What you will need to do to avoid an unsafe file or path name will depend on what sorts of file names you are expecting, and what areas you consider safe. If your filenames are simple, just requiring that they match ^\w+$ should be OK. If they can contain more characters than that, you will need something more complicated, but the basic things are to exclude / and make sure your filename isn't all dots.
That's likely to be easier than trying to safely open a pathname and then make sure it is safe.
Also, consider using taint mode in your script. That would require you to sanitize filenames before opening them, halting your program if you forgot. It's a good safety net for any program manipulating the filesystem on behalf of Internet users.
Hope this helps!
by assuming the directory is safe and then figuring out where you really are in the filesystem to make sure it's not what you expect.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.
| & || & |
| < || < |
| > || > |
| [ || [ |
| ] || ] ||