Re: Counter triggered on download
fliptop wrote:
my $filename = $cgi-param('filename');
my $mime_type = $cgi-param('mime_type');
print $cgi-header($mime_type);
open OUT, $filename;
my $buffer;
while (my $read = read(OUT, $buffer, 4096)) {
print $buffer;
}
close OUT;
You're right, when your script deals with parameters, URL-escaped
values, etc. then CGI.pm is definitely the way to go.
While I understand that the code you posted here is simplified, I have
an advice to Merrill and everyone else who wants to do similar things.
Always remember to make sure your input is safe:
($file) = $file =~ /^([\w.-]+)$/ or die Bad argument\n;
Otherwise your script could be used to download every file on your
system which is readable by the server process (passing
../../../../etc/passwd or similar string as the argument) or even to
*write* to any file or to run any command at all (passing rm
../../somedir/.htaccess| or something like that).
Use the taint mode (the -T switch) so you'll get a fatal error every
time you do something potentially dangerous with unchecked user input.
Also, using the 3-arguments call to open() is a good idea:
open FILE, '', $file
That way the command| argument won't work, but there still is a
problem with double dots or slashes in $path.
In my opinion the -T switch is a must for CGI scripts.
--
ZSDC Perl and Systems Security Consulting
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Counter triggered on download
On Sun, 24 Aug 2003 at 03:04, zsdc opined:
z:fliptop wrote:
z:
z: merrill - i'm a little late on this thread, and the other suggestions are
z: valid, but here's one way to serve up files w/o using a direct link by
z: taking advantage of CGI.pm's header() function:
z:
z: my $cgi = new CGI;
z: print $cgi-header('application/pdf');
z:
z:Actually, it's the same as just:
z:
z: print Content-Type: application/pdf\n\n;
z:
z:CGI.pm is great but it's an overkill for just printing HTTP Content-Type
z:header.
that is true, however i cut the code out of a script i had handy. the
params are passed in as such:
/cgi-bin/mime.cgi?filename=whatevermime_type=application%02Fpdf
so the full file looked something like this:
use CGI;
my $cgi = new CGI;
my $filename = $cgi-param('filename');
my $mime_type = $cgi-param('mime_type');
print $cgi-header($mime_type);
open OUT, $filename;
my $buffer;
while (my $read = read(OUT, $buffer, 4096)) {
print $buffer;
}
close OUT;
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Counter triggered on download
On Tue, 26 Aug 2003 at 00:31, Octavian Rasnita opined: OR:This is a pretty good method, but it is not so good because the OR:visitors won't be able to use a Download manager to download the file. OR:Or better said, they won't be able to resume the download. true, however the original poster asked how to increment a counter when a file is downloaded. they did not pose the question of how to do it *and* allow the user to use download manager or resume the download if it became interrupted. OR:I am not sure, I will be testing this soon, but maybe a solution for OR:this problem could be specifying the Content-length of this file as a OR:HTTP header. OR: OR:This way the browsers and the download managers will be able to send OR:the Range HTTP header and the web server will accept it. be sure to share your results. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Counter triggered on download
This is a pretty good method, but it is not so good because the visitors won't be able to use a Download manager to download the file. Or better said, they won't be able to resume the download. I am not sure, I will be testing this soon, but maybe a solution for this problem could be specifying the Content-length of this file as a HTTP header. This way the browsers and the download managers will be able to send the Range HTTP header and the web server will accept it. But as I said, I am not sure yet. teddy.fcc.ro [EMAIL PROTECTED] - Original Message - From: fliptop [EMAIL PROTECTED] To: Merrill Oakes [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, August 23, 2003 11:29 PM Subject: Re: Counter triggered on download On Wed, 20 Aug 2003 at 13:29, Merrill Oakes opined: MO:I have a link to a PDF file on a web page. I want to count how many MO:times that someone clicks on the link (i.e. downloads the PDF). The MO:easy way (at least for me) would be to make them go to a download page MO:first, and I could put a counter in the page, BUT this requires an extra MO:step for the user. MO: MO:SO, is there any way to:#1. monitor how many a times a file has been MO:downloaded, or maybe #2. have them click on a link (that is really a cgi MO:script, that then increments the counter then starts the download/open MO:of the PDF? Of course this last method will disable the ability to do a -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Counter triggered on download
fliptop wrote:
merrill - i'm a little late on this thread, and the other suggestions are
valid, but here's one way to serve up files w/o using a direct link by
taking advantage of CGI.pm's header() function:
my $cgi = new CGI;
print $cgi-header('application/pdf');
Actually, it's the same as just:
print Content-Type: application/pdf\n\n;
CGI.pm is great but it's an overkill for just printing HTTP Content-Type
header.
