PEAK XOOPS - Re: Protector protects from a legitimate upload. in englishin japanese

Top > XOOPS Modules >Protector >Protector protects from a legitimate upload.

Re: Protector protects from a legitimate upload.

List posts in the topic

none Re: Protector protects from a legitimate upload.

msg# 1.3
depth:
1
Previous post - Next post | Parent - Children.1 .2 | Posted on 2007/8/29 4:30 | Last modified
Dave_L  上等兵 From: Virginia, USA  Posts: 35
Are you talking about filenames with consecutive periods (../foo/bar.txt) or non-consecutive periods (foo.tar.gz)?

I think the latter (non-consecutive periods) is blocked if the "Exit if bad files are uploaded" setting in the Protector module preferences is enabled. This is implemented in Protector::check_uploaded_files() in trust_path/modules/protector/class/protector.php.

I have this setting disabled.

The former (consecutive periods) is blocked if the setting "Protection from Directroy Traversals" is enabled. This is implemented in function protector_prepare() in trust_path/modules/protector/include/precheck.inc.php.

This applies to Protector 3.04. I haven't upgraded to 3.1 yet.
Votes:23 Average:4.35

Posts tree

  Advanced search

Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!