I think that I have almost managed to get my first (proper) CGI script
to execute as intended, but it seems I still have one last hurdle to
jump. My Apache error.log provides me with the following single line:
[Fri Jul 22 16:34:37 2005] [error] [client 127.0.0.1] Access is
denied.\r, referer:
http://localhost/~neville.hodder/tests_c/upload_g.cgi
After too much time Googling and re-reading my manuals, I have a few
questions I hope someone can help me with:
1) Have I correctly Untainted my system() call and file permissions by
my modification of the $ENV{'PATH'}?
2) Has my modification of the $ENV{'PATH'} been to restrictive and
created a new "Access" problem?
2) Do I also need to enable one or all of "file/directory/execution"
access somewhere within my Apache httpd.conf settings?
Thanks for all and any advice
NJH
---------
#!c:/perl/bin/perl.exe -wT
use strict;
use diagnostics;
use CGI;
my $q = new CGI;
print $q->header,
$q->start_html(-title => "Nev's file Test", -bgcolor => "#EAEAAE"),
$q->h2("File selection:"),
$q->start_multipart_form,
$q->p("Please choose a board file to analyse"),
$q->filefield("pcb"),
$q->submit,
$q->end_form,
$q->hr,
"The board file you chose was: ", $q->param("pcb");
my $fh = $q->upload("pcb");
my $buffer = "";
use constant BUFFER_SIZE => 16_384;
open (OUTPUT, "> ..\\output\\temp.brd");
binmode $fh;
binmode OUTPUT;
while (read ($fh, $buffer, BUFFER_SIZE)){
print OUTPUT $buffer;
}
close OUTPUT;
$ENV{'PATH'} =
("\\\\Gb9\\cadence\\Cadence\\SPB_15.2\\tools\\pcb\\bin\\;\\\\gb9\\Cadenc
e\\Cadence\\Extracta\\;..\\output\\;C:\\WINDOWS\\system32");
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
&dosomt();
print $q->end_html;
sub dosomt{
my $pcb = "..\\output\\temp.brd";
my $prog =
"\\\\Gb9\\cadence\\Cadence\\SPB_15.2\\tools\\pcb\\bin\\extracta.exe";
my $cmd = "\\\\gb9\\Cadence\\Cadence\\Extracta\\status_detail.cmd";
my $out = "..\\output\\extract_output.txt";
system($prog, $pcb, $cmd, $out);
}
