From: Reini U. <ru...@x-...> - 2007-06-08 07:17:52
|
Sure. But I forgot to mentioned it in the ReleaseNotes We have new in UpLoad: ; Upload into seperate userdirs. If enabled (default since 1.3.13) the generated Upload: link ; will include the username plus "/". This will make all uploaded links longer, but we ; avoid nameclashes and you see who uploaded what file. ;UPLOAD_USERDIR = false ; By setting DISABLE_UPLOAD_ONLY_ALLOWED_EXTENSIONS to true, you get ; back the old behaviour to check only *bad* extensions of uploaded ; files. However a server may treat other files with certain handlers, ; like executable scripts, so we disable now everything and enable ; only some extension. See lib/plugin/UpLoad.php. ; Default: false ;DISABLE_UPLOAD_ONLY_ALLOWED_EXTENSIONS = false ; Override the default uploads dir. We have to define the local file path, ; and the webpath (DATA_PATH). Ensure an ending slash on both. ;UPLOAD_FILE_PATH = /var/www/htdocs/uploads/ ;UPLOAD_DATA_PATH = /uploads/ ; The maximum file upload size, in bytes. ; The default, 16777216, is 16MB. MAX_UPLOAD_SIZE = 16777216 2007/6/8, Harold Hallikainen <ha...@ha...>: > Does the new release deal with the upload problem I found (or a hacker > found on my system? That is, they were able to upload and execute a php3. > It'd be nice if we had a list of allowed file types instead of a list of > disallowed types. -- Reini Urban http://phpwiki.org/ http://murbreak.at/ http://spacemovie.mur.at/ http://helsinki.at/ |