Halaman utama Jelajahi Bantuan
Masuk
kensanata
/
oddmuse
Liatin 4
Bintangi 3
Fork 0
Berkas Masalah 0 Tarik Permintaan 0 Wiki
Cabang: main
Ranting Tag
oddmuse
/
modules
/
upload.pl

upload.pl 2.9 KB
Permalink Riwayat Mentahan

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 
  1. #!/usr/bin/perl
    2. 

  2. # Copyright (C) 2014  Alex-Daniel Jakimenko <alex.jakimenko@gmail.com>
    3. 

  3. 

  4. # This program is free software: you can redistribute it and/or modify it under
    5. 

  5. # the terms of the GNU General Public License as published by the Free Software
    6. 

  6. # Foundation, either version 3 of the License, or (at your option) any later
    7. 

  7. # version.
    8. 

  8. #
    9. 

  9. # This program is distributed in the hope that it will be useful, but WITHOUT
    10. 

  10. # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
    11. 

  11. # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
    12. 

  12. #
    13. 

  13. # You should have received a copy of the GNU General Public License along with
    14. 

  14. # this program. If not, see <http://www.gnu.org/licenses/>.
    15. 

  15. 

  16. use strict;
    17. 

  17. use v5.10;
    18. 

  18. use CGI;
    19. 

  19. #use CGI::Carp qw ( fatalsToBrowser );
    20. 

  20. use File::Basename;
    21. 

  21. 

  22. AddModuleDescription('upload.pl');
    23. 

  23. 

  24. $CGI::POST_MAX = 1024 * 100000;
    25. 

  25. my $filenameWhitelist = 'a-zA-Z0-9_.-';
    26. 

  26. my @additionalChars = ('A'..'Z', 'a'..'z', '0'..'9');
    27. 

  27. my $urlStart = 'http://files.YOURDOMAIN.org/'; # CHANGE THIS
    28. 

  28. my $uploadDir = '../upload/';
    29. 

  29. my $logFile = '../upload.log';
    30. 

  30. my %keys = qw(justletmeupload you); # CHANGE THIS
    31. 

  31. 

  32. sub squeak {
    33. 

  33.   say shift;
    34. 

  34.   die;
    35. 

  35. }
    36. 

  36. 

  37. my $q = new CGI;
    38. 

  38. print $q->header();
    39. 

  39. 

  40. if (not exists $keys{$q->param("key")}) {
    41. 

  41.   squeak 'Error: Not authorized to upload';
    42. 

  42. }
    43. 

  43. 

  44. if (not $q->param("fileToUpload0")) {
    45. 

  45.   squeak 'Error: There was a problem uploading your file (try a smaller file)';
    46. 

  46. }
    47. 

  47. 

  48. for (my $i=0; $q->param("fileToUpload$i"); $i++) {
    49. 

  49.   if ($i >= 100) { # Uploading more than 100 files? What?
    50. 

  50.     squeak 'Error: Cannot upload more than 100 files at once';
    51. 

  51.   }
    52. 

  52. 

  53.   my $curFilename = substr $q->param("fileToUpload$i"), -100;
    54. 

  54. 

  55.   my($name, $path, $extension) = fileparse($curFilename, '\..*');
    56. 

  56.   $name =~ tr/ /_/;
    57. 

  57.   $name =~ s/[^$filenameWhitelist]//g;
    58. 

  58.   $extension =~ tr/ /_/;
    59. 

  59.   $extension =~ s/[^$filenameWhitelist]//g;
    60. 

  60. 

  61.   $curFilename = $name . $extension;
    62. 

  62. 

  63.   while (IsFile("$uploadDir/$curFilename")) { # keep adding random characters until we get unique filename
    64. 

  64.     squeak 'Error: Cannot save file with such filename' if length $curFilename >= 150; # cannot find available filename after so many attempts
    65. 

  65.     $name .= $additionalChars[rand @additionalChars];
    66. 

  66.     $curFilename = $name . $extension;
    67. 

  67.   }
    68. 

  68. 

  69.   if ($curFilename =~ /^([$filenameWhitelist]+)$/) { # filename is already safe, but we have to untaint it
    70. 

  70.     $curFilename = $1;
    71. 

  71.   } else {
    72. 

  72.     squeak 'Error: Filename contains invalid characters'; # this should not happen
    73. 

  73.   }
    74. 

  74.   open(my $LOGFILE, '>>', encode_utf8($logFile)) or squeak "$!";
    75. 

  75.   print $LOGFILE $q->param("key") . ' ' . $ENV{REMOTE_ADDR} . ' ' . $curFilename . "\n";
    76. 

  76.   close $LOGFILE;
    77. 

  77. 

  78.   my $uploadFileHandle = $q->upload("fileToUpload$i");
    79. 

  79.   open(my $UPLOADFILE, '>', encode_utf8("$uploadDir/$curFilename")) or squeak "$!";
    80. 

  80.   binmode $UPLOADFILE;
    81. 

  81.   while (<$uploadFileHandle>) {
    82. 

  82.     print $UPLOADFILE;
    83. 

  83.   }
    84. 

  84.   close $UPLOADFILE;
    85. 

  85.   if ($q->param("nameOnly")) {
    86. 

  86.     print "$curFilename\n";
    87. 

  87.   } else {
    88. 

  88.     print "$urlStart$curFilename\n";
    89. 

  89.   }
    90. 

  90. }
    91. 

  91.