Thanks.
I'm concerned about the possibility of uploading and executing a
script on the server. Just this. I think I can avoid this by hiding
the file somewhere behind the public folder so the content is not
accessible via http.
On 24 Set, 13:31, Tom Evans wrote:
> On Fri, Sep 24, 2010 at 12:23
On Fri, Sep 24, 2010 at 12:23 PM, Federico Capoano
wrote:
> I can't trust the user because this field will be used in the
> frontend, which will be an app similar to the django admin, but much
> more limited.
>
> So according to what you said, there is no standard way to do this.
> the second solu
to message:
>date: 24.09.2010 06:23:55
>from: "Federico Capoano"
>to: "Django users"
>subject: Re: File Upload Content Type Verification
>
>I can't trust the user because this field will be used in the
>frontend, which will be an app similar to the django
I can't trust the user because this field will be used in the
frontend, which will be an app similar to the django admin, but much
more limited.
So according to what you said, there is no standard way to do this.
the second solution seems interesting.
But what if I wanted to restrict to images?
On Fri, Sep 24, 2010 at 11:28 AM, Federico Capoano
wrote:
> Is there a way we can check if a certain file being uploaded is really
> what it claims to be?
> Let's say I want to restrict files to PDF only, then I take a php
> script and I rename it PDF I can still upload it if using the
> following
Is there a way we can check if a certain file being uploaded is really
what it claims to be?
Let's say I want to restrict files to PDF only, then I take a php
script and I rename it PDF I can still upload it if using the
following custom FileField that I just worked out yesterday:
from django.db.m
6 matches
Mail list logo
