I've been working with file uploads via CGI for a while now. To protect against large files, you /can/ limit the file size that the user is allowed to upload. I think you'd probably use $CGI::POST_MAX=1024 * 100; # max 100K at the top of your script. That way no file over 100k will be uploaded and if it's tried, it'll throw an error at them.

As for making sure it's a text file. My method doesn't test securely but it does check to make sure the filename is whatever you want. (doesn't mean they can't upload an exe and call it log.txt, mind you). Here's the snippet I use in all my upload scripts (change it to fit your needs):

my $type = uploadInfo($remotefile)->{'Content-Type'};
    unless ( $type eq 'image/pjpeg' || $type eq 'image/gif' || $type e
+q 'image/bmp') {
        print "Wrong!  This is not a supported file type.";
        exit;
    }
[download]

I hope this helps,

sulfericacid

"Age is nothing more than an inaccurate number bestowed upon us at birth as just another means for others to judge and classify us"

sulfericacid