Wiki Uploads

I added an upload action to my UsemodWiki? code. The code I added is in the form of two sub routines that return a upload form if nothing is posted (DoPublish?) and uploads the file and returns a confirmation when a file is posted (SavePublish?).

I really know nothing about perl code so I am sure this is insecure and or poorly written, but for what it is worth here is what I did. I did add some security with a check for useris...


sub DoPublish? {

  print &GetHeader?(, T('File Upload Page'), );

if (&UserIsAdmin? || &UserIsEditor?){}

else

{

print '<center>Only Administrators and Editors can upload files</center>';

print &GetCommonFooter?();

return;

}

print '<FORM METHOD="post" ACTION="wiki.pl" ENCTYPE="multipart/form-data">';

print '<input type="hidden" name="upload" value="1" />';

print 'File to Upload: <INPUT TYPE="file" NAME="file"><br><BR>';

print '<INPUT TYPE="submit" NAME="Submit" VALUE="Upload">';

print '</FORM>';

print &GetCommonFooter?();
}


sub SavePublish? {

 my ($upload_dir,$filename,$upload_filehandle);

print &GetHeader?("", "Uploading file", "");

if (&UserIsAdmin? || &UserIsEditor?){}

  else 

{

print '<center>Only Administrators and Editors can upload files</center>';

print &GetCommonFooter?();

return;

}

$upload_dir = "/home/username/public_html/uploads"; #absolute path to upload dir

$filename = $q->param("file");

$filename =~ s/.*[\/\\](.*)/$1/;

$upload_filehandle = $q->upload("file");

open UPLOADFILE, ">$upload_dir/$filename";

while ( <$upload_filehandle> ){print UPLOADFILE;}

close UPLOADFILE;

print "The link to your image is...\n<br><BR>";

print "http://www.yourserver.org/uploads/$filename<BR><BR>\n";

print "<HR><img src=http://www.yourserver.org/uploads/$filename></html>\n";

print &GetCommonFooter?();

}


EditText of this page (last edited January 17, 2003) or FindPage with title or text search