Re: Counter triggered on download
fliptop wrote: my $filename = $cgi-param('filename'); my $mime_type = $cgi-param('mime_type'); print $cgi-header($mime_type); open OUT, $filename; my $buffer; while (my $read = read(OUT, $buffer, 4096)) { print $buffer; } close OUT; You're right, when your script deals with parameters, URL-escaped values, etc. then CGI.pm is definitely the way to go. While I understand that the code you posted here is simplified, I have an advice to Merrill and everyone else who wants to do similar things. Always remember to make sure your input is safe: ($file) = $file =~ /^([\w.-]+)$/ or die Bad argument\n; Otherwise your script could be used to download every file on your system which is readable by the server process (passing ../../../../etc/passwd or similar string as the argument) or even to *write* to any file or to run any command at all (passing rm ../../somedir/.htaccess| or something like that). Use the taint mode (the -T switch) so you'll get a fatal error every time you do something potentially dangerous with unchecked user input. Also, using the 3-arguments call to open() is a good idea: open FILE, '', $file That way the command| argument won't work, but there still is a problem with double dots or slashes in $path. In my opinion the -T switch is a must for CGI scripts. -- ZSDC Perl and Systems Security Consulting -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Counter triggered on download
On Sun, 24 Aug 2003 at 03:04, zsdc opined: z:fliptop wrote: z: z: merrill - i'm a little late on this thread, and the other suggestions are z: valid, but here's one way to serve up files w/o using a direct link by z: taking advantage of CGI.pm's header() function: z: z: my $cgi = new CGI; z: print $cgi-header('application/pdf'); z: z:Actually, it's the same as just: z: z: print Content-Type: application/pdf\n\n; z: z:CGI.pm is great but it's an overkill for just printing HTTP Content-Type z:header. that is true, however i cut the code out of a script i had handy. the params are passed in as such: /cgi-bin/mime.cgi?filename=whatevermime_type=application%02Fpdf so the full file looked something like this: use CGI; my $cgi = new CGI; my $filename = $cgi-param('filename'); my $mime_type = $cgi-param('mime_type'); print $cgi-header($mime_type); open OUT, $filename; my $buffer; while (my $read = read(OUT, $buffer, 4096)) { print $buffer; } close OUT; -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Counter triggered on download
On Tue, 26 Aug 2003 at 00:31, Octavian Rasnita opined: OR:This is a pretty good method, but it is not so good because the OR:visitors won't be able to use a Download manager to download the file. OR:Or better said, they won't be able to resume the download. true, however the original poster asked how to increment a counter when a file is downloaded. they did not pose the question of how to do it *and* allow the user to use download manager or resume the download if it became interrupted. OR:I am not sure, I will be testing this soon, but maybe a solution for OR:this problem could be specifying the Content-length of this file as a OR:HTTP header. OR: OR:This way the browsers and the download managers will be able to send OR:the Range HTTP header and the web server will accept it. be sure to share your results. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Counter triggered on download
This is a pretty good method, but it is not so good because the visitors won't be able to use a Download manager to download the file. Or better said, they won't be able to resume the download. I am not sure, I will be testing this soon, but maybe a solution for this problem could be specifying the Content-length of this file as a HTTP header. This way the browsers and the download managers will be able to send the Range HTTP header and the web server will accept it. But as I said, I am not sure yet. teddy.fcc.ro [EMAIL PROTECTED] - Original Message - From: fliptop [EMAIL PROTECTED] To: Merrill Oakes [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, August 23, 2003 11:29 PM Subject: Re: Counter triggered on download On Wed, 20 Aug 2003 at 13:29, Merrill Oakes opined: MO:I have a link to a PDF file on a web page. I want to count how many MO:times that someone clicks on the link (i.e. downloads the PDF). The MO:easy way (at least for me) would be to make them go to a download page MO:first, and I could put a counter in the page, BUT this requires an extra MO:step for the user. MO: MO:SO, is there any way to:#1. monitor how many a times a file has been MO:downloaded, or maybe #2. have them click on a link (that is really a cgi MO:script, that then increments the counter then starts the download/open MO:of the PDF? Of course this last method will disable the ability to do a -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Counter triggered on download
