Howdy,
This is a snippet that should give you the idea...
#!/usr/bin/perl -w
use strict;
use CGI;
my $query = new CGI;
my $go_switch = $query->param('go_switch');
if ($go_switch){
my $file1 = $query->param('file1');
my $file_type = $query->param('file_type');
if ($file_type eq "jpg" || $file_type eq "gif"){ #only allowing im
+ages here
my $file_mod = "p000001";
if ($file1) { # uploads the first file
my $save_directory = "/var/www/storage/$file_mod.$file_typ
+e";
print "$save_directory<BR>";
my $BytesRead;
my $Buffer;
my $Filename = $file1;
$Filename =~ s/^\.+//;
my $File_Handle = $query->param('file1');
open (OUTFILE,">>$save_directory");
while (my $Bytes = read($File_Handle,$Buffer,1024)) {
$BytesRead += $Bytes;
print OUTFILE $Buffer;
}
close($File_Handle);
close(OUTFILE);
chmod (0666, "$save_directory");
}
}
}
It's not perfect, normally I increment the filename from a datasource and have a broader
variety of files I allow, but I feel by setting the file type and name (and putting in places that are not
executable just in case) and giving the person uploading absolutely
no options at all concerning where it is placed,
how it is named, and what the permissions are, I can sleep with only one ear listening for the emergancy pager...
A necessary evil in the current environment....:(
EEjack
