GadgetSteve/cgi-post.py

## cgi-post.py
#!/usr/bin/env python

"""
This script is based on https://cgi.tutorial.codepoint.net/file-upload but with changes as needed.

To use:
 - Download the web page to be debugged.
 - Edit it to replace `action="/cgi-bin/cgi-post"` with `action="/cgi-bin/cgi-post.py"` (on Windows on Linux you can simply rename this file to not have .py at the end.
 - place in a cgi-bin subdirectory of the one where you saved the web page
 - start a simple web server with ` python -m http.server 8001 --bind localhost --cgi`
 - browse to http://localhost:8001/factory_page.html or whatever the file is called.
 - Fill in and submit the form.
"""
import cgi, os
# Enable browser based CGI debugging
import cgitb;
cgitb.enable()

try: # Windows needs stdio set for binary mode.
    import msvcrt
    msvcrt.setmode (0, os.O_BINARY) # stdin  = 0
    msvcrt.setmode (1, os.O_BINARY) # stdout = 1
except ImportError:
    pass

form = cgi.FieldStorage()
message = "<H1>Form Submitted!</H1>"
message += "<P>Form Fields: " +", ".join(form.keys()) + "</P><UL>"
for k in form.keys():
    message += f"<LI>{k}:{form[k]}</LI>"
message += "</UL>"
# A nested FieldStorage instance holds the file - the name will depend on the form
if 'updatefilename' in form:
    fileitem = form['updatefilename']

    # Test if the file was uploaded
    if fileitem.filename:

        # strip leading path from file name
        # to avoid directory traversal attacks
        fn = os.path.basename(fileitem.filename)
        # Ucomment the following line if you would like to actually save the uploaded file
        #open('files/' + fn, 'wb').write(fileitem.file.read())
        filelen = len(fileitem.file.read())
        message += f'<P>The file "{fn}" was uploaded successfully with {filelen} bytes.</P>'

    else:
        message = '<P>No file was uploaded</P>'

print ("""\
Content-Type: text/html\n
<html><body>
%s
</body></html>
""" % (message,))
	#!/usr/bin/env python

	"""
	This script is based on https://cgi.tutorial.codepoint.net/file-upload but with changes as needed.

	To use:
	- Download the web page to be debugged.
	- Edit it to replace `action="/cgi-bin/cgi-post"` with `action="/cgi-bin/cgi-post.py"` (on Windows on Linux you can simply rename this file to not have .py at the end.
	- place in a cgi-bin subdirectory of the one where you saved the web page
	- start a simple web server with ` python -m http.server 8001 --bind localhost --cgi`
	- browse to http://localhost:8001/factory_page.html or whatever the file is called.
	- Fill in and submit the form.
	"""
	import cgi, os
	# Enable browser based CGI debugging
	import cgitb;
	cgitb.enable()

	try: # Windows needs stdio set for binary mode.
	import msvcrt
	msvcrt.setmode (0, os.O_BINARY) # stdin = 0
	msvcrt.setmode (1, os.O_BINARY) # stdout = 1
	except ImportError:
	pass

	form = cgi.FieldStorage()
	message = "<H1>Form Submitted!</H1>"
	message += "<P>Form Fields: " +", ".join(form.keys()) + "</P><UL>"
	for k in form.keys():
	message += f"<LI>{k}:{form[k]}</LI>"
	message += "</UL>"
	# A nested FieldStorage instance holds the file - the name will depend on the form
	if 'updatefilename' in form:
	fileitem = form['updatefilename']

	# Test if the file was uploaded
	if fileitem.filename:

	# strip leading path from file name
	# to avoid directory traversal attacks
	fn = os.path.basename(fileitem.filename)
	# Ucomment the following line if you would like to actually save the uploaded file
	#open('files/' + fn, 'wb').write(fileitem.file.read())
	filelen = len(fileitem.file.read())
	message += f'<P>The file "{fn}" was uploaded successfully with {filelen} bytes.</P>'

	else:
	message = '<P>No file was uploaded</P>'

	print ("""\
	Content-Type: text/html\n
	<html><body>
	%s
	</body></html>
	""" % (message,))