[imp] IMP 2.2.5: some problems

Chuck Hagenbuch chuck@horde.org
Wed, 30 May 2001 10:06:24 -0400


Quoting Christopher Crowley <ccrowley@tulane.edu>:

> I commented out this entire if() and the upload worked. Should I test with
> this syntax and let you know how it works?
> if (!is_uploaded_file($file_upload))
> {
>     break;  /* ignore attempt to spoof us; back to composing */
>  }

Yes, that's what I meant. You need a check there to make sure that someone 
isn't putting "/etc/passwd" into the upload filename form value.

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
Black and white and grey, all the shades of truth.