hello.

I'm using the method below - a bit simplified here but functionally the same - to create the path to a file I'm about to save, if it isn't there already. It works well enough, but I'm concerned that it should be as safe as possible and I'm sure there will be dangers I haven't considered. All suggestions and criticisms most gratefully received, especially if they take the form 'use File::Something, as any fule kno'.

Package My::Page;
use File::Basename;

#...

sub _create_path {
    my $self = shift;
    my (undef, $directories, undef) = fileparse( $self->url, '\.\w+' )
+;

    my $path = $self->config->get('base_path');
    chdir $path;

    for (split('/', $directories)) {
        next unless $_;
        $path .= "/$_";
        if (-e && ! -d) {
            $self->log_error("$path already exists and is not a direct
+ory.");
            return;
        }
        if (-l) {
            $self->log_error("$path already exists and is a symlink.")
+;
            return;
        }
        unless (-e && -d || mkdir $path) {
            $self->log_error("failed to mkdir $path: $!");
            return;
        }
        unless (chdir $path) {
            $self->log_error("failed to chdir to $path: $!");
            return;
        }
    }
    return 1;
}
[download]

nb. the path to the file has been untainted (but only on input), and it all runs under an suexec'd apache, so the normal umask for mkdir is fine. It's generally called as $page->_create_path || grumble(), hence the return values. And I'm a bit torn between using relative and absolute paths, as you can see. One is better for error messages, the other for tests. Oh well.

thanks. hope this isn't another question that was answered two days ago.