Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re: Re: Cgi pm and photo uploads

by mandog (Curate)
on Oct 04, 2003 at 23:29 UTC ( #296603=note: print w/ replies, xml ) Need Help??


in reply to Re: Cgi pm and photo uploads
in thread Cgi pm and photo uploads

Hello sulfericacid

Your script is pretty easy to follow. It does the job. However, there are a few things that could be tweaked

You might put my $localfile at the top of the script. It will be easier to find there when you move the script to another host. Generally it is best to put constants like this at the top of the script.

You might run in taint mode (put -T on the shbang line)

You allow some nasty chars in the user supplied filename. Evil can be done to you with more than semicolons. Better to use the regex's in perldoc perlsec to ban everything except what you explicitly allow.

Having your images directory world writable, is a bit risky. For one thing other users on your server will be able to clobber things.

If it is not set globally, you might also look at $CGI::POST_MAX

Hope this is helpful


Comment on Re: Re: Cgi pm and photo uploads
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://296603]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (9)
As of 2014-09-01 12:15 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite cookbook is:










    Results (6 votes), past polls