fliptop wrote: merrill - i'm a little late on this thread, and the other suggestions are valid, but here's one way to serve up files w/o using a direct link by taking advantage of CGI.pm's header() function: my $cgi = new CGI; print $cgi-header('application/pdf'); Actually, it's the same as just: print Content-Type: application/pdf\n\n; CGI.pm is great but it's an overkill for just printing HTTP Content-Type header. -zsdc. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Counter triggered on download
This is the sort of stuff I was talking about. Modules are great but sometimes you just have to wrest back control. zsdc wrote: fliptop wrote: merrill - i'm a little late on this thread, and the other suggestions are valid, but here's one way to serve up files w/o using a direct link by taking advantage of CGI.pm's header() function: my $cgi = new CGI; print $cgi-header('application/pdf'); Actually, it's the same as just: print Content-Type: application/pdf\n\n; CGI.pm is great but it's an overkill for just printing HTTP Content-Type header. -zsdc. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Counter triggered on download
On Wed, 20 Aug 2003 at 13:29, Merrill Oakes opined: MO:I have a link to a PDF file on a web page. I want to count how many MO:times that someone clicks on the link (i.e. downloads the PDF). The MO:easy way (at least for me) would be to make them go to a download page MO:first, and I could put a counter in the page, BUT this requires an extra MO:step for the user. MO: MO:SO, is there any way to:#1. monitor how many a times a file has been MO:downloaded, or maybe #2. have them click on a link (that is really a cgi MO:script, that then increments the counter then starts the download/open MO:of the PDF? Of course this last method will disable the ability to do a MO:shift-click to download the doc. merrill - i'm a little late on this thread, and the other suggestions are valid, but here's one way to serve up files w/o using a direct link by taking advantage of CGI.pm's header() function: my $cgi = new CGI; print $cgi-header('application/pdf'); open OUT, '/path/to/some/pdf/file'; my $buffer; while (my $read = read(OUT, $buffer, 4096)) { print $buffer; } close OUT; # insert code here to increment the counter -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Counter triggered on download
I have a link to a PDF file on a web page. I want to count how many times that someone clicks on the link (i.e. downloads the PDF). The easy way (at least for me) would be to make them go to a download page first, and I could put a counter in the page, BUT this requires an extra step for the user. SO, is there any way to:#1. monitor how many a times a file has been downloaded, or maybe #2. have them click on a link (that is really a cgi script, that then increments the counter then starts the download/open of the PDF? Of course this last method will disable the ability to do a shift-click to download the doc. Thoughts, or pointers would be appreciated, Thanks, MO. [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Counter triggered on download
I would solve this by using the link to invoke a Perl script that would trip a counter and serve up the PDF document, shift-click be damned. Who uses shift-click anyway? Merrill Oakes wrote: I have a link to a PDF file on a web page. I want to count how many times that someone clicks on the link (i.e. downloads the PDF). The easy way (at least for me) would be to make them go to a download page first, and I could put a counter in the page, BUT this requires an extra step for the user. SO, is there any way to:#1. monitor how many a times a file has been downloaded, or maybe #2. have them click on a link (that is really a cgi script, that then increments the counter then starts the download/open of the PDF? Of course this last method will disable the ability to do a shift-click to download the doc. Thoughts, or pointers would be appreciated, Thanks, MO. [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Counter triggered on download
Camilo: THANKS! I agree. I also did a little more due diligence searching and found some scripts (guess I should have done that before I posted). Thanks everyone, great group/list. MO. Camilo Gonzalez wrote: I would solve this by using the link to invoke a Perl script that would trip a counter and serve up the PDF document, shift-click be damned. Who uses shift-click anyway? Merrill Oakes wrote: I have a link to a PDF file on a web page. I want to count how many times that someone clicks on the link (i.e. downloads the PDF). The easy way (at least for me) would be to make them go to a download page first, and I could put a counter in the page, BUT this requires an extra step for the user. SO, is there any way to:#1. monitor how many a times a file has been downloaded, or maybe #2. have them click on a link (that is really a cgi script, that then increments the counter then starts the download/open of the PDF? Of course this last method will disable the ability to do a shift-click to download the doc. Thoughts, or pointers would be appreciated, Thanks, MO. [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]