-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathupload-handler.cgi
More file actions
executable file
·41 lines (35 loc) · 1.08 KB
/
Copy pathupload-handler.cgi
File metadata and controls
executable file
·41 lines (35 loc) · 1.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/usr/bin/python3
# A simple script to upload a file with a CGI form
# Import modules for CGI handling
import cgi, os
import cgitb; cgitb.enable()
# Create instance of FieldStorage
form = cgi.FieldStorage()
# Get filename from field FILENAME
fileitem = form['FILENAME']
# Get desired upload file name from field UPLOADNAME
if form.getvalue('UPLOADNAME'):
upname = form.getvalue('UPLOADNAME')
else:
upname = "UNNAMED"
# Test if the file was uploaded
if fileitem.filename:
# strip leading path from upload file name to avoid
# directory traversal attacks
upfn = 'uploads/' + os.path.basename(upname)
open(upfn, 'wb').write(fileitem.file.read())
message = 'File "' + fileitem.filename + '" successfully uploaded to "' + upfn + '"'
else:
message = 'No file uploaded'
# Redirect to a URL if defined by field REDIRECT
if form.getvalue('REDIRECT'):
print("Location: " + form.getvalue('REDIRECT'))
print("")
else:
print("Content-Type: text/html")
print("")
print("<html>")
print("<body>")
print(" <p>%s</p>" % (message,))
print("</body>")
print("</html>")