-zsdc.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Counter triggered on download
This is the sort of stuff I was talking about. Modules are great but
sometimes you just have to wrest back control.
zsdc wrote:
fliptop wrote:
merrill - i'm a little late on this thread, and the other suggestions
are
valid, but here's one way to serve up files w/o using a direct link by
taking advantage of CGI.pm's header() function:
my $cgi = new CGI;
print $cgi-header('application/pdf');
Actually, it's the same as just:
print Content-Type: application/pdf\n\n;
CGI.pm is great but it's an overkill for just printing HTTP
Content-Type header.
-zsdc.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Counter triggered on download
On Wed, 20 Aug 2003 at 13:29, Merrill Oakes opined:
MO:I have a link to a PDF file on a web page. I want to count how many
MO:times that someone clicks on the link (i.e. downloads the PDF). The
MO:easy way (at least for me) would be to make them go to a download page
MO:first, and I could put a counter in the page, BUT this requires an extra
MO:step for the user.
MO:
MO:SO, is there any way to:#1. monitor how many a times a file has been
MO:downloaded, or maybe #2. have them click on a link (that is really a cgi
MO:script, that then increments the counter then starts the download/open
MO:of the PDF? Of course this last method will disable the ability to do a
MO:shift-click to download the doc.
merrill - i'm a little late on this thread, and the other suggestions are
valid, but here's one way to serve up files w/o using a direct link by
taking advantage of CGI.pm's header() function:
my $cgi = new CGI;
print $cgi-header('application/pdf');
open OUT, '/path/to/some/pdf/file';
my $buffer;
while (my $read = read(OUT, $buffer, 4096)) {
print $buffer;
}
close OUT;
# insert code here to increment the counter
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Counter triggered on download
I have a link to a PDF file on a web page. I want to count how many times that someone clicks on the link (i.e. downloads the PDF). The easy way (at least for me) would be to make them go to a download page first, and I could put a counter in the page, BUT this requires an extra step for the user. SO, is there any way to:#1. monitor how many a times a file has been downloaded, or maybe #2. have them click on a link (that is really a cgi script, that then increments the counter then starts the download/open of the PDF? Of course this last method will disable the ability to do a shift-click to download the doc. Thoughts, or pointers would be appreciated, Thanks, MO. [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Counter triggered on download
I would solve this by using the link to invoke a Perl script that would trip a counter and serve up the PDF document, shift-click be damned. Who uses shift-click anyway? Merrill Oakes wrote: I have a link to a PDF file on a web page. I want to count how many times that someone clicks on the link (i.e. downloads the PDF). The easy way (at least for me) would be to make them go to a download page first, and I could put a counter in the page, BUT this requires an extra step for the user. SO, is there any way to:#1. monitor how many a times a file has been downloaded, or maybe #2. have them click on a link (that is really a cgi script, that then increments the counter then starts the download/open of the PDF? Of course this last method will disable the ability to do a shift-click to download the doc. Thoughts, or pointers would be appreciated, Thanks, MO. [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Counter triggered on download
Camilo: THANKS! I agree. I also did a little more due diligence searching and found some scripts (guess I should have done that before I posted). Thanks everyone, great group/list. MO. Camilo Gonzalez wrote: I would solve this by using the link to invoke a Perl script that would trip a counter and serve up the PDF document, shift-click be damned. Who uses shift-click anyway? Merrill Oakes wrote: I have a link to a PDF file on a web page. I want to count how many times that someone clicks on the link (i.e. downloads the PDF). The easy way (at least for me) would be to make them go to a download page first, and I could put a counter in the page, BUT this requires an extra step for the user. SO, is there any way to:#1. monitor how many a times a file has been downloaded, or maybe #2. have them click on a link (that is really a cgi script, that then increments the counter then starts the download/open of the PDF? Of course this last method will disable the ability to do a shift-click to download the doc. Thoughts, or pointers would be appreciated, Thanks, MO. [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
