[500 Credits] To help debug Upload Form CGI/Perl

[gillapsfi]

I'm exhausted. I've tried everything I know. 500 credits to anyone who can get this working.

*notes
the error log simply says:
[error] File does not exist: /home/gillapsf/public_html/designsolutions/500.shtml, referer: http://www.designsolutions.gillincorporated.org/contact.html

permissions to the folders: guest, cgi-bin: 777
permissions to the file: upload.cgi: 777



here's the the form:

<form action="/cgi-bin/upload.cgi" method="post"   
enctype="multipart/form-data"> 
     <p>File to Upload: <input type="file" name="file" /></p> 
     <p>Your Email Address: <input type="text" name="email_address" /></p>
     <p><input type="submit" name="Submit" value="Submit Form" /></p> 
   </form>
[/codeL]
 
[B]the script:[/B]
[Code]
#!/usr/bin/perl -wT 
use strict; 
use CGI; 
use CGI::Carp qw ( fatalsToBrowser ); 
use File::Basename; 
$CGI::POST_MAX = 1024 * 50; 
my $safe_filename_characters = "a-zA-Z0-9_.-"; 
my $upload_dir = "/home/gillapsf/public_html/designsolutions/guest/"; 
my $query = new CGI; 
my $filename = $query->param("file"); 
my $email_address = $query->param("email_address"); 
if ( !$filename ) 
{ 
 print $query->header ( ); 
 print "There was a problem uploading file (try a smaller file)."; 
 exit; 
} 
my ( $name, $path, $extension ) = fileparse ( $filename, '\..*' ); 
$filename = $name . $extension; 
$filename =~ tr/ /_/; 
$filename =~ s/[^$safe_filename_characters]//g; 
if ( $filename =~ /^([$safe_filename_characters]+)$/ ) 
{ 
 $filename = $1; 
} 
else 
{ 
 die "Filename contains invalid characters"; 
} 
my $upload_filehandle = $query->upload("file"); 
open ( UPLOADFILE, ">$upload_dir/$filename" ) or die "$!"; 
binmode UPLOADFILE; 
while ( <$upload_filehandle> ) 
{ 
 print UPLOADFILE; 
} 
close UPLOADFILE; 
print $query->header ( ); 
print <<END_HTML; 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd"> 
<html xmlns="[URL]http://www.w3.org/1999/xhtml[/URL]" xml:lang="en" lang="en"> 
 <head> 
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
   <title>Thanks!</title> 
   <style type="text/css"> 
     img {border: none;} 
   </style> 
 </head> 
 <body> 
   <p>Thanks for uploading your file!</p> 
   <p>Your email address: $email_address</p> 
   <p>Your photo:</p> 
   <!--<p><img src="/guest/$filename" alt="file" /></p> -->
 </body> 
</html> 
END_HTML

 

[misson]

Looks like you got it working. Was it a missing newline after the "END_HTML"? It also looks like you fixed the script to handle multiple files.

Some other points: upload.cgi & cgi-bin should probably have mode 755 or 750 (or 700 or 770), not 777, for security. As long as the web server is running as the owner or as a member of the group for directory 'guest', 'guest' should also have mode 755.

It might also be useful in preventing collisions to add info from the e-mail address & the time the file was received to the u/led file name(s) when saving.