security question
I use the image uploader to allow public members to upload images. I have reading up on c99 shell attacks and was wondering if there was anything built in to this to prevent this type of attack.
I use the image uploader to allow public members to upload images. I have reading up on c99 shell attacks and was wondering if there was anything built in to this to prevent this type of attack.
with a public page allowing file uploads in HTML Editor, there are a few things you will want to edit in the webassist/kfm/initialize.php file
first, only allow image uploads:
$kfm->defaultSetting('only_allow_image_upload',1);
edit the banned upload array to include every combination of php.imgExtension you can think of, for example:
$kfm->defaultSetting('banned_upload_extensions',array('php.jpeg','php.jpg','php.png'));
you may also want to add js.imgExtesnion to the banned list to.
ahhhh excellent idea, thanks Jason
Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.
These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.