The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)
Tim Chase
python.list at tim.thechases.com
Mon Aug 22 13:32:06 EDT 2016
On 2016-08-23 02:20, Chris Angelico wrote:
> It generally will (or rather, only if the file has one of a
> particular set of extensions). Automatic thumbnailing is usually
> done only for certain file names. I don't know of anything that
> opens every single file to see if it has a JFIF signature (etc for
> PNG and whatever other types).
How about a web server that opens arbitrary files. Compare any of
https://technet.microsoft.com/en-us/library/nonexistent.aspx
https://technet.microsoft.com/en-us/library/doesnotexist.aspx
https://technet.microsoft.com/en-us/library/asdf.aspx
vs
https://technet.microsoft.com/en-us/library/con.aspx
https://technet.microsoft.com/en-us/library/lpt1.aspx
https://technet.microsoft.com/en-us/library/com1.aspx
https://technet.microsoft.com/en-us/library/nul.aspx
This is FREAKING MICROSOFT and it breaks things. It's not like
anybody would open arbitrarily-named files...
-tkc
More information about the Python-list
mailing list