[pmwiki] [Pmwiki-users] batch uploads
Patrick R. Michaud
pmichaud at pobox.com
Sat May 17 07:57:56 CDT 2003
On Sat, May 17, 2003 at 08:32:03AM +0200, Bernhard.Weichel at t-online.de wrote:
> Would it make sense having an action that uploads a zip archive and unpack
> this on the server?
Good idea, but it might be difficult to enforce file size or file extension
limits--i.e., the script would have to be smart enough to examine each
of the unzipped files and check them for safety. One has to be especially
careful to disallow uploading of ".php" files and other files that have
special meaning to the server; if someone can upload a .php file, then they
can execute arbitrary scripts on the server which is really bad.
If someone wants to write a script (or modify upload.php) along these
lines, be my guest. I probably won't attempt it anytime soon--a few too
many other things on my plate at the moment.
Another approach would be to provide a page with multiple file upload
boxes, since most browsers don't allow multiple files to be selected in
a single box.
Also, remember that both Apache and PHP enforce limits on the overall
size of an upload request, so combining multiple uploads into a single
request will tend to hit those limits more frequently (might not be
a problem for lots of situations however).
Pm
More information about the pmwiki-users
mailing list