Menu
▾
▴
Re: [Phpwebsite-developers] Problem uploading documents in 0.10.1
|
From: Shaun M. <sh...@ae...> - 2005-04-13 10:45:45
|
On 13 Apr 2005, at 10:36, Shaun Murray wrote: > > On 12 Apr 2005, at 23:53, Tony Miller wrote: > >> Yup, that's it. And it had stopped every single .PDF that I tried to >> upload. I can't figure out how church bulletins could be malicious. >> Could it be that the security algorithm needs to be tweaked? >> > > One of my users was complaining about image uploads in announce today > as well. Same problem. > > It definitely needs tweaking as now it's so secure you can't get any > work done! Just to follow on... Just removing dl\( from the list seems to clear up most problems. That's just a little too common in uploads. I don't know what effect that has for security though as it's obviously opening up a tiny doorway. dl seems a odd php function to block although I guess in conjunction with another exploit, being able to load up apache modules at runtime might be useful to a hacker. Shaun aegis design - http://www.aegisdesign.co.uk |
