Reputation: 31
Perl "undefined value as a HASH reference" error
Based on this article, I wrote the a perl script to allow document files to be uploaded to my site. But I am getting "Can't use an undefined value as a HASH reference at upload.cgi line 38." (line 38 is the one above the unless clause). For reference, my web host has Perl 5.8.8 installed.
#!/usr/bin/perl -wT
use strict;
use CGI qw/param uploadInfo/;
use CGI::Carp qw ( fatalsToBrowser );
use File::Basename;
$CGI::POST_MAX = 1024 *1024 * 50; #Max file size 50MB
my $safe_filename_characters = "a-zA-Z0-9_.-";
my $upload_dir = "/home/antrobus/Originals";
my $query = new CGI;
my $filename = $query->param("manuscript");
if ( !$filename )
{
print $query->header ( );
print "The file is too large. Please email me to arrange other means of providing your manuscript.";
exit;
}
my ( $name, $path, $extension ) = fileparse ( $filename, '\..*' );
$filename = $name . $extension;
$filename =~ tr/ /_/;
$filename =~ s/[^$safe_filename_characters]//g;
if ( $filename =~ /^([$safe_filename_characters]+)$/ )
{
$filename = $1;
}
else
{
die "Filename contains invalid characters";
}
my @allowedtypes = qw(application/msword application/vnd.openxmlformats-officedocument.wordprocessingml.document application/vnd.oasis.opendocument.text application/rtf);
my $type = uploadInfo($filename)->{'Content-Type'};
unless ($type = @allowedtypes)
{
print $query->header ( );
print "Filetype not allowed. Please upload doc, docx, odt, or rtf files only.";
exit;
}
my $upload_filehandle = $query->upload("manuscript");
open ( UPLOADFILE, ">$upload_dir/$filename" ) or die "$!";
binmode UPLOADFILE;
while ( <$upload_filehandle> )
{
print UPLOADFILE;
}
close UPLOADFILE;
print $query->header ( );
print qq~;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>File Uploaded!</title>
<style type="text/css">
img {border: none;}
</style>
</head>
<body>
<p>Thanks for uploading your manuscript!</p>
</body>
</html>
~;
Upvotes: 1
Views: 3402
Answers (2)
Reputation: 31
Found the answer here. Apparently taint checking messes disrupts the ability to check the mime content type. Copying $filename to another variable before taint checking and using the other variable works...accept that it accepts any file type, not just the four accepted ones (but that's another question!)
Upvotes: 1
Reputation: 8352
If you want to have MIME content type
Do it like ,
$type = $query->uploadInfo($filename)->{'Content-Type'}; #CGI object was missing
see CGI for more detail, from CGI, genearlly
$filename = $q->param('uploaded_file');
$type = $q->uploadInfo($filename)->{'Content-Type'};
unless ($type eq 'text/html') {
die "HTML FILES ONLY!";
}
Upvotes: 2
Related Questions
- Not a HASH reference in Perl
- Issue using hash in perl
- Perl "Not an ARRAY reference" error
- Perl cgi not passing the hash to mysql
- Use of uninitialized value error in perl cgi
- Wrong value being returned "HASH(0x8dc0f54)"
- Perl HTTP::Request HASH error?
- Error: Not a HASH reference
- perl hash not reading from param ()
- Error in perl: Using a hash as a reference is deprecated