Sure.
But I forgot to mentioned it in the ReleaseNotes
We have new in UpLoad:
; Upload into seperate userdirs. If enabled (default since 1.3.13) the
generated Upload: link
; will include the username plus "/". This will make all uploaded
links longer, but we
; avoid nameclashes and you see who uploaded what file.
;UPLOAD_USERDIR = false
; By setting DISABLE_UPLOAD_ONLY_ALLOWED_EXTENSIONS to true, you get
; back the old behaviour to check only *bad* extensions of uploaded
; files. However a server may treat other files with certain handlers,
; like executable scripts, so we disable now everything and enable
; only some extension. See lib/plugin/UpLoad.php.
; Default: false
;DISABLE_UPLOAD_ONLY_ALLOWED_EXTENSIONS = false
; Override the default uploads dir. We have to define the local file path,
; and the webpath (DATA_PATH). Ensure an ending slash on both.
;UPLOAD_FILE_PATH = /var/www/htdocs/uploads/
;UPLOAD_DATA_PATH = /uploads/
; The maximum file upload size, in bytes.
; The default, 16777216, is 16MB.
MAX_UPLOAD_SIZE = 16777216
2007/6/8, Harold Hallikainen <ha...@ha...>:
> Does the new release deal with the upload problem I found (or a hacker
> found on my system? That is, they were able to upload and execute a php3.
> It'd be nice if we had a list of allowed file types instead of a list of
> disallowed types.
--
Reini Urban
http://phpwiki.org/ http://murbreak.at/
http://spacemovie.mur.at/ http://helsinki.at/
|
