Good to hear. In general file uploading occurs when the browser "tacks" on a specific request header and the data for the file. Therefore, any request may *attempt* to upload a file.
The real key is whether or not there is something on the other end (server side) that will handle the request, which is where your CGI script comes in. The browser is responsible for uploading the file and creating the header, you (server side script) is responsible for recognizing that it is receiving this type of data, and then doing whatever is necessary with that data, so any script *could* if it parsed the header, received the data, then wrote the data to the disk, upload a file. CGI.pm is just a library that makes the handling of those steps much much easier. CGI.pm by itself is likely to parse the header, and recognize the data, however without you telling it to store the file it won't (or shouldn't, I assume as this would be bad). Not to mention it would have to guess where to put the file, may or may not have write permissions to do so, and on top of that nothing malicious could happen unless that file were executable (see umask for web server), and then executed..... Sorry that this is kinda random, it is the general idea however..... http://danconia.org Octavian Rasnita wrote: > Hi all, > > With your precious help I finally succeeded to create that script that > downloads a file then deletes the file from the server. > > In Windows works pretty strange because it takes a long time to delete the > file, but it doesn't matter at all. > I won't use it in Windows anyway. > > I have a question. > I've seen why it is a good idea to deny uploading files on the server if > this is not necessary using CGI.pm. > > Well, what happends if someone tries to upload a file on the server with a > fake form, if I am not using CGI.pm in that script? > > Will the server try to upload the file? > > Who is responsable for uploading? CGI.pm? Any script? > > Thank you. > > Teddy Center: http://teddy.fcc.ro/ > Mail: [EMAIL PROTECTED] > > > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
