#!/usr/bin/perl -w # upload-CGI.pl - by Matt Doyle # Generic upload CGI # # Additions by dual use strict; use CGI; # Define target upload directory my $upload_dir = "/upload/directory"; # Create new CGI object my $query = new CGI; # Limit file size to 2 MB $CGI::POST_MAX = 2097152; # Get the file from post my $filename = $query->param("uploaded"); # Die if file doesn't meet whitelist die "Suspicious user input: $!" if $filename =~ /[^\w\.\-\s\\\/]/; # Remove file path $filename =~ s/.*[\/\\](.*)/$1/; # Upload the file my $upload_filehandle = $query->upload("uploaded"); # Write out the file open UPLOADFILE, ">$upload_dir/$filename" or die "Can't open file: $!"; binmode UPLOADFILE; while ( <$upload_filehandle> ) { print UPLOADFILE; } close UPLOADFILE; # Print closing HTML print $query->header(); print < >>> $filename: upload successful EOF