PEAK XOOPS - Re: Protector protects from a legitimate upload. in englishin japanese

Top > XOOPS Modules >Protector >Protector protects from a legitimate upload.

Re: Protector protects from a legitimate upload.

List posts in the topic

none Re: Protector protects from a legitimate upload.

msg# 1.7.1
depth:
2
Previous post - Next post | Parent - No child | Posted on 2007/9/6 4:03
GIJOE  ÀèǤ·³Áâ   Posts: 4110
Easy to answer.
Just store files with allowed extensions inside DocumentRoot.
And never allow multiple dots.

Blacklist will be non-sense.
Only Both checking by whitelist of extensions(.gif/.png/.jpg/.jpeg) and their contents are meaningful.

.xls, .doc, .pdf...
They should not be stored inside DocumentRoot.
Because there are no means to checking the contents.

If you want to put a php source file, use outside of DocumentRoot or make file name hash like pukiwiki.


XOOPS_TRUST_PATH must be useful such uploading situation.

XOOPS_TRUST_PATH/uploads/
Votes:1 Average:10.00

Posts tree

  Advanced search

Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!