[development] How to handle uploads in a secure fashion?

Fabio Varesano fabio.varesano at gmail.com
Mon Jun 19 17:58:23 UTC 2006

Hi everybody,

I just received an email from Ber asking to check my modules for
security issues related to file uploads.
Maybe others of you received too that emails.

He tell me to check my module for upload related issue and see at the
4.7.1->4.7.2 patch as guide.

Well... it seems that the main addition is the upload_munge_filename
... but this is an upload module only functions.

Should the munge_filename function became a file api?

Moreover a handbook page explaining how to handle uploads in security
is needed.

Fabio Varesano

More information about the development mailing list