Brett Sanger wrote:
>
> Off hand, I'm not sure what is wrong with your code. Here's a segment
> from a program I have that does it. Note that Taint checking is your
> friend, and that you should be very careful what you let the user pass
> through:
>
> sub Upload_File {
> my $self = shift;
> my $q = $self->query();
> my $tainted_filename = $q->param('Incoming_File');
> return $self->Default_Page() unless $tainted_filename;
> my $untainted_filename = $tainted_filename;
> $untainted_filename=~s/.*[\/\\]//;
> ($untainted_filename) = $untainted_filename =~ /([\w][\w-_. ]*)/; #detaint
> if($untainted_filename){
> my $fh = $q->upload('Incoming_File');
> if (not $fh){
> $self->append('Message',"$tainted_filename had an error<br>");
Hello Brett,
Would you might sharing how your append() method works? It looks like it
could be a useful part of an error handling system.
-mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
