I have a Website that presents photographs for visitors to download. I used to simply have the files display in the browser window so that visitors could right-click and save them to their computers. However, 2 problems soon became apparent with this system. Second, I discovered that some Websites had direct links to my photographs, so that my images appeared to be part of the content of these sites.
Besides being impolite, this so called "hot" linking costs me money, as my Web host charges for the bandwidth I use. The script also has to be on the same server as the directory of the files to be downloaded. Begin your script by adding the shebang line. On a Windows machine, a common shebang line is "!
The next 2 lines specify that we want to use the CGI module, and that we want to display any fatal errors in the browser window. If you're running a version older than 5. Already Installed. Download ActivePerl. Consider looking at App::perlbrew to help compile and manage Perl from source.
Find out more about the source code, development versions as well as current releases of the Perl source code. Download Latest Stable Source 5.
Mac OS X already has Perl installed. Open a Terminal application in the Utilities folder of your Applications folder and run perl -v to find out which version.
Just like a real butler you have to trust that he knows what he is doing and will get the job done efficiently and effectively without looking over his shoulder. I leave that up to you.
The first is going to check the amount of data sent to the script. Note: I use command and method interchangeably throughout the article to mean the same thing. There are of course much worse things a person could try, but this is not an article about how to hack into a website using the front door. To prevent the user from getting away with such a dangerous stunt we need to validate the data sent to the script.
Regular expressions are way beyond the scope of this article. If you are interested to understand that regexp you will have to read some regexp tutorials. See the online resources at the end of the article. Basically it is checking that the data is something like this: frog. The only way to untaint data is to use a regexp.
That would be a silly thing to do. If the data does not pass the validation routine a message is sent to the error subroutine and the user is alerted. There are two lines that open the file, one is for debugging purposes and one is for running the script when all is working properly.
The next section of the code prints the headers that cause the web browser to download the file instead of trying to display it. You could give the file any name you wanted to, it does not have to be the actual filename. That can be useful if you have a reason to hide the real name of the file or needed to give the downloaded file a name other than the real name. This allows the file download dialog box to display the file size and a progress bar and estimate the time remaining to complete the file download.
The last four lines of the subroutine complete the download process. There is a small chance that using binary mode will corrupt the file on the receiving end.
But in general there is no problem using it and in some cases it is necessary. If you experience problems when using binmode, remove or comment out the line. See the binmode functions documentation for more details. We return 1 one at the end of the subroutine to indicate success.
Each of these methods are discussed in the CGI modules documentation. Each error the script detects can be logged so you can see how visitors to your site are misusing the script.
This is good information to keep track of. It might be overkill, but I am a great believer in tracking errors since they can help you write more secure scripts and alert you to bots or people trying to abuse the script.
It appends the errors and some other information to a file. Its ultimately up to you to decide what, if anything, to do with this information.
I suggest you check the error log once in a while. You can delete it and the script will create a new one. Or turn off error logging entirely in the User Configuration Section of the script. You could use hyperlinks or an HTML form or some combination of the two. You could have another script or even the same script generate the interface.
The basic concept is to pass the download script the name of a file to download. Conclusion This is a pretty basic script.
0コメント