当前位置: 文江博客话题详情

如何使用 Perl 按类型过滤上传的文件(例如 .png、.bmp、.jpg)

发布于 2024-10-20 12:18:38 字数 1237 浏览 1 评论 0原文

我正在使用以下代码:

#!/usr/bin/perl -wT  

use strict;  
use CGI;  
use CGI::Carp qw ( fatalsToBrowser );  
use File::Basename;  

my $query = new CGI;  
my $filename = $query->param("photo");  
my $user_username = $query->param("text_value");  

$CGI::POST_MAX = 1024 * 5000;  
my $safe_filename_characters = "a-zA-Z0-9_.-";  
my $upload_dir = "/" . $user_username;  

if ( !$filename )  
{  
 print $query->header ( );  
 print "There was a problem uploading your photo (try a smaller file).";  
 exit;  
}  

my ( $name, $path, $extension ) = fileparse ( $filename, '\..*' );  
$filename = "user_pro_pic" . ".png";  
$filename =~ tr/ /_/;  
$filename =~ s/[^$safe_filename_characters]//g;  

if ( $filename =~ /^([$safe_filename_characters]+)$/ )  
{  
 $filename = $1;  
}  
else  
{  
 die "Filename contains invalid characters";  
}  

my $upload_filehandle = $query->upload("photo");  

open ( UPLOADFILE, ">$upload_dir/$filename" ) or die "$!";  
binmode UPLOADFILE;  

while ( <$upload_filehandle> )  
{  
 print UPLOADFILE;  
}  

close UPLOADFILE;  

print $query->header ( );   
print "$user_username";
print "<script> location.href='http://google.com/' </script>";
原文

I am using the following code:

#!/usr/bin/perl -wT  

use strict;  
use CGI;  
use CGI::Carp qw ( fatalsToBrowser );  
use File::Basename;  

my $query = new CGI;  
my $filename = $query->param("photo");  
my $user_username = $query->param("text_value");  

$CGI::POST_MAX = 1024 * 5000;  
my $safe_filename_characters = "a-zA-Z0-9_.-";  
my $upload_dir = "/" . $user_username;  

if ( !$filename )  
{  
 print $query->header ( );  
 print "There was a problem uploading your photo (try a smaller file).";  
 exit;  
}  

my ( $name, $path, $extension ) = fileparse ( $filename, '\..*' );  
$filename = "user_pro_pic" . ".png";  
$filename =~ tr/ /_/;  
$filename =~ s/[^$safe_filename_characters]//g;  

if ( $filename =~ /^([$safe_filename_characters]+)$/ )  
{  
 $filename = $1;  
}  
else  
{  
 die "Filename contains invalid characters";  
}  

my $upload_filehandle = $query->upload("photo");  

open ( UPLOADFILE, ">$upload_dir/$filename" ) or die "$!";  
binmode UPLOADFILE;  

while ( <$upload_filehandle> )  
{  
 print UPLOADFILE;  
}  

close UPLOADFILE;  

print $query->header ( );   
print "$user_username";
print "<script> location.href='http://google.com/' </script>";

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

温柔女人霸气范 2024-10-27 12:18:38

查看 Data::FormValidator 并专门用于上传 Data::FormValidator::Constraints::Upload

Data::FormValidator 是处理 CGI 参数验证的方法。您将把验证逻辑分离到一个配置文件中,并且您的自定义验证代码将缩小到只有几行。

Check out Data::FormValidator and for uploads specifically Data::FormValidator::Constraints::Upload .

Data::FormValidator is the way to go handling CGI params validation. You will separate your validation logic into a profile and your custom validation code will shrink to just few lines.

回复 原文
救星 2024-10-27 12:18:38

File::LibMagic 是高级检测器。未经测试:

use File::LibMagic;
my $flm = File::LibMagic->new;
…
my $mime_type = $flm->checktype_filename($filename);
die 'Type not accepted.' unless $mime_type =~ m|image/(?:png|jpeg)|;

File::LibMagic is the superior detector. Untested:

use File::LibMagic;
my $flm = File::LibMagic->new;
…
my $mime_type = $flm->checktype_filename($filename);
die 'Type not accepted.' unless $mime_type =~ m|image/(?:png|jpeg)|;
回复 原文
莫多说 2024-10-27 12:18:38

在测试无效字符的部分之后,您可以比较文件扩展名的 $filename 后缀。当然,这样做的问题是文件的实际内容可能不匹配(它们通常会匹配,但你不能总是依赖于此)...

if ($filename =~ /.(jpe?g|gif |png|pdf)$/) { # --- 检查 .jpg、.jpeg、.gif、.png 或 .pdf
  # --- 支持的文件类型
} 否则{
  # --- 不支持的文件类型
modperl_2

如果您需要实际比较基于 MIME 类型检测到的文件内容的类型,那么这将需要更多的处理能力(Apache HTTPd 提供了一个用于检测 MIME 类型的模块,这可能很有用,但您可能还必须升级到 并使用 libapreq2 访问此 API)。

然而,对于大多数目的来说,简单的文件扩展名测试应该没问题。

After the section where you test for invalid characters, you can compare the suffix of $filename for a file extension. Of course, the problem with this is that the actual contents of the file may not match (they usually will, but you can't always depend on this)...

if ($filename =~ /.(jpe?g|gif|png|pdf)$/) { # --- Check for .jpg, .jpeg, .gif, .png, or .pdf
  # --- Supported file type
} else {
  # --- Unsupported file type
}

If you need to actually compare the type based on MIME-type-detected file contents, then that will require more processing power (Apache HTTPd provides a module for detecting MIME types which might be useful, but you may also have to upgrade to modperl_2 and use libapreq2 to access this API).

For most purposes, however, a simple file extension test should be okay.

回复 原文
一身软味 2024-10-27 12:18:38

查看 File::MimeInfo,请参阅:
https://metacpan.org/pod/File::MimeInfo

Check out File::MimeInfo, see:
https://metacpan.org/pod/File::MimeInfo

回复 原文
~没有更多了~

关于作者

夜光

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文