[development] How to handle uploads in a secure fashion?

Derek Wright drupal at dwwright.net
Tue Jun 20 16:10:45 UTC 2006

On Jun 19, 2006, at 10:58 AM, Fabio Varesano wrote:

> Should the munge_filename function became a file api?

it should, yes, but that's complicated.  part of the  
upload_munge_filename() stuff depends on a whitelist of approved file  
extensions.  those are handled as a setting from the upload.module.   
so, to make munge* a separate function in file.inc that didn't depend  
on the upload.module, we'd need to put those settings somewhere else,  
too.  since the existing munge stuff was done in the heat of the  
moment to get 4.7.2 out, no one felt like doing that much additional  
work to make things generic, moving all this code into the file API,  

but, it's a pain in the neck for those of us trying to make contribs  
more secure using this stuff, since now our modules will depend on  
the upload module, even if they don't the regular upload form  
element, etc.  we should definitely consider reorganizing this code  
in 4.8.  sadly, i'm going to be unavailable for drupal hacking until  
mid july, so i can't spearhead this effort (at least not until at  
least the end of july).

-derek (dww)

More information about the development mailing list