Simon Cozens > CGI-Untaint-upload-1.0 > CGI::Untaint::upload

Download:
CGI-Untaint-upload-1.0.tar.gz

Dependencies

Annotate this POD

View/Report Bugs
Module Version: 1.0   Source  

NAME ^

CGI::Untaint::upload - receive a file upload

SYNOPSIS ^

    my $handler = CGI::Untaint->new( map { $_ => $cgi->param($_) } $cgi->param);
    # NOT my $handler = CGI::Untaint->new( $cgi->Vars ); !

    $file = $handler->extract(-as_upload => "uploaded");
    print "File name was ", $file->{filename}, "\n";
    print "File contents: \n";
    print $file->{payload};

DESCRIPTION ^

This CGI::Untaint handler receives a file from an upload field, returning its filename and contents. This may be used as a base class for validating that a file upload conforms to certain properties.

It's important that you use CGI->param rather than CGI->Vars as the latter only returns the uploaded file's name and not its contents.

SUBCLASSING ^

By default, the class does no taint checking, blindly untainting both the filename and the contents; this may not be what you want. You can subclass this module and override the _untaint_filename_re and _untaint_payload_re methods to control the regular expression used to untaint these data. In addition, the usual CGI::Untaint::object is_valid method can be overriden to perform more checks on the data.

AUTHOR ^

Simon Cozens, simon@kasei.com

SEE ALSO ^

CGI::Untaint.

syntax highlighting: