For uploads to be saved on the server, CGI scripts (run by the user “nobody” on some
servers) must have write access to the enclosing directory if the file doesn’t yet exist, or
to the file itself if it does. To help isolate uploads, the script stores all uploads in what-
ever server directory is named in the uploaddir global. On one Linux server, I had to
give this directory a mode of 777 (universal read/write/execute permissions) with
chmod to make uploads work in general. This is a nonissue with the local web server
used in this chapter, but your mileage may vary; be sure to check permissions if this
script fails.
The script also calls os.chmod to set the permission on the server file such that it can be
read and written by everyone. If it is created anew by an upload, the file’s owner will
be “nobody” on some servers, which means anyone out in cyberspace can view and
upload the file. On one Linux server, though, the file will also be writable only by the
user “nobody” by default, which might be inconvenient when it comes time to change
that file outside the Web (naturally, the degree of pain can vary per file operation).
Isolating client-side file uploads by placing them in a single directory on
the server helps minimize security risks: existing files can’t be overwrit-
ten arbitrarily. But it may require you to copy files on the server after
they are uploaded, and it still doesn’t prevent all security risks—
mischievous clients can still upload huge files, which we would need to
trap with additional logic not present in this script as is. Such traps may
be needed only in scripts open to the Internet at large.If both client and server do their parts, the CGI script presents us with the response
page shown in Figure 15-34, after it has stored the contents of the client file in a new
or existing file on the server. For verification, the response gives the client and server
file paths, as well as an echo of the uploaded file, with a line count in line-by-line reader
mode.
Notice that this echo display assumes that the file’s content is text. It turns out that this
is a safe assumption to make, because the cgi module always returns file content as
str strings, not bytes. Less happily, this also stems from the fact that binary file uploads
are not supported in the cgi module in 3.1 (more on this limitation in an upcoming
note).
This file uploaded and saved in the uploads directory is identical to the original (run
an fc command on Windows to verify this). Incidentally, we can also verify the upload
with the getfile program we wrote in the prior section. Simply access the selection
page to type the pathname of the file on the server, as shown in Figure 15-35.
If the file upload is successful, the resulting viewer page we will obtain looks like
Figure 15-36. Since the user “nobody” (CGI scripts) was able to write the file, “nobody”
should be able to view it as well (bad grammar perhaps, but true nonetheless).
1222 | Chapter 15: Server-Side Scripting