2008-04-17 12:35:09 +00:00
|
|
|
POST upload example:
|
|
|
|
|
|
|
|
post_upload.htm
|
|
|
|
===============
|
|
|
|
<html>
|
|
|
|
<body>
|
|
|
|
<form action=/cgi-bin/post_upload.cgi method=post enctype=multipart/form-data>
|
|
|
|
File to upload: <input type=file name=file1> <input type=submit>
|
|
|
|
</form>
|
|
|
|
|
|
|
|
|
|
|
|
post_upload.cgi
|
|
|
|
===============
|
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
# POST upload format:
|
|
|
|
# -----------------------------29995809218093749221856446032^M
|
|
|
|
# Content-Disposition: form-data; name="file1"; filename="..."^M
|
|
|
|
# Content-Type: application/octet-stream^M
|
|
|
|
# ^M <--------- headers end with empty line
|
|
|
|
# file contents
|
|
|
|
# file contents
|
|
|
|
# file contents
|
|
|
|
# ^M <--------- extra empty line
|
|
|
|
# -----------------------------29995809218093749221856446032--^M
|
|
|
|
|
|
|
|
file=/tmp/$$-$RANDOM
|
|
|
|
|
2009-11-13 09:37:50 +01:00
|
|
|
CR=`printf '\r'`
|
|
|
|
|
2008-04-17 12:35:09 +00:00
|
|
|
# CGI output must start with at least empty line (or headers)
|
|
|
|
printf '\r\n'
|
|
|
|
|
2009-11-13 09:37:50 +01:00
|
|
|
IFS="$CR"
|
2008-04-17 12:35:09 +00:00
|
|
|
read -r delim_line
|
2009-11-13 09:37:50 +01:00
|
|
|
IFS=""
|
2008-04-17 12:35:09 +00:00
|
|
|
|
|
|
|
while read -r line; do
|
2009-11-13 09:37:50 +01:00
|
|
|
test x"$line" = x"" && break
|
|
|
|
test x"$line" = x"$CR" && break
|
2008-04-17 12:35:09 +00:00
|
|
|
done
|
|
|
|
|
2009-11-13 09:37:50 +01:00
|
|
|
cat >"$file"
|
2008-04-17 12:35:09 +00:00
|
|
|
|
2009-11-13 09:37:50 +01:00
|
|
|
# We need to delete the tail of "\r\ndelim_line--\r\n"
|
|
|
|
tail_len=$((${#delim_line} + 6))
|
2008-04-17 12:35:09 +00:00
|
|
|
|
2009-11-13 09:37:50 +01:00
|
|
|
# Get and check file size
|
|
|
|
filesize=`stat -c"%s" "$file"`
|
|
|
|
test "$filesize" -lt "$tail_len" && exit 1
|
2008-04-17 12:35:09 +00:00
|
|
|
|
2009-11-13 09:37:50 +01:00
|
|
|
# Check that tail is correct
|
|
|
|
dd if="$file" skip=$((filesize - tail_len)) bs=1 count=1000 >"$file.tail" 2>/dev/null
|
|
|
|
printf "\r\n%s--\r\n" "$delim_line" >"$file.tail.expected"
|
|
|
|
if ! diff -q "$file.tail" "$file.tail.expected" >/dev/null; then
|
|
|
|
printf "<html>\n<body>\nMalformed file upload"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
rm "$file.tail"
|
|
|
|
rm "$file.tail.expected"
|
|
|
|
|
|
|
|
# Truncate the file
|
|
|
|
dd of="$file" seek=$((filesize - tail_len)) bs=1 count=0 >/dev/null 2>/dev/null
|
|
|
|
|
|
|
|
printf "<html>\n<body>\nFile upload has been accepted"
|