If you use the documented mechanism for handling file uploads, then there
is no such security problem. See
http://www.php.net/manual/en/features.file-upload.php
ie. use the move_uploaded_file() function.
-Rasmus
On Thu, 12 Jul 2001, Toby Goldstone wrote:
> Hi.
>
> I've (or rather the company
Hi.
I've (or rather the company I work for) recently transferred to a new new
PHP host (www.hotchilli.com). All is fine, but they do not allow file
uploads via a form, stating the following security risk:
Arbitrary file disclosure through PHP file upload
http://www.net-security.org/text/bugs/968
2 matches
Mail list logo
