Assuming that you have a normal user account and the
webserver runs as someone else, your best bet is to
make the directory the script is saving files in sticky
(1777 or 1733). You also want this dir to be something
other than the current dir, and to be somewhere where
CGI/shtml/php/other dynamic content can't be run - you don't
want someone uploading arbitrary programs, and I suspect
some server-interpreted dynamic formats may well be runnable
even when not executable.
Also, the regexp should constrain filenames to safe characters
(something like =~/^.*?(a-zA-Z0-9.+)$/ will work - the
current one won't strip MacOS paths (Volume:Folder:File),
and will pass various things that could, depending
on filesystem and what you use to view the directory, range
from mildly annoying to security risks.)
And open(FILE,">filename"); will follow symlinks and overwrite
existing files. sysopen() with O_CREAT|O_EXCL (and
O_NOFOLLOW if your OS supports/needs it) is safer.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.