есть ли уязвимость в это коде (perl) :

if ( $section eq "view_file" ) {

check_user();

$file = $q->param('id');

my $statement = 'SELECT nid,filename, file FROM files WHERE id = ?';

$sth = $dbh->prepare($statement) or die print "Couldn't prepare statement: $DBI::errstr; stopped";

$sth->execute($file) or die print "Couldn't execute statement: $DBI::errstr; stopped";

while ( my $ref = $sth->fetchrow_hashref() ) { $nid = $ref->{'nid'}; $name = $ref->{'filename'}; $filename = $ref->{'file'}; }

$statemente = 'SELECT notes.call FROM notes WHERE id = ?';

$sth = $dbh->prepare($statemente) or die "Couldn't prepare statement: $DBI::errstr; stopped";

$sth->execute($nid) or die "Couldn't execute statement: $DBI::errstr; stopped";

while ( my $ref = $sth->fetchrow_hashref() ) {

$call = $ref->{'call'};

}

$statement = 'SELECT username FROM calls WHERE id = ?';

$sth = $dbh->prepare($statement) or die "Couldn't prepare statement: $DBI::errstr; stopped";

$sth->execute($call) or die "Couldn't execute statement: $DBI::errstr; stopped";

while ( my $ref = $sth->fetchrow_hashref() ) {

die_nice("Sorry you do not have access to this file") if $ref->{'username'} ne "$Cookies{'id'}";

}

print qq~Content-Disposition: attachment; filename="$name"\n~;

print "Content-Type: application/octet-stream\n\n";

if ( defined $file && $file ne "" ) {

open( LOCAL, ") {

print;

}

close(LOCAL);

}

}

все время открывается сам файл с ошибкой внутри в строке while () {