I don't know if this has been discussed before. I've search the forum, but maybe I missed it.
I have the new file upload mod up and running, both on my server and offline under win 95, and it all seems to be working fine, except I'm having a problem validating the uploaded file.
It will catch the allowed file extensions, .gif and .jpg, and also file size, but that's all.
It's not checking for forward or backward slashes, periods, or even if it's actually a file.
So if you type in a file that doesn't exist ie, wsw/.lo..\asw.jpg, it thinks that it is a valid file and renames it to match $db_key. Naturally the file doesn't exist and contains 0 bytes, but it still tries to print it anyway.
Would it be something to do with $filekey not being passed correctly through CGI.pm. I'm not sure how that bit works.
Has any one else had this problem.
thanks
Bob
I have the new file upload mod up and running, both on my server and offline under win 95, and it all seems to be working fine, except I'm having a problem validating the uploaded file.
It will catch the allowed file extensions, .gif and .jpg, and also file size, but that's all.
It's not checking for forward or backward slashes, periods, or even if it's actually a file.
So if you type in a file that doesn't exist ie, wsw/.lo..\asw.jpg, it thinks that it is a valid file and renames it to match $db_key. Naturally the file doesn't exist and contains 0 bytes, but it still tries to print it anyway.
Would it be something to do with $filekey not being passed correctly through CGI.pm. I'm not sure how that bit works.
Has any one else had this problem.
thanks
Bob