CODEWITHSUNDEEP
perlfilepermissionscgi
raz3r
raz3r

Reputation: 3131

CGI script cant create file

I have the following CGI script that launches a module that creates a PNG file and then shows it.

#!/usr/bin/perl

use RRDs;
use CGI;

main:
{
my $cgi = new CGI;
my $filename = $cgi->param('filename');
print "Content-type: text/html\n\n";
my $curr_time = time();
my $start_time = $curr_time-3600;
RRDs::graph("$filename", "--start", "$start_time", "DEF:DiskC=c.rrd:DiskC:AVERAGE", "AREA:DiskC#0000FF");
my $err = RRDs::error();
print "<HTML><HEAD><TITLE>Disk C Utilization</TITLE></HEAD><BODY><H1>Disk C Utilization</H1><BR>$err<img src=\"$filename\"/></BODY></HTML>";
}

The graph method says that can't create the PNG file. If I run this script in a command like it works fine so I think it's a matter of permissions. I already set chmod 755 on the cgi-script folder. What do you suggest? Is this related to Apache2 settings?

Upvotes: 1

Views: 2037

Answers (3)

reinierpost
reinierpost

Reputation: 8611

Don't store a document to file unless you have a reason to: it's slow and introduces all kinds of potential hazards.

You don't appear to reuse the same image on different requests, which might be such a reason.

Instead, teach your CGI script to output the image directly, depending on how it is called (or write a second one that does).

Upvotes: 0

raz3r
raz3r

Reputation: 3131

chmod 777 solved my problem!

Upvotes: 0

proctor
proctor

Reputation: 41

Um, check the logs :) CGI Help Guide

$filename is not the filename that you want to use , it can be anything the browser sends, even F:/bar/bar/bar/bar/bar/bar/bar/UHOH.png

Its unlikely that F:/bar/bar/bar/bar/bar/bar/bar/UHOH.png exists on your server

You want to generate a filename, maybe like this

sub WashFilename {
    use File::Basename;
    my $basename = basename( shift );
    # untainted , only use a-z A-Z 0-9 and dot
    $basename = join '', $basename =~ m/([.a-zA-Z0-9])/g;
    # basename is now, hopefully, file.ext
    ## so to ensure uniqueness, we adulterate it :)
    my $id = $$.'-'.time;
    my( $file, $ext ) = split /\./, $basename, 2 ;
    return join '.', grep defined, $file, $id, $ext;
} ## end sub WashFilename

You also want to place the file in a directory of your webserver that will serve images (NOT cgi-bin)

And you also want to use File::Type::WebImages to determine web image file types using magic and make sure the filename has the appropriate extension , so your server will send the appropriate headers

And don't forget to chmod the file appropriately

Upvotes: 3

Related Questions