size.
This is the only secure way as all what's coming from client is unsecure.
Why should there be "illegal characters" for uploaded file ?
You could simply rename any file.
And you will get an error, when you try to receive the file which has
illegal characters and can not be written.
"File can not be written"...
So from the servers view this points are secure.
Greetings
Thomas Weidner, I18N Team Leader, Zend Framework
http://www.thomasweidner.com
----- Original Message -----
From: "Cristian Bichis" <contact@zftutorials.com>
To: <fw-mvc@lists.zend.com>
Sent: Tuesday, October 28, 2008 9:22 AM
Subject: [fw-mvc] Security concerns related to Zend_File
> Hi,
>
> I have some questions related to Zend_File validators:
>
> 1. After an upload using Zend_Form_Element_File there is any validation of
> uploaded file name ? To not contain some kind of illegal characters
>
> 2. FileSize / Size validators are also validating size in relation with
> ini_get('post_max_size') or $_SERVER['CONTENT_LENGTH'] or tio be sure
> file is validated against 0 or negative file size ?
>
> Thanks.
>
> --
> Best regards,
> Cristian Bichis
> www.zftutorials.com | www.zfforums.com | www.zftalk.com | ww.zflinks.com
没有评论:
发表评论