There is generally no direct risk from the content of the file until you try to open it with in a particular application that some mailcious person may have targetted with some carefully crafted file - on windows you might want to take the precaution of either removing the suffix or supplying a (for example) .safe if there is a danger of random people opening the files. I would also alter the sanitizing of the filename to something like:
Of course you aren't actually using the name of the file so all of the above doesn't apply to your code.$filename =~ /([^\/\\]*)$/; $filename = $1;
You might consider setting $CGI::POST_MAX to a sensible value to avoid a DoS through a massive upload and you probably also want to use the -T flag to turn tainting on so you can't do anything silly in the perl program with the user supplied input. Other than that you are safe from any over risks.
/J\
In reply to Re: File Upload Script: Security Issue???
by gellyfish
in thread File Upload Script: Security Issue???
by awohld
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |