CGI software error when trying to upload images

jlisec01 · May 28, 2010, 4:14am

Hi there, I was working on a script for uploading images using cgi & perl. I have the syntax below, for some reason when I submit from my html form I get:

Software error:
Permission denied at /home/jlisec01/public_html/cgi-bin/upload.cgi line 39.

the html form is fine, also the permissions are set to 755 for the cgi file.


#!/usr/bin/perl -w

use strict;
use CGI;
use CGI::Carp qw ( fatalsToBrowser );
use File::Basename;

$CGI::POST_MAX = 1024 * 5000;
my $safe_filename_characters = "a-zA-Z0-9_.-";
my $upload_dir = "/home/jlisec01/public_html/images";

my $query = new CGI;
my $filename = $query->param("photo");
my $email_address = $query->param("email_address");

if ( !$filename )
{
 print $query->header ( );
 print "There was a problem uploading your photo (try a smaller file).";
 exit;
}

my ( $name, $path, $extension ) = fileparse ( $filename, '\\..*' );
$filename = $name . $extension;
$filename =~ tr/ /_/;
$filename =~ s/[^$safe_filename_characters]//g;

if ( $filename =~ /^([$safe_filename_characters]+)$/ )
{
 $filename = $1;
}
else
{
 die "Filename contains invalid characters";
}

my $upload_filehandle = $query->upload("photo");

open ( UPLOADFILE, ">$upload_dir/$filename" ) or die "$!";
binmode UPLOADFILE;

while ( <$upload_filehandle> )
{
 print UPLOADFILE;
}

close UPLOADFILE;

print $query->header ( );
print <<END_HTML;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
   <title>Thanks!</title>
   <style type="text/css">
     img {border: none;}
   </style>
 </head>
 <body>
   <p>Thanks for uploading your photo!</p>
   <p>Your email address: $email_address</p>
   <p>Your photo:</p>
   <p><img src="../images/$filename" alt="Photo" /></p>
   <p><a href="https://crux.baker.edu/~jlisec01/file_upload.html">Return back to page</a></p>
 </body>
</html>
END_HTML

id appreciate any help, thanks.

Stomme_poes · June 1, 2010, 6:58am

What about the folder /images?

if you make another Perl script with the same 755 permissions and just tell it to open /images, you should get the same permissions error.

I would add perl’s group to the /images folder… I dunno what group your perl belongs to, it might be “perl”.

sudo chgrp -R (perl's group) /home/jlisec01/public_html/images

jlisec01 · June 1, 2010, 5:06am

yes, 100% sure.

Mittineague · May 28, 2010, 5:39am

My Perl is so rusty and stale I’m probably way off base, but I’m wondering if instead of

my $upload_dir = "/home/jlisec01/public_html/images";

it might be better to have

my $upload_dir = "../images";

Stomme_poes · May 28, 2010, 12:21pm

Mitt, user seems to be using this old script from SitePoint: http://articles.sitepoint.com/article/uploading-files-cgi-perl
(old because it’s really a 2004 article with a few big holes updated)

The recommendation is indeed to use the full path name.

jlisec:
open ( UPLOADFILE, “>$upload_dir/$filename” ) or die “$!”;

this is line 39? You made absolutely sure upload.cgi has 755 permissions?