retain filename passed
Hi all,
I have just developed a simple application with perl + CGI Everything works fine as expected. Its an application to load a file, process and return it back. But there is a lack of nice to have feature. Using file upload I upload the file and the file name is erased from the textbox. I just want to retain that as such the same way as how *any text* would be retained if typed in a text box. Reason for this request is, since am testing I don't have to click browse and then execute each time. If the filename is retained as such then it would be easier for me to use that filename. Any pointers ? Thanks |
Hi
You can't set the filename in a file upload field. The problem is that if you could, it would be very easy to include for example /etc/passwd on a page, hide it, or make it hard to see. It would be a big security problem. For testing, while not just click reload page? It will ask you if you want to send POST data again, and you just click ok. |
Thanks for your reply.
Correct me if am wrong. Are you saying given a filename it should fetch the file from server ? I didn't mean that. Its about specifying a file and uploading that, so in that case why would that be a security threat at all. Could you please explain that ? |
Hi
No, if you could set the filename, the server could get any file from the client, and that's no better. Let's say I make a form for login. Two fields for username and password, and a submit button. Below them, I write <br> 1000 times then something like <input type="file" name="uploadfile" value="/etc/passwd"> If the client did send the file when the submit button is clicked, there would be a problem. So you can't specify the file in the file upload field. |
I see that. There is definitely a security hole. Thanks much for the clarification.
|
All times are GMT -5. The time now is 12:17 PM. |