Geoffrey Young wrote:
>
> > Note: If you ever use them in file posts, don't forget to clean the file
> > names, especially when it comes from Windows machine...
> >
>
> I've found this to be reasonably portable for getting just the
> filename (sans path) - YMMV
>
> my ($name) = $upload->filename =~ m!([^/\\]*$)!;
Erm.. portable maybe, (MacOS?) but what about secure? That lets through
shell meta-characters, which may or may not be a problem. (What if the
filename is '|mail%20cracker@somewhere'?)
I'm inclined to be a little more restrictive:
my ($name) = $upload->filename =~ m!([^\w\.]*$)!;
(And even then, that's not secure under windows - NUL, LPT1, etc.)
Steve
--
Steve Piner
Web Applications Developer
Marketview Limited
http://www.marketview.co.nz
