Software, your way.
How To Get Good Custom Software
(Download)
(PDF)
burger menu icon
WillMaster

WillMaster > LibrarySnooping (Information Retrieval)

FREE! Coding tips, tricks, and treasures.

Possibilities weekly ezine

Get the weekly email website developers read:

 

Your email address

name@example.com
YES! Send Possibilities every week!

Viewing Files in Your CGI Directory

If you should find yourself wanting to monitor a log file or database in your CGI directory, yet don't want to download the file every time just to view it, this article contains an answer.

This can also be a solution in situations where you have a client who can't use FTP yet wants to view data files in the CGI directory.

On most servers, only CGI scripts may be accessed in the CGI directory. Other files are forbidden to browsers. This ten-line Perl program, however, will display any plain text file in the CGI directory (including Perl CGI programs): 

#!/usr/bin/perl
use strict;
my $File = 'data.txt';
print "Content-Type: text/html\n\n<html><body><pre>";
open R,"<$File";
my $p = join '',<R>;
close R;
$p =~ s/</&lt;/g;
$p =~ s/>/&gt;/g;
print "$p</pre></body></html>";

Ensure the first line points to Perl on your server and the third line specifies the file you want to view. If the file is in a directory other than where the program is installed, the directory path must also be specified.

Name the script whatever you want, so long as it has the file extension your server expects for CGI programs. Upload the script, set permissions to 0755, and type the script's URL into your browser. Example: 

http://domain.com/cgi-bin/script.cgi

Bookmark the URL and you can use your browser to view the file whenever you desire.

Admittedly, the above program is limited in that it will display only one specific file. It is, however, secure. If anyone should happen upon your URL, the only file they can view is the one the script will display.

If you have only a few files for display in your browser, you may wish to upload a copy of the above program for each file (just change the third line of the scripts). However, if you have numerous files for display or would rather have a more sophisticated program, you'll find a solution below.

Because the next program will display files that you name in the program's URL, two security issues are addressed:

  1. A password is required to view a file. When a file is requested, the password must be sent with the request. The page is displayed only if the sent password matches the password specified in the script. Without this feature, anyone having the URL to your script could view any file in your CGI directory.
     
  2. Only files in the directory and sub-directories where the program is installed may be viewed. If the URL to your script is obtained and your password found out, this feature prevents viewing files in other locations, some of which might contain sensitive information.

Here is the script: 

#!/usr/bin/perl
use strict;
my $Password = 'myPW';
my($PW,$File) = split /\=/,$ENV{QUERY_STRING},2;
print "Content-Type: text/html\n\n<html><body>\n";
if($File) { &PrintFile; }
else { &PrintInstructions; }
print '</body></html>';

sub PrintFile
{
   unless($PW eq $Password)
   {
      print '<h4>Boo!</h4>';
      &PrintInstructions;
      return;
   }
   my $currentdir = $ENV{SCRIPT_FILENAME};
   $currentdir =~ s!^(.*)/.*?$!$1!;
   if($currentdir =~ /\w/) { $currentdir .= '/'; }
   else { $currentdir = ''; }
   $File =~ s!^[./]+!!;
   $File = "$currentdir$File";
   unless(open R,"<$File")
   {
      print "<h4>Couldn't open file $File</h4>";
      &PrintInstructions;
      return;
   }
   my $p = join '',<R>;
   close R;
   $p =~ s/</&lt;/g;
   $p =~ s/>/&gt;/g;
   print "<pre>$p</pre>\n";
} # sub PrintFile

sub PrintInstructions
{
   print <<END_OF_INSTRUCTIONS;
<center><h3>I N S T R U C T I O N S</h3></center>
<p>Type the URL of the script into your browser, 
followed by ?PASSWORD=FILENAME</p>
<p>Replace PASSWORD with the password you specified 
in the script. Replace FILENAME with the file name 
of the file you want to view. If the file is in a 
directory other than where the script resides, the 
file name must include the directory path relative 
to the script.</p>
<p>For example, if your password was "myPW" and 
your file was "data.txt," the URL would be:</p>
<pre>
http://domain.com/cgi-bin/script.cgi?myPW=data.txt
</pre>
END_OF_INSTRUCTIONS
} # sub PrintInstructions

# END OF SCRIPT

Ensure the first line points to Perl on your server and the third line specifies your password.

Give the script any acceptable file name and upload it. Set permissions to 0755. Then type the program's URL into your browser.

The program will present instructions.

There you have it, a nice little utility that can be invaluable in certain situations. You may want to save this article or remember WillMaster.com as the source for this and many other programs.

Will Bontrager

Was this article helpful to you?
(anonymous form)

Support This Website

Some of our support is from people like you who see the value of all that's offered for FREE at this website.

"Yes, let me contribute."

Amount (USD):

Tap to Choose
Contribution
Method

All information in WillMaster Library articles is presented AS-IS.

We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.

More "Snooping (Information Retrieval)" Articles

Easier Reading of JSON Data

Check SSL Certificate

Find Phrase

Other Recent Articles from the Library

Keeping Image Location Secret

Fixed Position Image

Visually Centering Images

Cookie Directory Protection

Strong Form Protection From Bots

How Can We Help You? balloons
How Can We Help You?
bullet Custom Programming
bullet Ready-Made Software
bullet Technical Support
bullet Possibilities Newsletter
bullet Website "How-To" Info
bullet Useful Information List

© 1998-2001 William and Mari Bontrager
© 2001-2011 Bontrager Connection, LLC
© 2011-2024 Will Bontrager Software LLC