如何处理HTTP文件上传?
答
只是一个注意事项:但是你会写它,不要保存在一个可从您的网络服务器访问的地方。
现在到了一个地步:下面是我用了一段时间的照片上传的脚本。它可能需要一些调整,但应该告诉你方式。
由于图像没有上传到web-accesible目录,因此我们有单独的进程检查它,调整大小,放置水印并将其放置在可以访问的位置。
#!/usr/bin/perl -wT
use strict;
use CGI;
use CGI::Carp qw (fatalsToBrowser);
use File::Basename;
$CGI::POST_MAX = 1024 * 5000;
my $safe_filename_characters = "a-zA-Z0-9_.-";
my $upload_dir = "/home/www/upload";
my $query = new CGI;
my $filename = $query->param("photo");
my $email_address = $query->param("email_address");
if (!$filename)
{
print $query->header ();
print "There was a problem uploading your photo (try a smaller file).";
exit;
}
my ($name, $path, $extension) = fileparse ($filename, '\..*');
$filename = $name . $extension;
$filename =~ tr/ /_/;
$filename =~ s/[^$safe_filename_characters]//g;
if ($filename =~ /^([$safe_filename_characters]+)$/)
{
$filename = $1;
}
else
{
die "Filename contains invalid characters";
}
my $upload_filehandle = $query->upload("photo");
open (UPLOADFILE, ">$upload_dir/$filename") or die "$!";
binmode UPLOADFILE;
while (<$upload_filehandle>)
{
print UPLOADFILE;
}
close UPLOADFILE;
print $query->header ();
print <<END_HTML;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Thanks!</title>
</head>
<body>
<p>Thanks for uploading your photo!</p>
</body>
</html>
END_HTML
在perl5.6及更高版本中,可以将文件打开模式从文件名中分离出来,使其更“安全”,例如打开(my $ fh,“>”,$ file_name)或者“无法打开$ filename :$!“。在5.8及更高版本中,您甚至可以使用“ - |”或“| - ”,并使用数组作为更安全的fork/execs的剩余参数。 – runrig 2008-10-02 15:16:48