|
|
|
| "be consistent" | |
| PerlMonks |
comment on |
| ( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
|
hm ok.. but thats not new to me.. the code i show you is only part of an package. the cgi object lies in the main. for that itīs not a scoping issue. :) Um, if you know this is bad way to code (multiple exit points, action at a distance, not maintainable), why continue to use globals like that and call exit? my $filename = $q->param('upload_file'); gives exactly the filename of the uploaded file. but not full qualified. Except that it only gives what the browser sends, and the browser can send anything, including a full path full of dots, or anything at all. You're trusting the browser/user to not be evil. Don't trust, code so as to protect yourself. Full path for uploaded file, Security issues when allowing file upload via CGI, use taint and launder dirty data but the filehandle is empty. thats what i want to fix. Do you have the latest version of CGI? You should. Then, if filehandle is still empty, there must be something in cgi_error or in server logs i want to know what this function do Well, see both CGI documentation and sourcecode and you'll know :) its undef on error
In reply to Re^3: @CGI $q->upload() doesnt work properly
by Anonymous Monk
|
|