[TYPO3] does tt news accept exe and php (malicious) mime types ?
dave typo
typothree at gmail.com
Thu Jun 14 10:48:08 CEST 2007
great, except when people upload a file from the frontend, a php file
or an exe file can be attached. It looks like a security hole.
I know how to check extension types in php, but what are the
components of typo3 that checks extension or mime types?
what is the 'typo3 way' to check file types? I mean is there a
standard to follow that I could look at?
if anyone knows, its greatly appreciated
thanks,
-dave
On 6/13/07, Dmitry Dulepov <dmitry at typo3.org> wrote:
> Hi!
>
> dave typo wrote:
> > Could a user potentially upload an exe file or a php file using
> > ttnews' file attachment property?
>
> Take a look to near the upload box. You will see what it allows to
> upload and what does not (with "-" in front).
>
> It does not use mme types but checks extensions.
>
> --
> Dmitry Dulepov
> TYPO3 freelancer / TYPO3 core team member
> Web: http://typo3bloke.net/
> Skype: callto:liels_bugs
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>
More information about the TYPO3-english
mailing list