NAME

CGI::Untaint::upload - receive a file upload

SYNOPSIS

my $handler = CGI::Untaint->new( map { $_ => $cgi->param($_) } $cgi->param);
# NOT my $handler = CGI::Untaint->new( $cgi->Vars ); !

$file = $handler->extract(-as_upload => "uploaded");
print "File name was ", $file->{filename}, "\n";
print "File contents: \n";
print $file->{payload};

DESCRIPTION

This CGI::Untaint handler receives a file from an upload field, returning its filename and contents. This may be used as a base class for validating that a file upload conforms to certain properties.

It's important that you use CGI->param rather than CGI->Vars as the latter only returns the uploaded file's name and not its contents.

SUBCLASSING

By default, the class does no taint checking, blindly untainting both the filename and the contents; this may not be what you want. You can subclass this module and override the _untaint_filename_re and _untaint_payload_re methods to control the regular expression used to untaint these data. In addition, the usual CGI::Untaint::object is_valid method can be overriden to perform more checks on the data.

AUTHOR

Simon Cozens, simon@kasei.com

SEE ALSO

CGI::Untaint.