On 8/26/06, Rob Church <robchur(a)gmail.com> wrote:
The most we could do is to check that the extension
was on the allowed
list; we'd still have to check *what* the user uploaded afterwards and
make sure it was still allowed.
If by any chance, anyone works on this, would it also be possible to
do the name check *before* the upload, rather than afterwards? It's
happened to me a couple of times that I've uploaded a file of several
meg, wandered off, and found out later that it's waiting for me to
confirm that I really do want to take the incredibly drastic step of
replacing the spaces in the name with underscores.
(even better, skip that confirmation altogether)
Steve