Brion Vibber wrote:
Smarter "evil JAR detection" that pokes through the ZIP file index
looking for Java classes and blocks the specific file would be a nice
addition, particularly if we were to do something foolish like enable
OpenDocument uploads on general-access sites. :)
There is a Zip extension for PHP which might be handy for this purpose,
though of course it's not enabled by default and may not be present on
any given setup. :(
Just make sure it'll fail gracefully if someone tries to upload 42.zip.
--
Ilmari Karonen