On 10/06/10 12:14, Seebs wrote:
not sure what else i could do to guard against anything bad happening. maybe the file name itself could cause greif?Obvious things: * File name causes files to get created outside some particular upload directory ("../foo") * File name has spaces * Crazy stuff like null bytes in file name * File names which might break things if a user carelessly interacts with them, such as "foo.jpg /etc/passwd bar.jpg" (all one file name including two spaces).
And depending on the system, Win32 chokes on filenames like "nul", "con", "com1"..."comN", "lpt1"..."lptN", and a bunch of others.
-tkc -- http://mail.python.org/mailman/listinfo/python-list
