[pLog-svn] Glob::myFnmatch should be case-sensitive or not?
Oscar Renalias
oscar at renalias.net
Tue Jul 18 09:15:59 GMT 2006
I think we should modify the validator class that allows/disallows
uploaded files, not the fnmatch method.
On 7/18/06, Mark Wu <mark.wu at markplace.net> wrote:
>
>
> I just find a security issue. It seems harmless, I guess ...
>
> I found if we use our own fnmatch function, it is case sensitive.
>
> So, If I do not allow user upload "*.exe" into the reosurce center. It only
> ban a.exe, but not A.EXE or a.Exe ..
>
> Should we modify it to case-insensitive?
>
> Mark
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
>
>
More information about the pLog-svn
mailing list