On 2005-12-13, Jeff MacDonald <[EMAIL PROTECTED]> wrote:
> Well,
>
> I've found the issue, and this was a bit shocking but that's what I
> get for reading source..
>
> File::Temp->tempfile uses the current directory unless you tell it otherwise.
>
> So I changed line 611 of Uploader.pm to read this
>
> my ($tmp_fh, $tmp_filename) = tempfile('CGIuploaderXXXXX', UNLINK => 1
> , DIR => File::Spec->tmpdir() );
>
> I"ll be submitting a patch for this next week.Rob Kinyon suggested patching or upgrading File::Temp. That does seem like a better place to fix the problem. It's also a wishlist item for CGI::Uploader: http://rt.cpan.org/NoAuth/Bug.html?id=14493 I'll accept a patch to Uploader anyway, though. > That brings me to another issue. CGI::Uploader uses File::MMagic to > detect the mime type and thus the extension of a file. > > Well, it does a horrible job with excel files for one, mistaking them > for msword files. > > Mark, I"d like to modify Uploader to either get the mime type from the > query object -OR- I may just muck with the section that uses > File::MMagic, maybe change up the order of which tests get run first > to figure it out. > > Do you have any gotcha's or suggestions I should look at to keep this > backwards compatible, or do you think it should be changed at all. This is a tricky issue. I wish File::MMagic just worked better. I default to detecting the mime type ourself for better security-- I would rather not trust the MIME type provided. However, if File::MMagic is wrong, that's a problem too. (And I've seen it be wrong myself). I suppose I'm not adverse to preferring the uploaded MIME type if it's available. People will have to be careful not to trust the file based on its MIME type elsewhere in their applcations (which they should be doing anyway). Are you using 1.0 or 1.1_1 ? That developer release has been out for so long, I was considering upgrading it to stable in the the next few days. Mark -- http://mark.stosberg.com/ --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/[email protected]/ http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
