Keeping this PG rated, I'm speaking about the ability to upload more than one file at a time.

While the below code works correctly if only one (1) file upload is done, it is not conducive to any proper behavior when more than a single file is requested for upload.

Please can Monks explain why it isn't working...maybe you could also tell me how to change the regex on line 16 to allow a space (blank) as an allowed character in the base name too. Happy Thanksgiving.

my $upload_dir = "/home/yadayada/public_html/cgi-bin/upload_docs";
my ($base_filename, $untainted_filename);
my @full_filename = ("", "", "");
my @upload_file = ($file1, $file2, $file3);
my $upload_file = param(@upload_file);
my $y=0;
foreach $upload_file(@upload_file)
    {
     if ($upload_file eq "")
          {}
     else
          {
           $base_filename = $upload_file;
           $base_filename =~ s/.*[\/\\](.*)/$1/;
           $untainted_filename = $base_filename;
           if ($base_filename =~ /^([-\@:\/\\\w.]+)$/  )
               {
               $untainted_filename = $1;
               }
           else
               {
                die <<"EOT";
Unsuported characters in the filename "$base_filename".
Your filename may only contain alphabetic characters, numbers,
and the characters '_', '-', '\@', '/', '\\', and '.'
EOT
                }
           if ($untainted_filename =~ m/\.\./ )
                {
                die <<"EOT";
Your upload filename may not contain the sequence '..'
Rename your file so that it does not contain the sequence '..', and tr
+y again. 
EOT
                 }
           else {}

           @full_filename[$y] = $upload_dir . "/" . $untainted_filenam
+e;
           open (UPLOADFILE, ">@full_filename[$y]") || die ("Can't ope
+n (@full_filename[$y]): $!"); 
#                                  open $file_name using FILEHANDLE IN
+FILE
           binmode UPLOADFILE;       # allow FILEHANDLE read in binary
+ mode
           while ( <$upload_file> )
                 {
                  print UPLOADFILE;
                 }
           close (UPLOADFILE);          # close input file
          }
    $y++;
    }

[download]

In reply to Upload more than one file at a time by gmacfadden

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.