[Typo3-dev] New extension: File Upload (comments requested)

Mads Brunn brunn at mail.dk
Tue Sep 2 22:45:37 CEST 2003


Off course :-)

This is one of the more obvious thing to check for. What I would like is if
someone could look at the source code and check if there's any way this
extension could be exploited by a malicious user. Also, if you can think of
any improvements I'm open to suggestions - as always.

Best regards

Mads

"Mathias Schreiber [netfielders]" <ms at netfielders.de> skrev i en meddelelse
news:mailman.1062487753.24007.typo3-dev at lists.netfielders.de...
> Mads Brunn wrote:
> > Yesterday I made a small extension public on typo3.org: File Upload. I
don't
> > have much experience with security issues and PHP and would like to hear
> > comments from experienced people who can make a statement on whether
this is
> > a "secure" plugin or how its' security can be improved.
>
> didn't look at it atm but do you check if PHP files are uploaded?
> Because if so, you could breach the whole system
>
>
> -- 
> Want support? Please read the list rules first:
http://typo3.org/1438.0.html
>






More information about the TYPO3-dev mailing list