Menu
▾
▴
Re: [Phpwiki-talk] Uploading files into Phpwiki
|
From: Manuel V. <man...@gm...> - 2007-03-12 15:06:33
|
2007/3/10, Reini Urban <ru...@x-...>: > 2007/3/9, Manuel Vacelet <man...@gm...>: > > 2007/3/9, Sabri LABBENE <sab...@st...>: > > > BTW, we also turned off getimagesize() because it make the page loading very > > > slow. Will there be then any risk related to spam prevention ? > > > > In a intranet there is no risk. > > There's still the cockpit error risc. The risc of unaware users, who > just upload .vbs files as one just did yesterday in my companies' > super-secure intranet. Thanksfully we had the extension check. > > After renaming the .vbs to .vbs_ he could upload it, and users could > download it without immediate execution. I'm not that Microsoft Windows aware but this is a client executable not a server one isn't it ? I mean, there are no risks to see this vbs executed on the server (even a windows one) ? -- Manuel |
