Wiki Uploads

I added an upload action to my UsemodWiki? code. The code I added is in the form of two sub routines that return a upload form if nothing is posted (DoPublish?) and uploads the file and returns a confirmation when a file is posted (SavePublish?).

I really know nothing about perl code so I am sure this is insecure and or poorly written, but for what it is worth here is what I did. I did add some security with a check for useris...

sub DoPublish? { 

  print &GetHeader?(, T('File Upload Page'), );


  if (&UserIsAdmin? || &UserIsEditor?){} 


  else 


  {


    print '<center>Only Administrators and Editors can upload files</center>';


    print &GetCommonFooter?();


    return;


  }


  print '<FORM METHOD="post" ACTION="wiki.pl" ENCTYPE="multipart/form-data">';


  print '<input type="hidden" name="upload" value="1" />';


  print 'File to Upload: <INPUT TYPE="file" NAME="file"><br><BR>';


  print '<INPUT TYPE="submit" NAME="Submit" VALUE="Upload">';


  print '</FORM>';


  print &GetCommonFooter?();
}

sub SavePublish? { 

 my ($upload_dir,$filename,$upload_filehandle);


   print &GetHeader?("", "Uploading file", "");
if (&UserIsAdmin? || &UserIsEditor?){} 

  else 


  {


    print '<center>Only Administrators and Editors can upload files</center>';


    print &GetCommonFooter?();


    return;


  }


   $upload_dir = "/home/username/public_html/uploads"; #absolute path to upload dir


   $filename = $q->param("file");


   $filename =~ s/.*[\/\\](.*)/$1/;


   $upload_filehandle = $q->upload("file");


   open UPLOADFILE, ">$upload_dir/$filename";


   while ( <$upload_filehandle> ){print UPLOADFILE;}


   close UPLOADFILE;


   print "The link to your image is...\n<br><BR>";


   print "http://www.yourserver.org/uploads/$filename<BR><BR>\n";


   print "<HR><img src=http://www.yourserver.org/uploads/$filename></html>\n";


   print &GetCommonFooter?();
}

EditText of this page (last edited January 17, 2003) or FindPage with title or text search