Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

Re: Thoughts on file upload...

by mikeirw (Pilgrim)
on Nov 20, 2002 at 15:20 UTC ( #214478=note: print w/replies, xml ) Need Help??

in reply to Thoughts on file upload...

Not really security related per se, but I think that it's wise to set a maximum file size that you'll accept so that someone doesn't try to fill up your disk.

You can do this easily (if you're using with something like:

# Limit file sizes to 1 MB use constant MAX_FILE_SIZE => 1_048_576; $CGI::POST_MAX = MAX_FILE_SIZE;

You may also want to set a size limit on the directory that is holding the uploaded files. This could be done with something like:

# 100 MB limit on the size of the upload dir use constant MAX_DIR_SIZE => 100 * 1_048_576; sub dir_size { my $dir = shift; my $dir_size = 0; my $file; # Loop through files and sum the sizes; doesn't descend down subdi +rs. opendir DIR, $dir or die "Unable to open $dir: $!\n"; $dir_size += -s "$dir/$file" while defined( $file = readdir DIR ); closedir DIR; return $dir_size; } die 'Upload directory is full.' if ( dir_size('/path/to/dir') + $ENV{CONTENT_LENGTH} > MAX_DIR_SIZE +);

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://214478]
[choroba]: Sane people don't use csh
[marioroy]: the 1>&2 will work, not shown
[marioroy]: sorry, did not know which if cmd.exe or unix (bash)
[choroba]: csh considered harmful
[erix]: no, I'm using bash :)
[marioroy]: :)
[marioroy]: I use the default and happens to be bash
[erix]: heh, I like the "Resolved" (Christiansen is really funny)
Discipulus is makita a reincarnation of grinder?
[erix]: I probably also need to understand TAP a bit better than I do

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (9)
As of 2017-03-23 08:27 GMT
Find Nodes?
    Voting Booth?
    Should Pluto Get Its Planethood Back?

    Results (285 votes). Check out past polls.