Re: Protector protects from a legitimate upload.
List posts in the topic
Re: Protector protects from a legitimate upload.
msg# 1.7.1
Easy to answer.
Just store files with allowed extensions inside DocumentRoot.
And never allow multiple dots.
Blacklist will be non-sense.
Only Both checking by whitelist of extensions(.gif/.png/.jpg/.jpeg) and their contents are meaningful.
.xls, .doc, .pdf...
They should not be stored inside DocumentRoot.
Because there are no means to checking the contents.
If you want to put a php source file, use outside of DocumentRoot or make file name hash like pukiwiki.
XOOPS_TRUST_PATH must be useful such uploading situation.
XOOPS_TRUST_PATH/uploads/
Votes:1
Average:10.00
Posts tree