Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW

Re: Re: Security issues when allowing file upload via CGI

by Aighearach
on Dec 07, 2001 at 00:19 UTC ( #130051=note: print w/replies, xml ) Need Help??

in reply to Re: Security issues when allowing file upload via CGI
in thread Security issues when allowing file upload via CGI

There is no control there in how it is transfered, assuming it is POSTing it from a web form. It's browser dependent, and browsers send differnt sorts of things. So you have to munge the filename anyways. But you want to do it anyways, because different OSes have different filename standards.

in my web upload scripts, I use this:

$filename =~ tr{:\\}{/}; # convert mac and windows directory sep +erators to unix style $filename =~ s{.*/}{}g; # strip everything before the last sepe +rator $filename =~ s{[^\w\-\.]}{}go; # remove funny characters

Snazzy tagline here

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://130051]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (4)
As of 2016-10-25 01:16 GMT
Find Nodes?
    Voting Booth?
    How many different varieties (color, size, etc) of socks do you have in your sock drawer?

    Results (313 votes). Check out past polls.