Kemin Zhou <[EMAIL PROTECTED]> writes: > To the Developers, > > I saw this in the documentation for Apache::Request > > for file upload > > tempname [XXX- Does this mesh with brigade API?] > > Provides the name of the spool file. This method is reserved for > debugging purposes, and is possibly subject to change in a future > version of Apache::Request. > > From a user's point view, this methods has to be available to the > users and not removed in the future.
[...] Despite my past grumblings to the contrary, I've added support for tempname to httpd-apreq-2's current-cvs. I don't know what sort of security implications you are concerned about, but perhaps the best thing to do is simply not use tempname, instead using link() - and then delete the linked file yourself once the external app is done with it. -- Joe Schaefer -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html