Does every web server use an extension -> mime type map to decide what's treated as what? Does Symfony have access to the same map or is it using a map of its own to determine what's what?
I really think whitelisting file extensions is the safe and minimalist way to go. On Mon, Feb 8, 2010 at 1:41 PM, Amadeus <[email protected]> wrote: > I earlier suggested adding more preset mime_categories - something I > implemented on my sites - in the process I realized that my list was a > mile long just to allow for all the variations of safe files that I > found (read audio alone seems to have about 10!). So I strongly > suggest: > > 1. adding an option for nonallowed_mimes which is a lot easier to > achieve that scouring the net for a list. > > 2. setting a safe default. Yes it is up to the developer but I rather > like the safe by default rather than ridiculously unsafe by default. > > I think that most developers would want a) allow image uploads or b) > document uploads (images, pdf, doc, xls, mp3) - I have never come > across a need from a client to upload a php file or even an html. So a > default of "popular" documents might be good? > > -- > You received this message because you are subscribed to the Google Groups > "symfony developers" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/symfony-devs?hl=en. > > -- Tom Boutell P'unk Avenue 215 755 1330 punkave.com window.punkave.com -- You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en.
