I'll just add a ++ to this request for info here. I recently built a module (hopefully I'll be able to release it to contribs within a few weeks) that specially handles file uploads, so any pointers on ensuring that these are handled securely is appreciated! Thanks,
Scott
On 6/19/06, Fabio Varesano <fabio.varesano@gmail.com> wrote:
Hi everybody,
I just received an email from Ber asking to check my modules for
security issues related to file uploads.
Maybe others of you received too that emails.
He tell me to check my module for upload related issue and see at the
4.7.1->4.7.2 patch as guide.
Well... it seems that the main addition is the upload_munge_filename
... but this is an upload module only functions.
Should the munge_filename function became a file api?
Moreover a handbook page explaining how to handle uploads in security
is needed.
Fabio Varesano