[Info-vax] HTTP and HTML File Upload Basics
Jan-Erik Söderholm
jan-erik.soderholm at telia.com
Thu Oct 22 17:04:33 EDT 2020
Den 2020-10-22 kl. 19:43, skrev Simon Clubley:
> On 2020-10-22, Phillip Helbig (undress to reply) <helbig at asclothestro.multivax.de> wrote:
>>
>> What I need now is a procedure to replace DCL_ENV_RM.COM which would
>> copy the file specified in WWW_FLD_DATAFILE to a directory (could be
>> hard-coded) on the machine where the server is running. It would be
>> sufficient if it properly handles just normal text files (even just
>> 7-bit printable ASCII would be enough).
>>
>> Any ideas?
>>
>> Many web sites allow one to browse a list of files on a local disk
>> accessible to the web browser and upload one or more, so this isn't
>> something really bizarre. My guess is that the OSU server would support
>> it. The question is whether it can be done without having to install
>> PHP or whatever. With regard to the scripting language, is there any
>> reason why DCL shouldn't work?
>>
>
> DCL will need access to the POST data, which is where you can find the
> contents of the file.
>
> Since I have never been insane enough to directly connect DCL to a
> public facing URL...
I cannot remember any talks about any "public facing URL" here.
> I have never done this so I don't know what
> information is made available to the command procedure...
As far as I remember from OSU (it must have been 15-20 years since
I switch to the much more capable and up-to-date WASD) there is a
DCL-CGI interface so the OSU server sets up some symbols for you
that helps.
WASD has similar processing help, of course. And probably with more
functionallity.
> or how much
> manual processing of the POST data you would need to do within DCL.
>
> Just use PHP or another scripting language. On other operating systems,
> these scripting languages have full support for this and present the file
> data and other POST data in an easy to access format within your script.
>
> If you continue with DCL, read this before continuing:
>
> https://en.wikipedia.org/wiki/Code_injection#Shell_injection
>
> Simon.
>
More information about the Info-vax
mailing list