Was just sharing it as an example. I was *convinced* this was secure since it was an immediate check. I couldn't check it in cffile cuz I needed to support multiple different extensions.
On Sun, Jun 16, 2013 at 10:34 AM, Russ Michaels <[email protected]> wrote: > > ok but that issue would only occur if you DO NOT check the file extension > before uploading it to the server, which is what you were doing, you were > uploading it and then validating it afterwards. > obviously I would not suggest anyone does that, you should definitely check > the file extension before you upload anything to the server and not accept > any type of file which can be executed. > > > On Sun, Jun 16, 2013 at 4:21 PM, Raymond Camden <[email protected] > >wrote: > > > > > On Sun, Jun 16, 2013 at 9:45 AM, Russ Michaels <[email protected]> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355948 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
