Daniel Mayer wrote:
I tottally agree -- but instead of banning certain file extensions I say we should think about only allowing certain ones. But at any rate, .exe and .zip should /never/ be allowed to be uploaded.
Also, is there an efficient way for the software to check uploads, for example, to see if in fact a file with an image extension is really an image and not an exe or mp3 in disguise?
A quick shell out to the "file" command should answer that nicely.
-- brion vibber (brion @ pobox.com)