So if I am saving say client.js you are first saving this file to something called file.$$ then you save it to client.$$
How would you then show to the user the file info so that others can view the information? -----Original Message----- From: Scott Chapman [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 13, 2001 11:07 AM To: Boyd, David; EmbPerl News Group (E-mail); Gerald Richter Subject: Re: Using the Upload Example Just something to consider. There can be security problems when you save a file to the name the user chose. If they upload a .pl file for example and then manange to call it as a CGI script.... you get the idea? When I upload a file, I either save it to a fixed name, if this is applicable, (known to me only - not given to the user) or do this: open FILE, "> /path_to/uploads/file.$$"; binmode FILE; print FILE $buffer while read($fdat{ImageName}, $buffer, 32768); close FILE; open FILE, "> /path_to/uploads/original_file_name.$$"; print FILE "$fdat{ImageName}"; close FILE; On 13 Dec 2001, at 5:30, Gerald Richter wrote: --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
