[pLog-svn] Glob::myFnmatch should be case-sensitive or not?
oscar at renalias.net
Tue Jul 18 09:15:59 GMT 2006
I think we should modify the validator class that allows/disallows
uploaded files, not the fnmatch method.
On 7/18/06, Mark Wu <mark.wu at markplace.net> wrote:
> I just find a security issue. It seems harmless, I guess ...
> I found if we use our own fnmatch function, it is case sensitive.
> So, If I do not allow user upload "*.exe" into the reosurce center. It only
> ban a.exe, but not A.EXE or a.Exe ..
> Should we modify it to case-insensitive?
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
More information about the pLog-svn