[development] How to handle uploads in a secure fashion?

Scott Trudeau strudeau at umich.edu
Tue Jun 20 14:32:22 UTC 2006


I'll just add a ++ to this request for info here.  I recently built a module
(hopefully I'll be able to release it to contribs within a few weeks) that
specially handles file uploads, so any pointers on ensuring that these are
handled securely is appreciated!  Thanks,

Scott

On 6/19/06, Fabio Varesano <fabio.varesano at gmail.com> wrote:
>
> Hi everybody,
>
> I just received an email from Ber asking to check my modules for
> security issues related to file uploads.
> Maybe others of you received too that emails.
>
> He tell me to check my module for upload related issue and see at the
> 4.7.1->4.7.2 patch as guide.
>
> Well... it seems that the main addition is the upload_munge_filename
> ... but this is an upload module only functions.
>
> Should the munge_filename function became a file api?
>
>
> Moreover a handbook page explaining how to handle uploads in security
> is needed.
>
>
> Fabio Varesano
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20060620/0eeb463c/attachment.htm


More information about the development mailing list