UPLOAD > 0) { 344 foreach $File (@Files_Written) { 345 unlink $File; 346 } 347 348 print header; 349 print <<__END_OF_HTML_CODE__; 350 351 <HTML> 352 <HEAD> 353 <TITLE>Error: Limit Reached</TITLE> 354 </HEAD> 355 <BODY link="#CC0000" alink="#FF3300" vlink="#330099" text="#000000" bgcolor="#ffffff" background="../pics/weave.jpg"> 356 <table border=0 width=590> <!-- begin table--> 357 <tr> 358 <tr> 359 <td valign="top" width="110"> 360 <img src="../pics/sidebar.gif" usemap="#sidebar.gif" border="0"> 361 <br> 362 </td> 363 <td width="480"> <!-- total = 590 --> 364 365 <H1>Limit Reached</H1> 366 <P> 367 You have reached your upload limit. You attempted to upload <B>$FILES_UPLOADED</B> files, totalling 368 <B>$TOTAL_BYTES</B>. This exceeds the maximum limit of <B>$MAXIMUM_UPLOAD</B> bytes, set by the system 369 administrator. <B>None</B> of your files were successfully saved. Please try again. 370 <P> 371 <HR SIZE=1> 372 373 </td> 374 </tr> 375 </table> 376 </BODY> 377 </HTML> 378 379__END_OF_HTML_CODE__ 380 exit; 381 } 382 383 if ($SUCCESS_LOCATION !~ /^\s*$/) { 384 print $query->redirect($SUCCESS_LOCATION); 385 } else { 386 387 388 print header; 389 $command = join(' ',"/opt/bin/xlhtml -a ","\"$SAVE_DIRECTORY\/$Filename\""); 390 system($command); 391 system "rm -f $SAVE_DIRECTORY/$Filename"; 392 393 foreach $key (keys (%Confirmation)) { 394 print "$key - $Confirmation{$key} bytes\n"; 395 } 396 397 print <<__END_OF_HTML_CODE__; 398 399 <P> 400 <HR SIZE=1> 401__END_OF_HTML_CODE__ 402 exit; 403 } 404 405# --------------------------------------------------------------------- 406# EOF 407
