Re: File Upload Security Question

in reply to File Upload Security Question

A few thoughts:

The $file variable which is the second parameter being passed in never gets used anywhere. I don't know if this is because the part of the code using it has been stripped out though.

The $data variable, third parameter passed in, just gets overwritten in the while loop. Again, maybe something important has been stripped from the code that I'm missing.

I don't see how $filename is a symbolic reference. A symbolic reference only occurs when you're using one variable's value to get the name for another variable. The code worked fine for me without the 'no strict' lines.

The danger in this code lies in the open call. open allows some powerful constructs in it, such as piping output to another program, redirecting output, etc. Take a look at perlsec for a detailed description.

Comment on Re: File Upload Security Question

Replies are listed 'Best First'.
RE: Re: File Upload Security Question by Ovid (Cardinal) on Jun 11, 2000 at 01:16 UTC
The issues with the $file and $data variables that you pointed out were caused by my stripping this down to a minimal test case and overlooking them. You mentioned that you had no problem using the code without the "no strict" lines. Were you using this to upload a file from a Web page and using CGI.pm? That's where I seem to get the symbolic reference problem. I'll take a closer look at the perlsec doc and see if it addresses the problem. Thanks.	[reply]

Replies are listed 'Best First'.

RE: Re: File Upload Security Question
by Ovid (Cardinal) on Jun 11, 2000 at 01:16 UTC

You mentioned that you had no problem using the code without the "no strict" lines. Were you using this to upload a file from a Web page and using CGI.pm? That's where I seem to get the symbolic reference problem.

I'll take a closer look at the perlsec doc and see if it addresses the problem. Thanks.

[reply]

In Section Seekers of Perl Wisdom