Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Directory Traversal - sanitize_filename()
Directory Traversal - sanitize_filename()
  • El Forum
    Unregistered
  •  
#1
11-05-2012, 07:32 PM

[eluser]echo_boom[/eluser]
If I use the File Upload Class and rename the image being uploaded using
Code:
$config[‘file_name’]
, do I still have to use
Code:
$this->security->sanitize_filename()
on that image being uploaded?
  • El Forum
    Unregistered
  •  
#2
11-06-2012, 05:12 AM

[eluser]echo_boom[/eluser]
Does the danger from directory traversal come from PROCESSING an unsafe filename OR does the danger come from STORING an unsafe filename as it was originally named?

For example: if someone were to try and upload an image with an unsafe filename, and you simply renamed it, is everything ok? OR do you have to sanitize the filename BEFORE you rename it or do any kind of processing?




Theme © iAndrew 2016 - Forum software by © MyBB