Um, check the logs :) CGI Help Guide $filename is not the filename that you want to use , it can be anything the browser sends, even F:/bar/bar/bar/bar/bar/bar/bar/UHOH. Png Its unlikely that F:/bar/bar/bar/bar/bar/bar/bar/UHOH. Png exists on your server You want to generate a filename, maybe like this sub WashFilename { use File::Basename; my $basename = basename( shift ); # untainted , only use a-z A-Z 0-9 and dot $basename = join '', $basename =~ m/(.a-zA-Z0-9)/g; # basename is now, hopefully, file.
Ext ## so to ensure uniqueness, we adulterate it :) my $id = $$. '-'. Time; my( $file, $ext ) = split /\.
/, $basename, 2 ; return join '. ', grep defined, $file, $id, $ext; } ## end sub WashFilename You also want to place the file in a directory of your webserver that will serve images (NOT cgi-bin) And you also want to use File::Type::WebImages to determine web image file types using magic and make sure the filename has the appropriate extension , so your server will send the appropriate headers And don't forget to chmod the file appropriately.
Well this script is a test actually, ofcourse directory and checks will be different once I set up everything. Anyway the parameter received is just the filename (ie test. Png) not the entire path.
I assume cgi-script as the default path right now. – raz3r Nov 23 at 13:27 Chmod 777 solved my problem! Thank you anyway ^^ – raz3r Nov 23 at 13:51 1 If you're just running the script yourself to test it, then you probably don't have to worry much about sanitizing the filename.
But before you put this in production, make ABSOLUTELY SURE that you've changed the code to handle filenames correctly. As proctor said, you want to make sure users can't include directories in filenames. Also, you have an XSS vulnerability in your print statement.
If the user gives a filename of "/>It's not perfect, but it's better than nothing. – Jonathan Nov 23 at 14:03 Actually the script cannot be called from the outside and the output is just a little test to check the image immediatly, in fact the PNG will be opened from a much larger (and secure ofcourse) webpage ^^ – raz3r Nov 23 at 14:56.
Don't store a document to file unless you have a reason to: it's slow and introduces all kinds of potential hazards. You don't appear to reuse the same image on different requests, which might be such a reason. Instead, teach your CGI script to output the image directly, depending on how it is called (or write a second one that does).
It's the graph method that creates the image, I don't think I can tell him to create the image in a canvas or something temporary. Anyway even if I do find a way to do that how can I display the image then? It's just a curiosity by the way, I need the images to be stored.
– raz3r Nov 25 at 8:49 You'd create the image in a separate call. Think of how HTTP works: everything with a separate URL is retrieved in a separate call, so you can create it when the call comes. – reinierpost Nov 25 at 10:19.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.