[pmwiki-users] File manager based on php?

Bronwyn Boltwood arndis at gmail.com
Thu Mar 17 11:53:22 CST 2005


On Thu, 17 Mar 2005 11:38:53 +0100 (CET), chr at home.se <chr at home.se> wrote:
> On Thu, 17 Mar 2005, Radu wrote:
> In addition, there are some drawbacks with pmwiki's upload mechanism, e.g.
> not able to upload several files at once.

That one can be annoying.

> > And yes, exe files as well as many other extensions should be banned.
> > pmwiki's inclusion rather than exclusion approach is great for this.
> 
> Could you explain why? (Pretend I'm a clueless user :-)

There are many Windows file types which can be used to run something
nasty, like .vbs, .pif, and .scr.  (If you get one of these attached
to an email from someone unknown, there's a 99% chance that it's a
virus.)  So, bad people could use your unprotected upload feature to
casually infect others with deity knows what.

Radu is saying that pmwiki lets you say "people can upload files of
types x, y, and z".  If you only need or want to allow a few types,
that could be much, much safer and easier to maintain than saying
"stop people from uploading files of types <several alphabets worth>."

Bronwyn



More information about the pmwiki-users mailing list