in reply to Designing storage of uploaded files

security-wise, the lines:

$file_name =~ s/.*[\/\\](.*)/$1/;

and

open(SAVEPDB,">$directory/${file_name}_${md5file}")
             or die $!;

[download]

concern me. it's a good idea to use taint mode and do something more like:

if($file_name =~ /(\w+\.?\w+)$/) {
   $file_name = $1;
} else {
   die "invalid and possibly dangerous characters in filename."
}

[download]

where you explicitly limit the characters that can be in the filename.

anders pearson

In Section Seekers of Perl Wisdom