I've been working with file uploads via CGI for a while now. To protect against large files, you /can/ limit the file size that the user is allowed to upload. I think you'd probably use $CGI::POST_MAX=1024 * 100; # max 100K at the top of your script. That way no file over 100k will be uploaded and if it's tried, it'll throw an error at them.
As for making sure it's a text file. My method doesn't test securely but it does check to make sure the filename is whatever you want. (doesn't mean they can't upload an exe and call it log.txt, mind you). Here's the snippet I use in all my upload scripts (change it to fit your needs):
my $type = uploadInfo($remotefile)->{'Content-Type'};
unless ( $type eq 'image/pjpeg' || $type eq 'image/gif' || $type e
+q 'image/bmp') {
print "Wrong! This is not a supported file type.";
exit;
}
I hope this helps,
sulfericacid
"Age is nothing more than an inaccurate number bestowed upon us at birth as just another means for others to judge and classify us"
sulfericacid
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.