in reply to Writing to a different file name

This is a pretty dangerous thing you are doing. You retrieve the file name to be copied from a cookie - but the cookie is supplied by the client side. What if the cookie contains rm -rf / |?

I would first check if what the cookie supplies is indeed a file, and a file that I'm allowed to copy, and then use 

    system cp => $file1, $file2;
    die "Copy returned ", $? >> 8, "\n" if $?;

[download]
to copy the file.

Note that the way system is used is 'safe', there's no shell that will interpret funny characters.

Abigail

Replies are listed 'Best First'.
Re: Re: Writing to a different file name
by ysth (Canon) on Dec 16, 2003 at 21:16 UTC
    The open FOO, ">$file" syntax will not allow pipes, so there is no danger from "rm -rf / |".

    It will get messed up if $file starts with & or >, though. To prevent this, just switching to 3-arg open is sufficient: open FOO, ">", $file or bailout("error opening output file: $!")

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom