#!/usr/bin/perl ## ## Upload.pl ## (c) Alex Bacik 2003 ## Uploads file via http put ## use strict; use CGI; use Net::SMTP; my $upload_dir = "/var/www/https.www.bacik.org/htdocs/upload"; my $upload_place = "www.bacik.org/upload/"; my $cgi = new CGI; my $file = $cgi->param('file'); &Bail ("What exactly are you trying to upload??") unless ($file); &Bail ("Don't try to use me from $ENV{HTTP_REFERER}, $ENV{REMOTE_ADDR}") if ($ENV{HTTP_REFERER} !~ /www.bacik.org/); &Bail ("Don't try to hack me, $ENV{REMOTE_ADDR}") if ($ENV{REQUEST_URI} !~ /cgi-bin\/upload.pl/); &Bail ("$ENV{'CONTENT_LENGTH'} is too large") if ($ENV{'CONTENT_LENGTH'} > 90000000); $file =~ m/^.*(\\|\/)(.*)/; # strip the remote path and keep the filename my $filecomplete = $file; $file =~ s/.+\\//; $file =~ s/[^A-Za-z0-9.]//g; &Bail ("Don't try to hack me, $ENV{REMOTE_ADDR}") if ($file =~ /\.\./); open(LOCAL, ">$upload_dir/$file") or &Bail("$! while trying to upload $upload_dir/$file."); while(<$filecomplete>) { print LOCAL $_; } close (LOCAL); &send_mail ("$file"); print "Location: https://", $upload_place, "\n\n"; exit (1); ######################### sub Bail { print $cgi->header(); print "Failed: $_[0]\n"; exit (0); } sub send_mail { # Obsolete sendmail stuff # open(MAIL,"|$mail_prog -t") || &Bail ("Unable to send mail to alex\@bacik.org"); # print MAIL "From: Bacik.org Daemon ",'<',"root\@bacik.org",'>',"\n"; # print MAIL "To: Alex Bacik ",'<',"alex.bacik\@uk.easynet.net",'>',"\n"; # print MAIL "Subject: File uploaded\n"; # print MAIL "The ", &commify($ENV{'CONTENT_LENGTH'}), " byte file \"$_[0]\" was uploaded from $ENV{REMOTE_ADDR} to www.bacik.org/upload\n"; # close(MAIL); my $relayserver = 'smtp.bytemark.co.uk'; my $mailhost = 'alex.bacik.org'; my $from = "Alex Bacik "; my $recpt = "Alex Bacik "; my $subject = "File uploaded: " . $_[0]; my $smtp = Net::SMTP->new($relayserver,Hello=>$mailhost,Debug=>0) ; &Bail ("Couldn't connect to server") unless $smtp ; $smtp->mail($from); $smtp->to($recpt); $smtp->data(); $smtp->datasend("From: $from\nTo: $recpt\nSubject: $subject\n\n"); $smtp->datasend("Hi,\n\n"); $smtp->datasend("The ", &commify($ENV{'CONTENT_LENGTH'}), " byte file \"$_[0]\" was uploaded from $ENV{REMOTE_ADDR} to ", $upload_place, "\n\n"); $smtp->datasend("Have a nice day,\n\nThe Daemon.\n"); $smtp->dataend(); $smtp->quit(); } sub commify { my $text = reverse $_[0]; $text =~ s/(\d\d\d)(?=\d)(?!\d*\.)/$1,/g; return scalar reverse $text; } #########################