Posted by Michael Fesser on 11/03/07 05:19

..oO(william.hooper@gmail.com)

>Ok I am really impressed that you managed to edit my pages again even
>after I disallowed uploading of ".php*" files. But please tell me a
>way to get round it rather than (a) whitelist (b) only allowing types.
>Its really depressing not to be able to do this... there must be an
>easy trick you used... I am an average joe but this would be a cool
>thing...

I've already posted another possible solution (2.) in
<news:h927h3taqfelkbg5c2pq85juibe9qu7psu@4ax.com>.

If you don't allow direct downloads, but store all uploaded files in a
safe place outside the server's document root and deliver them with a
script, the web server can't execute any of them, which is the reason
for your current problem.

Micha

• Next in forum: Re: Help with session count code
• Prev in forum: Re: Query Help
• Thread view: Re: OT: security

[Reply to this message]