I have gotten file upload working using Apache::Request for
text files. But binary files seem to have other ideas :-)
For example, uploading a word doc, I get a success message,
but when I retrieve the doc after uploading it, and try to open it in
Word 2000, I get the popup error message:
"The document name or path is not valid... etc"
Do I need to do anything to detect the content type of the file and
set binary versus ascii transfers? The man page for Apache::Request
talks about type, but not how to set the transfer.
In case I have done something silly in my code, here is a section in which
I untaint the filename, and also remove the leading c:\path\to\file info
(for windows uploads) or similar /path/to/file for unix uploads:
# now let's untaint the filename itself
if ($data{'up_filename'} =~ /^([-\@\/\w\:\\.]+)$/) {
$data{'up_filename'} = $1;
my $cleanfile = $data{'up_filename'};
$cleanfile = $1; # $cleanfile now untainted
$cleanfile =~ s#\.\.##g;
$cleanfile =~ s[//][/]g;
# take out windows backslashes
if ($cleanfile =~ /\\/) {
my @parts = split ( /\\/, $cleanfile );
$cleanfile = pop @parts;
}
# take out unix forward slashes
if ($cleanfile =~ /\//) {
my @parts = split ( /\//, $cleanfile );
$cleanfile = pop @parts;
}
$data{'up_filename'} = $cleanfile;
}
And then:
my $fh = $upload->fh;
my @file = <$fh>;
open ( WRITEFILE, ">$data{'write_dir'}/$data
{'up_filename'}" ) or die "couldn't open $data{'up_filename'} for writing:
$! \n";
print WRITEFILE "@file";
close (WRITEFILE);
Any insight greatly appreciated.
/dennis
---------------------------------------------------------------------------
Office phone: 817-762-8304
---------------------------------------------------------------------------
"Great leaders never tell people how to do their jobs.
Great leaders tell people what to do and establish a
framework within which it must be done.
Then they let people on the front lines,
who know best, figure out how to get it done."
~ General H. Norman Schwarzkopf
