[pLog-svn] Glob::myFnmatch should be case-sensitive or not?
Oscar Renalias
oscar at renalias.net
Tue Jul 18 09:17:06 GMT 2006
And don't forget to write a test case to verify this, if possible :)
On 7/18/06, Oscar Renalias <oscar at renalias.net> wrote:
> I think we should modify the validator class that allows/disallows
> uploaded files, not the fnmatch method.
>
> On 7/18/06, Mark Wu <mark.wu at markplace.net> wrote:
> >
> >
> > I just find a security issue. It seems harmless, I guess ...
> >
> > I found if we use our own fnmatch function, it is case sensitive.
> >
> > So, If I do not allow user upload "*.exe" into the reosurce center. It only
> > ban a.exe, but not A.EXE or a.Exe ..
> >
> > Should we modify it to case-insensitive?
> >
> > Mark
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.lifetype.net
> > http://devel.lifetype.net/mailman/listinfo/plog-svn
> >
> >
>
More information about the pLog-svn
mailing list