upload.pl

1. #!/usr/bin/perl -Tw
2.  
3. # Copyright Michael J G Day, 2010
4. # contact via code[at]gatrell[dot]org
5.  
6. # This program is free software: you can redistribute it and/or modify
7. # it under the terms of the GNU General Public License as published by
8. # the Free Software Foundation, either version 3 of the License, or
9. # (at your option) any later version.
10. #
11. # This program is distributed in the hope that it will be useful,
12. # but WITHOUT ANY WARRANTY; without even the implied warranty of
13. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14. # GNU General Public License for more details.
15. #
16. # You should have received a copy of the GNU General Public License
17. # along with this program.  If not, see <http://www.gnu.org/licenses/>.
18.  
19. use strict;
20. use CGI qw(:standard);
21. use URI;
22. use CGI::Carp;
23. use URI::QueryParam;
24. use JSON;
25.  
26. my $uploaddir = '../files';
27.  
28. my $IN = new CGI;
29.  
30. # because the filuploader.js submits data as application/octet-stream the
31. # file data will be in POSTDATA and the query string will not be accessible
32. # using CGI's param or Vars methods.
33.  
34. my $file = $IN->param('POSTDATA');
35.  
36. # get the URI from the environment.
37.  
38. my $url = $ENV{'REQUEST_URI'};
39. my $uri = URI->new($url, "http");
40.  
41. # so now we create a hash of the params
42. my $params = $uri->query_form_hash;
43.  
44. # create a vars for the JSON reply
45. my $reply;
46.  
47. # and create json object to do the translations.
48. my $json = JSON->new->allow_nonref;
49.  
50. # set the customer directory to the cust cgi parameter.
51. my $custdir = $params->{'cust'};
52. # set the filename to the qqfile dgi parameter.
53. my $filename = $params->{'qqfile'};
54. # now we need to detaint the directory name and file name
55. unless ($filename =~ /^[\w\.]+$/ && $custdir =~ /^[\w\.]+$/){
56.          $reply = {error => "Illegal characters in filename - please only use [A-Z] [a-z] [0-9] . and _"};
57. }
58.  
59. mkdir("$uploaddir/$custdir", 0775);
60.  
61. print $IN->header('application/json');
62.  
63. # if the reply var has been already set it's an error.
64.  
65. if ($reply)     {
66.         print $json->encode($reply);
67. }else{
68.         # set message to sucess message
69.         $reply = {success => JSON::true};
70.         # open the file for writing or set reply to failure
71.         open(WRITEIT, ">$uploaddir/$custdir/$filename") or
72.          $reply = {error => "Cant write to $uploaddir/$custdir/$filename. Reason: $!"};
73.         print WRITEIT $file;
74.         close(WRITEIT);
75.         # write to logfile about failure.
76.         carp $json->encode($reply) if keys $reply eq "error";
77.         # return error to browser via json.
78.         print $json->encode($reply);
79. }