For 3 reasons: 1) avoid directory traversal attacks 2) avoid conflicts (two files uploaded with same name) 3) be able to identify which table and which record a file belongs to from the file name itself.
Massimo On Feb 9, 11:10 am, Wes James <[email protected]> wrote: > Massimo, > > I was looking through the archives and was looking to see if there was > any discussion on why file names are changed when they are upload when > the field is of type upload. I was looking at how plone does this and > it looks like it just retains the file name when you upload a file so > when you download it, it keeps the same name as was uploaded. I > thought you had said something about cross-site scripting, but I can't > find anything. Can you explain why files are being changed to some > form of uuid/uuid4 combo and the original named not retained? > > thx, > > -wj --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
