Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Other half of 'CGI file upload'
- Rainer Weikusat
June 24, 2011, 8:14 pm
rate this thread
'post file to CGI script' script I posted earlier. It will put the
content of the 'data' parameter into the file /tmp/out.
$cgi = CGI->new();
open($fh, '>', '/tmp/out');
print $fh ($cgi->param('data'));
Re: Other half of 'CGI file upload'
RW> Additional warning: This must not be used on a system with untrusted
RW> and possibily maliscious users because it will happily kill whatever a
RW> possibly existing symlink /tmp/out points to provided the user the
RW> script runs as can write to it.
Yes, plus it does no validation of the data or checking of the upload
size (when /tmp fills up it won't be fun). Any time you take data from
a remote source and blindly write it locally, you have security and DoS
risks. That's why I suggested any of the million existing file upload
solutions like WebDAV, which have already done the hard work.
- » Posting Guidelines for comp.lang.perl.misc ($Revision: 1.9 $)
- — Previous thread in » PERL Discussions