On 10/06/10 12:14, Seebs wrote:
not sure what else i could do to guard against anything bad
happening. maybe the file name itself could cause greif?
Obvious things:
* File name causes files to get created outside some particular
upload directory ("../foo")
* File name has spaces
* Crazy stuff like null bytes in file name
* File names which might break things if a user carelessly interacts
with them, such as "foo.jpg /etc/passwd bar.jpg" (all one file name
including two spaces).
And depending on the system, Win32 chokes on filenames like
"nul", "con", "com1"..."comN", "lpt1"..."lptN", and a bunch of
others.
-tkc
--
http://mail.python.org/mailman/listinfo/python-list