Downloading a file through PERL script

Question

I have the below PERL script that tries to download a file that contains the output of that script.

I face an error which says:

Can't call method "header" on an undefined value at C:/Apache24/cgi-bin/trim.pl

However my output file gets written properly at the right destination. Please help me out with fixing the code and get the output file downloaded.

use strict;
use CGI;
use CGI::Carp qw ( fatalsToBrowser );
use File::Basename;

my $q            = new CGI;
my $upload_dir   = "C:/Apache24/htdocs/files" ;
my ($bytesread, $buffer);
my $numbytes     = 1024;
my $trim_out_dir = "C:/Users/Admin/Desktop/vijay/Metagenomics/NGSQCToolkit_v2.3/CGI_Out";
my $out_file     = "$trim_out_dir/trimmed.fasta";
my $safe_filename_characters = "a-zA-Z0-9_.-";

$q->cgi_error and error( $q, "Error transferring file: " . $q->cgi_error );

my $file         = $q->param( "seq" )     || error( $q, "No file received." );
my $length       = $q->param( "len");
my $quality      = $q->param( "qual");

open ( UPLOADFILE, ">$upload_dir/$file" ) or die "$!";

while ($bytesread = read($file, $buffer, $numbytes)) { 
    print UPLOADFILE $buffer; 
} 

close UPLOADFILE;
system("Reads.pl -i $upload_dir/$file -n $length -o $out_file");
open ( DOWNLOADFILE, "<$out_file" ) or die "$!";

print $cgi->header(
    -type       => 'application/octet-stream'
    -attachment => '$out_file');

close DOWNLOADFILE;

Answer 1

This does not compile with strict, and since you are using strict, it does not seem likely that this is the code you executed. Your $cgi object is never defined, and therefore would stop the script at compile time. This line:

print $cgi->header(

should probably be

print $q->header(

You should also know that

-attachment => '$out_file');

will mean that the attachment param will not contain the value of the variable $out_file, it will contain the literal name of the variable. If you want it to contain the value of the variable, you need to either remove the quoting, or use double quotes.

More importantly, you should also know that your script is very unsafe. You are using values directly from the cgi object without verifying them. Both the open statement and the system statement could easily be manipulated to execute arbitrary commands on your system. For example:

$out_file = "foo; rm -rf /";
system("Reads.pl -i $upload_dir/$file -n $length -o $out_file");

You may wish to read the documentation on security, and perhaps use taint mode (-T switch).

Answer 2

Instead of

print $cgi->header(

you probably mean

print $q->header(

Using use strict should have caught this error.