Error detection on CGI file upload attempts

willjones has asked for the wisdom of the Perl Monks concerning the following question:

I am using CGI.pm and am allowing a user to upload a file. I would like to detect different scenarios and display an appropriate error message when invalid inputs are specified by the user. For example if the user selects a directory to be uploaded I would like to detect this and say 'Sorry, you've chosen a directory. This is an invalid file.'. If the user chooses a zero byte file then I'd like to say, 'Sorry, you have selected an empty file for upload.' My problem is I don't know how to tell the difference between a directory, a zero byte file and a non-existant file. I read somewhere that you should be able to use the -d operator with a file handle if you want. So, I tried this but it didn't work! I typed c:\oracle in my file browse box (the name of a directory on my computer) and submitted to my CGI Perl script.

my $err="";
my $inputFileHandle = $cgi->param("FILE");

if ( -d <$inputFileHandle> )
{
   $err.="This is a directory.<br/>";
}

if ( !-f <$inputFileHandle> )
{
   $err.="This is not a plain file.<br/>";
}

if ( -z <$inputFileHandle> )
{
   $err.="This is a zero byte file.<br/>";
}

if ( !-e <$inputFileHandle> )
{
   $err.="This is a non-existing file.<br/>";
}
[download]

These flag operators didn't work as I expected. !-e and !-f actually got entered every time and the -d and -z blocks were never entered regardless of whether the file was valid, empty, non-existing or a directory.

Is there another way I can detect more information about what a CGI upload file handle points to with Perl?

Thanks,
Will

Comment on Error detection on CGI file upload attempts Download Code

Replies are listed 'Best First'.
Re: Error detection on CGI file upload attempts by Corion (Patriarch) on Nov 25, 2008 at 18:42 UTC
`-f <$inputFileHandle>` is valid Perl syntax but it does not mean what you might think it does. It reads a line from `$inputFileHandle` and then checks whether a file with that name (including newline and all) exists. You might want `-f $inputFileHandle` [download] or possibly `@info = stat $inputFileHandle` [download]	[reply] [d/l] [select]
Re: Error detection on CGI file upload attempts by jeffa (Bishop) on Nov 25, 2008 at 18:44 UTC
Sounds like the real problem is not the upload, but trying to store upload. Why don't you just try to copy the file and let $! report the error for you? If $! is defined, then the copy did not work and will contain a (good enough) reason to report back to the user. For the most part, the upload either worked or it didn't so I don't feel the need to tell a user all the many reasons why it didn't work. 9 times out of 10 the upload didn't work due to permission problems (that's a bug) and the other 1 is hitting the max upload limit. Is it really your responsibility to keep them from uploading empty files? What if they really wanted to upload an empty file? jeffa L-LL-L--L-LL-L--L-LL-L-- -R--R-RR-R--R-RR-R--R-RR B--B--B--B--B--B--B--B-- H---H---H---H---H---H--- (the triplet paradiddle with high-hat)	[reply] [d/l] [select]