大佬教程收集整理的这篇文章主要介绍了如何使用Perl以一些安全性和最少的资源提供映像?,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
该查询将由“somescript.pl?img=image.png”生成
#!/usr/bin/perl -Tw use Strict; use warnings; use CGI; #I should drop warnings after all is said and done. Also name my vars generically. Right? #I dont know if this query method will work or is even the best method. $query = new CGI; my @img = $query->param; if ( $_ eq "img" ) { my $file = $query->param($_); } if ( $_ ne "img" ) { ## I will send to an error sub that serves up a error image } # Prob a one liner to take care of the above. Not within my ability though. # Still figuring all this out here.. Very verbose sorry... # I will Strip everything but lowercase alpha and the "." # with s =~ /[something like A-Z] I will look it up //g; # Still.. prob all above will fit in a one liner by a PERL guru! # Below is related to -Taint,I was told this is important to use the -T. $ENV{PATH} = "bin:/usr/bin"; delete( $ENV{qw(IFS CDPATH BASH_ENV ENV)} ); # now I will grab the images extension. my $ext = ( $file =~ m/[^.]+$/ )[0]; #I was informed to use the "three" but,I am unsure what that means. # My attempt based on my reading many posts here. my $length = ( stat($filE) )[10]; my $image = do { local $/ = undef; print "Content-type: image/$ext\n"; print "Content-length: $length \n\n"; binmode STDOUT; open( FH,"<",$file ) || die "Could not find $file: $!"; my $buffer = ""; while ( read( FH,$buffer,10240 ) ) { print $buffer; } close(FH); };
正如你所看到的,我在这里的尝试显然是初学者.
我在堆栈溢出中找到了很好的建议.我感谢过去和现在的所有人.
File::MMagic
或
File::MimeInfo
将提供更好的通用解决方案.
File::Spec
-> no_upWARDs和File :: Spec-> catfile来构建一个只能在images目录中的路径名. >如果CGI可以避免死亡,那么它就不是真正好的形式.如果找不到该文件,则返回404状态.如果请求是非法的,则返回400或403状态等. >如果您使用path_info来允许image.PL/foo.png而不是image.pl?img=foo.png,那么您的网址会更好. >除非您添加更多逻辑,否则您提供的图像将不会被客户端缓存. >伙计,这些正在堆积起来.您是否考虑过找到一些已经为此目的编写的代码而不是编写自己的代码?
以上是大佬教程为你收集整理的如何使用Perl以一些安全性和最少的资源提供映像?全部内容,希望文章能够帮你解决如何使用Perl以一些安全性和最少的资源提供映像?所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。