Menu
▾
▴
Re: [Phpwiki-talk] Uploading files into Phpwiki
|
From: Reini U. <ru...@x-...> - 2007-03-12 16:15:23
|
no, never on the server. but certain clients could execute this in the worst case on pageview, and normally when they click on it. by forcing the uploader to rename it, the user must rename it to original to be able to execute it. 2007/3/12, Manuel Vacelet <man...@gm...>: > 2007/3/10, Reini Urban <ru...@x-...>: > > 2007/3/9, Manuel Vacelet <man...@gm...>: > > > 2007/3/9, Sabri LABBENE <sab...@st...>: > > > > BTW, we also turned off getimagesize() because it make the page loading very > > > > slow. Will there be then any risk related to spam prevention ? > > > > > > In a intranet there is no risk. > > > > There's still the cockpit error risc. The risc of unaware users, who > > just upload .vbs files as one just did yesterday in my companies' > > super-secure intranet. Thanksfully we had the extension check. > > > > After renaming the .vbs to .vbs_ he could upload it, and users could > > download it without immediate execution. > > I'm not that Microsoft Windows aware but this is a client executable > not a server one isn't it ? > > I mean, there are no risks to see this vbs executed on the server > (even a windows one) ? > > -- Manuel > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Phpwiki-talk mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phpwiki-talk > -- Reini Urban http://phpwiki.org/ http://murbreak.at/ http://spacemovie.mur.at/ http://helsinki.at/ |
