Re: Protector protects from a legitimate upload.
List posts in the topic
Re: Protector protects from a legitimate upload.
msg# 1.5
Dave_L
From: Virginia, USA
Posts: 35
Here's how I use the XOOPS upload object:
Only allow known safe file extensions. The mimetype is not really checked; XOOPS uses the mimetype only as a way of keeping track of extensions, and for use by the downloader to provide a content-type header.
Store uploaded files in a subdirectory (or subdirectories) that is not accessible by a web browser, either outside the web root or protected by an .htaccess file.
Store the uploaded file using a generated numeric filename (1.doc, 2.pdf, etc.). The original filename is stored in the database for use by the downloader.
Votes:1
Average:10.00
Posts tree