NAME CGI::Upload - CGI class for handling browser file uploads SYNOPSIS use CGI::Upload; my $upload = CGI::Upload->new; my $file_name = $upload->file_name('field'); my $file_type = $upload->file_type('field'); $upload->mime_magic('/path/to/mime.types'); my $mime_type = $upload->mime_type('field'); my $file_handle = $upload->file_handle('field'); DESCRIPTION This module has been written to provide a simple and secure manner by which to handle files uploaded in multipart/form-data requests through a web browser. The primary advantage which this module offers over existing modules is the single interface which it provides for the most often required information regarding files uploaded in this manner. This module builds upon primarily the CGI and File::MMagic modules and offers some tidy and succinct methods for the handling of files uploaded via multipart/form-data requests. METHODS The following methods are available through this module for use in CGI scripts and can be exported into the calling namespace upon request. new This object constructor method creates and returns a new CGI::Upload object. In previously versions of CGI::Upload, a mandatory argument of the CGI object to be used was required. This is no longer necessary due to the singleton nature of CGI objects. As an experiment, you can now use any kind of CGI.pm like module. The requirements are that it has to support the ->param method and the ->upload method returning a file handle. You can use this feature in two ways, either providing the name of the module or an already existing object. In the former case, CGI::Upload will try to *require* the correct module and will *croak* if cannot load that module. It has been tested with CGI.pm and CGI::Simple. Examples: use CGI::Upload; CGI::Upload->new({ query => "CGI::Simple"}); or use CGI::Upload; use CGI::Simple; $CGI::Simple::DISABLE_UPLOADS = 0; # you have to set this before creating the instance my $q = new CGI::Simple; CGI::Upload->new({ query => $q}); query Returns the CGI object used within the CGI::Upload class. file_handle('field') This method returns the file handle to the temporary file containing the file uploaded through the form input field named 'field'. This temporary file is generated using the new_tmpfile method of IO::File and is anonymous in nature, where possible. file_name('field') This method returns the file name of the file uploaded through the form input field named 'field' - This file name does not reflect the local temporary filename of the uploaded file, but that for the file supplied by the client web browser. file_type('field') This method returns the file type of the file uploaded as specified by the filename extension - Please note that this does not necessarily reflect the nature of the file uploaded, but allows CGI scripts to perform cursory validation of the file type of the uploaded file. mime_magic('/path/to/mime.types') This method sets and/or returns the external magic mime types file to be used for the identification of files via the mime_type method. By default, MIME identification is based upon internal mime types defined within the File::MMagic module. See File::MMagic for further details. mime_type('field') This method returns the MIME type of the file uploaded through the form input field named 'field' as determined by file magic numbers. This is the best means by which to validate the nature of the uploaded file. See File::MMagic for further details. BUGS Please report bugs on RT: TODO Explain why there is no 100% tests coverage... Add explicite license to module both in pod and in Makefile.PL Add Module::Build support Add better MIME magic support (see request on RT) Test if multiple file uploads are supported and fix this if they are not. Apache::Request support CGI::Minimal support Example code from Mark Stosberg (CGI::Uploader): if ($q->isa('CGI::Simple') ) { $fh = $q->upload($filename); $mt = $q->upload_info($filename, 'mime' ); if (!$fh && $q->cgi_error) { warn $q->cgi_error && return undef; } } elsif ( $q->isa('Apache::Request') ) { my $upload = $q->upload($file_field); $fh = $upload->fh; $mt = $upload->type; } # default to CGI.pm behavior else { $fh = $q->upload($file_field); $mt = $q->uploadInfo($fh)->{'Content-Type'} if $q->uploadInfo($fh); if (!$fh && $q->cgi_error) { warn $q->cgi_error && return undef; } } SEE ALSO CGI, File::MMagic, HTTP::File COPYRIGHT Copyright 2002-2004, Rob Casey, rob@cowsnet.com.au AUTHOR Original author: Rob Casey, rob@cowsnet.com.au Current mainainer: Gabor Szabo, gabor@pti.co.il Thanks to Mark Stosberg for suggestions