|
|
Back to UserFriendly Strip Comments Index
|
Web Application help - PHP, APACHE, and Zip | by radiowave911 | 2007-07-10 05:53:38 |
|
How to get the files zipped? | by EnzoMatrix | 2007-07-10 06:46:25 |
| At this stage, the filenames will already |
by radiowave911 |
2007-07-10 07:26:32 |
have been inspected. Once the user starts a capture, they no longer have control of the filename(s) - they are generated by the capture program itself (TShark) but based on a user-supplied base filename. Before starting the capture, I clean up the input.
The download will be on a form where the filename is specified by using checkboxes - nothing can be typed in, and the values of the checkboxes will not equal the filename, just the record number from the database where the filename resides, so there should be no way to inject a path/name/whatever into the script by calling the processing script directly and passing parameters.
Thanks for the warning, though. Even though I am not releasing this on the open internet, I still am mindful of the attack potential. I have some people here who, while not necessarily knowledgable about PHP and such, will be able to destroy a website if they want to. I plan on having them test it before I make it available internally.
Once I am done, I am planning to try to package the whole thing up and release it, most likely under the GPL, unless legal has other ideas. |
|
[ Reply ] |
|
|
[Todays Cartoon Discussion]
[News Index]
|
|
