Joby Jones wrote:
> Hello all,
> I have a question about the CGI upload()
> function.
>
> Why does it return a valid file handle to a file
> that does not exist on the client (web browser)
> machine, and what's the best way to handle this?
>
Presumably because this is really a client side error. It is not an
error to upload a zero length file, a file could need to be created but
empty, and you could want to have a program do that. So it is not
unreasonable to think that a file upload could be empty, which means CGI
has to handle the case where a file is uploaded but empty. Chances are
good the browser is creating the proper HTTP request despite the "local"
file not existing, but to me that is a browser fault. CGI just sees the
header that says there is a file coming, then no data so it creates the
file, puts nothing in it, and happily crunches along.
>
> Details:
> --------
>
> 1. A user enters a nonexistent file name in an upload
> field in a form handled by my cgi script. (E.g. on
> windows c:\uplaodthis.txt <-- note typo).
>
> 2. My cgi script does something like this:
>
> my $q = new CGI;
> if(defined($q->param('Upload'))){
> my $upload_file_handle =
> $q->upload('upload_file');
> if(defined($upload_file_handle)){
> print "Valid file handle to empty file is:\n" .
>
> Dumper($upload_file);
> }
> }
>
>
> 3. It outputs:
> "Valid file handle ...
> $VAR1 = bless( \*{FH::uplaodthis.txt ...}, 'Fh' );"
>
>
>
> What to do?
> -----------
>
> Currently, I write out all valid file handles (checked
> for basic security problems as described in perlsec).
> If the file is zero length, I delete it and report an
> error. Which just isn't very satisfying.
>
Why is it not satisfying? It is a requirement of yours that the file not
be empty NOT the CGI world at large, so this is an error you should be
handling. Sounds like you are doing a fine job.
> What am I missing?
> Is there a better way?
Doubtful. You could write a web server module to handle the case at the
front end of the request but the only thing that really saves is a
little processing time, you still have a server side error to throw.
>
>
>
> All advice and documentation pointers (beyond 'CGI'
> :-) appreciated.
>
I say move on and work on bigger problems. Faulty user input, is well
the fault of the user. Let them deal with the consequences of having to
resubmit the form, assuming your error message is clear.
http://danconia.org
> Thanks,
> joby
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
