Project:LayserCake
From London Hackspace Wiki
People on IRC expressed a wish to use this as an example for security auditing, so here it is.
Audit away.
Please don't make me cry.
#!/usr/bin/perl -w
use strict;
use CGI;
use CGI::Carp qw(fatalsToBrowser warningsToBrowser);
#use List::Util qw(max min);
my $q = CGI->new();
print $q->header;
print $q->start_html;
print $q->p("this is a thing for doing threshholding");
print $q->p("<small>or possibly <i>thresholding</i>?</small>");
print $q->start_form( -enctype => "multipart/form-data" );
print $q->p("file");
print $q->filefield('uploaded_file');
print $q->submit();
print $q->end_form;
# do we have an upload?
my $filehandle = $q->upload('uploaded_file');
if (defined $filehandle) {
# do shit
print $q->p("I'm doing shit");
# no, actually do shit
my ($filename, $extension) = ($q->param('uploaded_file') =~ /^([0-9A-Za-z_-]+)\.([0-9A-Za-z_-]+)$/);
die "no stupid filenames" unless ($filename and $extension);
my $tempfile = $q->tmpFileName($q->param('uploaded_file'));
foreach my $i (0 .. 7) {
my $n = 2 ** $i;
my $outfile = "$filename"."_$i.$extension";
my @ar = ("gm",
"convert",
"-operator", "Gray", "And", $n ,
"-operator", "Gray", "Threshold", $n - 1 ,
$tempfile,
"/var/www/threshold_output/$outfile" );
print $q->p("$i : " . join " ", @ar);
system(@ar) == 0 or die "system call failed: $? $!"; #safer than passing a string to system(),
# because doing it this way bypasses the shell
print $q->img({src => "/threshold_output/$outfile"});
}
}
print $q->end_html;
--AndyE 13:00, 13 January 2011 (UTC)
