Home · Authors · Recent · News · Mirrors · FAQ · Feedback

in  
Simon Cozens > CGI-Untaint-upload > CGI::Untaint::upload

Download:
CGI-Untaint-upload-1.0.tar.gz

Dependencies

Annotate this POD

CPAN RT

Open  0
Report a bug
Module Version: 1.0   Source  

NAME ^

CGI::Untaint::upload - receive a file upload

SYNOPSIS ^

    my $handler = CGI::Untaint->new( map { $_ => $cgi->param($_) } $cgi->param);
    # NOT my $handler = CGI::Untaint->new( $cgi->Vars ); !

    $file = $handler->extract(-as_upload => "uploaded");
    print "File name was ", $file->{filename}, "\n";
    print "File contents: \n";
    print $file->{payload};

DESCRIPTION ^

This CGI::Untaint handler receives a file from an upload field, returning its filename and contents. This may be used as a base class for validating that a file upload conforms to certain properties.

It's important that you use CGI->param rather than CGI->Vars as the latter only returns the uploaded file's name and not its contents.

SUBCLASSING ^

By default, the class does no taint checking, blindly untainting both the filename and the contents; this may not be what you want. You can subclass this module and override the _untaint_filename_re and _untaint_payload_re methods to control the regular expression used to untaint these data. In addition, the usual CGI::Untaint::object is_valid method can be overriden to perform more checks on the data.

AUTHOR ^

Simon Cozens, simon@kasei.com

SEE ALSO ^

CGI::Untaint.

59780 Uploads, 19138 Distributions 76403 Modules, 7845 Uploaders
hosted by YellowBot
do. tag. write. share.