CGI::Untaint::upload - receive a file upload
my $handler = CGI::Untaint->new( map { $_ => $cgi->param($_) } $cgi->param); # NOT my $handler = CGI::Untaint->new( $cgi->Vars ); ! $file = $handler->extract(-as_upload => "uploaded"); print "File name was ", $file->{filename}, "\n"; print "File contents: \n"; print $file->{payload};
This CGI::Untaint handler receives a file from an upload field, returning its filename and contents. This may be used as a base class for validating that a file upload conforms to certain properties.
It's important that you use CGI->param rather than CGI->Vars as the latter only returns the uploaded file's name and not its contents.
CGI->param
CGI->Vars
By default, the class does no taint checking, blindly untainting both the filename and the contents; this may not be what you want. You can subclass this module and override the _untaint_filename_re and _untaint_payload_re methods to control the regular expression used to untaint these data. In addition, the usual CGI::Untaint::object is_valid method can be overriden to perform more checks on the data.
_untaint_filename_re
_untaint_payload_re
is_valid
Simon Cozens, simon@kasei.com
simon@kasei.com
CGI::Untaint.
To install CGI::Untaint::upload, copy and paste the appropriate command in to your terminal.
cpanm
cpanm CGI::Untaint::upload
CPAN shell
perl -MCPAN -e shell install CGI::Untaint::upload
For more information on module installation, please visit the detailed CPAN module installation guide.