Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

› WebAssist Forums › Data Bridge › HTML Editor (formerly iRite) › security question

security question

Thread began 4/01/2011 7:35 am by gruant2000381341 | Last modified 4/04/2011 6:56 am by Jason Byrnes | 1690 views | 3 replies |

4/01/2011 7:35 am | #1 gruant2000381341

security question

I use the image uploader to allow public members to upload images. I have reading up on c99 shell attacks and was wondering if there was anything built in to this to prevent this type of attack.

4/01/2011 2:29 pm | #2 Jason ByrnesWebAssist

with a public page allowing file uploads in HTML Editor, there are a few things you will want to edit in the webassist/kfm/initialize.php file

first, only allow image uploads:
$kfm->defaultSetting('only_allow_image_upload',1);

edit the banned upload array to include every combination of php.imgExtension you can think of, for example:
$kfm->defaultSetting('banned_upload_extensions',array('php.jpeg','php.jpg','php.png'));

you may also want to add js.imgExtesnion to the banned list to.

4/01/2011 3:46 pm | #3 gruant2000381341

ahhhh excellent idea, thanks Jason

4/04/2011 6:56 am | #4 Jason ByrnesWebAssist

you're welcome.

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.