search

punkave / symfony2-file-uploader-bundle

Multiple file uploads, based on the BlueImp jQuery uploader. Makes it very easy to attach one or more files to whatever you're editing. It's also easy to present that list again on a later edit so that existing files can be managed side by side with existing attachments.
157 stars 86 forks source link

uploaded files are not renamed #37

Closed garak closed 11 years ago

garak commented 11 years ago

Not renaming uploaded file is a bad practice, since it can lead to security issues. A good example of renaming uploaded files is in https://github.com/dustin10/VichUploaderBundle/blob/master/Resources/doc/index.md#namers

boutell commented 11 years ago

Filenames are being properly validated. See trim_file_name and accept_file_types in UploadHandler and also allowedExtensionsRegex in FileUploader.

garak commented 11 years ago

Anyway, renaming is needed also for enforce uniqueness. What if a different file is uploaded with same name of an existing one?

boutell commented 11 years ago

It replaces the other file. We regard this as a feature, but it might be nice to make it optional at some point. I'd certainly consider a pull request.

On Thu, Jun 6, 2013 at 9:12 AM, Massimiliano Arione < notifications@github.com> wrote:

Anyway, renaming is needed also for enforce uniqueness. What if a different file is uploaded with same name of an existing one?

— Reply to this email directly or view it on GitHubhttps://github.com/punkave/symfony2-file-uploader-bundle/issues/37#issuecomment-19043918 .

Tom Boutell P'unk Avenue 215 755 1330 punkave.com window.punkave.com