[imp] IMP 2.2.5: some problems
Chuck Hagenbuch
chuck@horde.org
Wed, 30 May 2001 10:06:24 -0400
Quoting Christopher Crowley <ccrowley@tulane.edu>:
> I commented out this entire if() and the upload worked. Should I test with
> this syntax and let you know how it works?
> if (!is_uploaded_file($file_upload))
> {
> break; /* ignore attempt to spoof us; back to composing */
> }
Yes, that's what I meant. You need a check there to make sure that someone
isn't putting "/etc/passwd" into the upload filename form value.
-chuck
--
Charles Hagenbuch, <chuck@horde.org>
Black and white and grey, all the shades of truth.