Project:LayserCake

From London Hackspace Wiki
Revision as of 14:12, 13 January 2011 by AndyE (talk | contribs)

http://hack.rs/cgi-bin/threshold_grayscale.pl

People

Source

People on IRC expressed a wish to use this as an example for security auditing, so here it is. Will transfer it to git when I 'git' time.

Audit away.

Please don't make me cry.


#!/usr/bin/perl -w
use strict;
use CGI;
use CGI::Carp qw(fatalsToBrowser warningsToBrowser);
#use List::Util qw(max min);

my $q = CGI->new();

print $q->header;
print $q->start_html;

print $q->p("this is a thing for doing threshholding");
print $q->p("<small>or possibly <i>thresholding</i>?</small>");

print $q->start_form( -enctype => "multipart/form-data" );

print $q->p("file");
print $q->filefield('uploaded_file');
print $q->submit();

print $q->end_form;

# do we have an upload?
my $filehandle = $q->upload('uploaded_file');
if (defined $filehandle) {

    # do shit
    print $q->p("I'm doing shit");

    # no, actually do shit
    my ($filename, $extension) = ($q->param('uploaded_file') =~ /^([0-9A-Za-z_-]+)\.([0-9A-Za-z_-]+)$/);
    die "no stupid filenames" unless ($filename and $extension);
    my $tempfile = $q->tmpFileName($q->param('uploaded_file'));

    foreach my $i (0 .. 7) {

        my $n = 2 ** $i;

        my $outfile = "$filename"."_$i.$extension";

        my @ar = ("gm",
                  "convert",
                    "-operator", "Gray", "And", $n ,
                    "-operator", "Gray", "Threshold",  $n - 1  ,
                  $tempfile,
                  "/var/www/threshold_output/$outfile" );

        print $q->p("$i : " . join " ", @ar);

        system(@ar) == 0 or die "system call failed: $? $!"; #safer than passing a string to system(),
                                                             # because doing it this way bypasses the shell

        print $q->img({src => "/threshold_output/$outfile"});
    }
}


print $q->end_html;

--AndyE 13:00, 13 January 2011 (UTC)

How-to