Project:LayserCake
From London Hackspace Wiki
http://hack.rs/cgi-bin/threshold_grayscale.pl
People on IRC expressed a wish to use this as an example for security auditing, so here it is.
Audit away.
Please don't make me cry.
#!/usr/bin/perl -w use strict; use CGI; use CGI::Carp qw(fatalsToBrowser warningsToBrowser); #use List::Util qw(max min); my $q = CGI->new(); print $q->header; print $q->start_html; print $q->p("this is a thing for doing threshholding"); print $q->p("<small>or possibly <i>thresholding</i>?</small>"); print $q->start_form( -enctype => "multipart/form-data" ); print $q->p("file"); print $q->filefield('uploaded_file'); print $q->submit(); print $q->end_form; # do we have an upload? my $filehandle = $q->upload('uploaded_file'); if (defined $filehandle) { # do shit print $q->p("I'm doing shit"); # no, actually do shit my ($filename, $extension) = ($q->param('uploaded_file') =~ /^([0-9A-Za-z_-]+)\.([0-9A-Za-z_-]+)$/); die "no stupid filenames" unless ($filename and $extension); my $tempfile = $q->tmpFileName($q->param('uploaded_file')); foreach my $i (0 .. 7) { my $n = 2 ** $i; my $outfile = "$filename"."_$i.$extension"; my @ar = ("gm", "convert", "-operator", "Gray", "And", $n , "-operator", "Gray", "Threshold", $n - 1 , $tempfile, "/var/www/threshold_output/$outfile" ); print $q->p("$i : " . join " ", @ar); system(@ar) == 0 or die "system call failed: $? $!"; #safer than passing a string to system(), # because doing it this way bypasses the shell print $q->img({src => "/threshold_output/$outfile"}); } } print $q->end_html;
--AndyE 13:00, 13 January 2011 (UTC)