> FileSize and Size validators are validating the size based on the real
> file size.
> This is the only secure way as all what's coming from client is unsecure.
>
> Why should there be "illegal characters" for uploaded file ?
> You could simply rename any file.
> And you will get an error, when you try to receive the file which has
> illegal characters and can not be written.
> "File can not be written"...
>
> So from the servers view this points are secure.
>
> Greetings
> Thomas Weidner, I18N Team Leader, Zend Framework
> http://www.thomasweidner.com
>
>
> ----- Original Message ----- From: "Cristian Bichis"
> <contact@zftutorials.com>
> To: <fw-mvc@lists.zend.com>
> Sent: Tuesday, October 28, 2008 9:22 AM
> Subject: [fw-mvc] Security concerns related to Zend_File
>
>
>> Hi,
>>
>> I have some questions related to Zend_File validators:
>>
>> 1. After an upload using Zend_Form_Element_File there is any
>> validation of uploaded file name ? To not contain some kind of
>> illegal characters
>>
>> 2. FileSize / Size validators are also validating size in relation
>> with ini_get('post_max_size') or $_SERVER['CONTENT_LENGTH'] or tio
>> be sure file is validated against 0 or negative file size ?
>>
>> Thanks.
>>
>> --
>> Best regards,
>> Cristian Bichis
>> www.zftutorials.com | www.zfforums.com | www.zftalk.com | ww.zflinks.com
>
>
--
Best regards,
Cristian Bichis
www.zftutorials.com | www.zfforums.com | www.zftalk.com | www.zflinks.com
没有评论:
发表评论