-
Notifications
You must be signed in to change notification settings - Fork 0
/
upload.cgi
executable file
·86 lines (72 loc) · 2.3 KB
/
upload.cgi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/usr/bin/python
import os
import cgi
import cgitb
import re
import string
import random
import subprocess
import shutil
import db
import Cookie
import time
import env
def discard(sid):
allProgress = db.get_progress(sid)
if allProgress != None:
db.discard(sid)
for progress in allProgress:
deletePath = os.path.join(env.tmpDir, progress[2]+progress[4])
try:
os.remove(deletePath)
except OSError:
pass
cgitb.enable()
form = cgi.FieldStorage()
print "Content-Type: text/html"
if ('pic' not in form):
print "Status: 301 No file uploaded"
print "Location: /index.cgi?err=1" # no file uploaded
print
elif (not form['pic'].filename):
print "Status: 301 No file selected"
print "Location: /index.cgi?err=2" # no file selected
print
else:
fileitem = form['pic']
(fn, ext) = os.path.splitext(os.path.basename(fileitem.filename))
randomFileName = ''.join(random.choice(string.ascii_lowercase) for i in xrange(1,10))
tmpPath = os.path.join(env.tmpDir, randomFileName + ext)
open(tmpPath, 'wb').write(fileitem.file.read())
cmd = ['identify', tmpPath]
p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(out, err) = p.communicate()
identifyResult = out.split()
try:
fileFormat = identifyResult[1]
except IndexError:
fileFormat = 'NONE'
if not ((re.search(".jpg$", fileitem.filename) and fileFormat == "JPEG") or (re.search(".png$", fileitem.filename) and fileFormat == "PNG") or (re.search(".gif$", fileitem.filename) and fileFormat == "GIF")):
os.remove(tmpPath)
print "Status: 301 No file selected"
print "Location: /index.cgi?err=3" # no file selected
print
else:
nowTime = time.time()
try:
cookieDict = Cookie.SimpleCookie(os.environ['HTTP_COOKIE'])
except KeyError:
cookieDict = Cookie.SimpleCookie()
try:
sessionValue = cookieDict['session'].value
except KeyError:
sessionValue = random.randint(0, 100000)
expireTimestamp = time.time() + 30 * 24 * 60 * 60
expireTime = time.strftime("%a, %d-%b-%Y %T GMT", time.gmtime(expireTimestamp))
cookieDict['session'] = sessionValue
cookieDict['session']['expires'] = expireTime
discard(sessionValue)
db.add_tmp_progress(sessionValue, nowTime, randomFileName, fn, ext)
print cookieDict
print
print '<html><head><meta http-equiv="refresh" content="0; url=editor.cgi"/></head></html>'