################################ package CGI::Safe; ################################ $VERSION = 1.0; use strict; use Carp; use CGI; use Exporter; use vars qw/ @ISA @EXPORT_OK/; @ISA = qw/ CGI Exporter /; @EXPORT_OK = qw/ get_upload /; INIT { # Establish some defaults delete @ENV{ qw/ IFS CDPATH ENV BASH_ENV / }; # Clean up our Environment $CGI::DISABLE_UPLOADS = 1; # Disable uploads $CGI::POST_MAX = 512 * 1024; # limit posts to 512K max } sub new { my ( $self, %args ) = @_; $CGI::DISABLE_UPLOADS = $args{ DISABLE_UPLOADS } if exists $args{ DISABLE_UPLOADS }; $CGI::POST_MAX = $args{ POST_MAX } if exists $args{ POST_MAX }; return ( exists $args{ source } ) ? CGI::new( $self, $args{ source } ) : CGI::new( $self ); } sub get_upload { my $self; $self = shift if ref $_[0]; # can be tossed because hash keys can't be refs # this will occur if called in OO fashion my %specs = @_; if ( ! exists $specs{ cgi } ) { if ( defined $self ) { $specs{ cgi } = $self; } else { # Here, we're holding our breath and praying this doesn't break in future releases. # CGI.pm uses objects internally, even if called through the functional interface. # self_or_default returns that object $specs{ cgi } = &CGI::self_or_default; } } # if the cgi value is not a reference and not a cgi object ... # This should *not* occur if ( ! ( ref $specs{ cgi } and $specs{ cgi }->isa( 'CGI' ) ) ) { croak '"cgi => $cgi_obj": The \'cgi\' value was not a CGI object'; } croak '&get_upload expects a hash with "file_name => $file_name"' unless exists $specs{ file_name }; my %data = ( error => 0, file => undef, format => undef ); # Not using CGI::upload as I've had (and seen) problems with various versions of this my $fh = $specs{ cgi }->param( $specs{ file_name } ); if ( $specs{ cgi }->cgi_error ) { $data{ error } = 'Error uploading file: ' . $specs{ cgi }->cgi_error; return \%data; } if ( ! defined $fh ) { $data{ error } = 'No file uploaded.'; carp "No file uploaded. Did you remember 'enctype=\"multipart/form-data\"' in your