suggestions please "what should i watch for/guard against' in a file upload situation?"
Tim Chase
python.list at tim.thechases.com
Wed Oct 6 15:07:12 EDT 2010
On 10/06/10 12:14, Seebs wrote:
>> not sure what else i could do to guard against anything bad
>> happening. maybe the file name itself could cause greif?
>
> Obvious things:
>
> * File name causes files to get created outside some particular
> upload directory ("../foo")
> * File name has spaces
> * Crazy stuff like null bytes in file name
> * File names which might break things if a user carelessly interacts
> with them, such as "foo.jpg /etc/passwd bar.jpg" (all one file name
> including two spaces).
And depending on the system, Win32 chokes on filenames like
"nul", "con", "com1"..."comN", "lpt1"..."lptN", and a bunch of
others.
-tkc
More information about the Python-list
mailing list