Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re(4) (ichimunki): Security issues when allowing file upload via CGI

by dmmiller2k (Chaplain)
on Dec 07, 2001 at 01:50 UTC ( #130085=note: print w/ replies, xml ) Need Help??


in reply to Re: Re(2) (ichimunki): Security issues when allowing file upload via CGI
in thread Security issues when allowing file upload via CGI

Sigh.

Yes, you're right about $fn being tainted, but I was speaking more to the principle of using the standard *NIX command, "file" (or reasonable facsimile, such as the perl module File::MMagic, for example) to check the type of the file by examining the first several bytes (or more).

Certainly, by the time I intended this code to run, a file would have been uploaded to some directory somewhere. My expectation was that $fn would, at the time of the call, contain the full pathname to this file, and would not necessarily have been entered directly by a web-page user.

But then, I DID fail to document these expectations (read: preconditions, using programming-by-contract terminology), so I deserve to be chastised for it.

(takes 40 lashes with a wet noodle)

dmm


You can give a man a fish and feed him for a day ...
Or, you can teach him to fish and feed him for a lifetime


Comment on Re(4) (ichimunki): Security issues when allowing file upload via CGI
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://130085]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (11)
As of 2014-07-25 12:54 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (171 votes), past polls