Don't use :utf8 on untrusted data. Use :encoding(UTF-8). For that matter, don't use :utf8.
You decode bytes to chars, but you never encode the chars back to bytes when writing them. You'll get wide character warnings for non-ASCII chars, and you could get a mix of iso-latin-1 and UTF-8 characters in more complex programs.
What awful inconsistency in your file handle names: $fh and OUTPUT? And using a global variable too?
Fixed:
... my $fh_in = $cgi->upload('file'); binmode $fh_in, ':encoding(UTF-8)'; open(my $fh_out, '>:encoding(UTF-8)', "/var/www/mypath/$filename") or die $!; while (<$fh_in>) { print $fh_out $_; }
But there's absolutely no reason to convert to chars in the above code, so you'd be better off as
... my $fh_in = $cgi->upload('file'); open(my $fh_out, '>', "/var/www/mypath/$filename") or die $!; while (<$fh_in>) { print $fh_out $_; }
You also mentioned binary uploads (like MP3s). For that, you'd use
... my $fh_in = $cgi->upload('file'); open(my $fh_out, '>', "/var/www/mypath/$filename") or die $!; binmode $fh_in; binmode $fh_out; local $/ = \4096; # Don't wait to find "\n" while (<$fh_in>) { print $fh_out $_; }
The code for binary files also works with text files.
In reply to Re^3: CGI.pm: "Malformed UTF-8 character" in apache's error.log
by ikegami
in thread CGI.pm: "Malformed UTF-8 character" in apache's error.log
by isync
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |