http://qs1969.pair.com?node_id=700769


in reply to Re: CGI Form File Upload Read Problem
in thread CGI Form File Upload Read Problem

Sorry, I misread the code. Please ignore this post (or reap it, if you feel like).

Whoa there, don't ever dare to recommend that again.

Letting a user of a CGI script specify an arbitrary file name, and use that file to name write without any checks (and in the two argument form of open, to make things worse) is one of the scariest things you can do when writing CGI scripts.

Even when you do some verification on the file name it's notoriously hard to get it right. I'd recommend to generate file names in your script, perhaps with File::Temp.