<br>I'll just add a ++ to this request for info here. I recently built a module (hopefully I'll be able to release it to contribs within a few weeks) that specially handles file uploads, so any pointers on ensuring that these are handled securely is appreciated! Thanks,
<br><br>Scott<br><br><div><span class="gmail_quote">On 6/19/06, <b class="gmail_sendername">Fabio Varesano</b> <<a href="mailto:fabio.varesano@gmail.com">fabio.varesano@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi everybody,<br><br>I just received an email from Ber asking to check my modules for<br>security issues related to file uploads.<br>Maybe others of you received too that emails.<br><br>He tell me to check my module for upload related issue and see at the
<br>4.7.1->4.7.2 patch as guide.<br><br>Well... it seems that the main addition is the upload_munge_filename<br>... but this is an upload module only functions.<br><br>Should the munge_filename function became a file api?
<br><br><br>Moreover a handbook page explaining how to handle uploads in security<br>is needed.<br><br><br>Fabio Varesano<br></blockquote></div><br>