Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re: Re: Security issues when allowing file upload via CGI

by Aighearach
on Dec 07, 2001 at 00:19 UTC ( #130051=note: print w/ replies, xml ) Need Help??


in reply to Re: Security issues when allowing file upload via CGI
in thread Security issues when allowing file upload via CGI

There is no control there in how it is transfered, assuming it is POSTing it from a web form. It's browser dependent, and browsers send differnt sorts of things. So you have to munge the filename anyways. But you want to do it anyways, because different OSes have different filename standards.

in my web upload scripts, I use this:

$filename =~ tr{:\\}{/}; # convert mac and windows directory sep +erators to unix style $filename =~ s{.*/}{}g; # strip everything before the last sepe +rator $filename =~ s{[^\w\-\.]}{}go; # remove funny characters

--
Snazzy tagline here


Comment on Re: Re: Security issues when allowing file upload via CGI
Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://130051]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (9)
As of 2014-12-19 09:32 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (75 votes), past polls