in reply to Upload file through perl-cgi not working

$1 only gets populated by capturing parens, and you need to use it, before running another regex. By the time you assign $1 to a variable, it is empty again 

local $\="\n";
print 33 =~ /\d+/;
print int defined $1;
print 33 =~ /(\d+)/;
print int defined $1;
__END__
1
0
33
1

[download]

$file is tainted, and it will remain tainted, until you assign a $1.... to it

Replies are listed 'Best First'.
Re^2: Upload file through perl-cgi not working
by becool321 (Initiate) on Aug 23, 2011 at 05:05 UTC
    Thanks for your reply anonymous. I made the following change ($file = $1) for your 2nd comment but not sure how to handle your 1st comment. Can you let me know how to implement 1st. Tried a number of modifications but none resolved my issue. 
        my $outfile = "$upload_dir"."";
    my ($safe_file_name) = $outfile =~ /([-\@:\/\\\w.]+)$/;
    
    if ($file =~ /swf/ || $file =~ /high/ || $file =~ /low/) {
       $outfile .= $file;
       $safe_file_name = $1;
       $file = $1;
       #if (-e $outfile) {
        #    error_msg("File already exist in destination folder");
       #}
    } else {
       error_msg("Only '.swf' files and files with 'high' or 'low' in 
+the name will be uploaded.");
    }
    if (!$safe_file_name) {
        die qq{Disallowed characters in file $safe_file_name\n};
    }

    [download]
[reply]
[d/l]

In Section Seekers of Perl Wisdom