suggestions please "what should i watch for/guard against' in a file upload situation?"
python.list at tim.thechases.com
Wed Oct 6 21:07:12 CEST 2010
On 10/06/10 12:14, Seebs wrote:
>> not sure what else i could do to guard against anything bad
>> happening. maybe the file name itself could cause greif?
> Obvious things:
> * File name causes files to get created outside some particular
> upload directory ("../foo")
> * File name has spaces
> * Crazy stuff like null bytes in file name
> * File names which might break things if a user carelessly interacts
> with them, such as "foo.jpg /etc/passwd bar.jpg" (all one file name
> including two spaces).
And depending on the system, Win32 chokes on filenames like
"nul", "con", "com1"..."comN", "lpt1"..."lptN", and a bunch of
More information about the Python-list