rejetto forum
Software => HFS ~ HTTP File Server => Topic started by: Mars on October 24, 2007, 11:46:07 PM
-
Rejetto
uploads for hfs.diff.tpl give "File name or extension forbidden" GOOD
but it is possible to overwrite vfs file and hfs.ini by upload DANGEROUS
-
Rejetto
uploads for hfs.diff.tpl give "File name or extension forbidden" GOOD
but it is possible to overwrite vfs file and hfs.ini by upload DANGEROUS
You'll manually have to set them in the upload filter, but it couldnt hurt to have *.vfs and hfs.ini default in the filter aswell.
-
uploads for hfs.diff.tpl give "File name or extension forbidden" GOOD
but it is possible to overwrite vfs file and hfs.ini by upload DANGEROUS
the tpl is forbidden by default because it is normal to have such file in an upload folder, to customize it.
if you are able to describe a situation where the user is NOT FOOL and needs to put the vfs/ini inside the upload folder, then i'll consider it ;)
-
if you are able to describe a situation where the user is NOT FOOL and needs to put the vfs/ini inside the upload folder, then i'll consider it
For the vfs / ini: it is possible by mistake to put the file of hfs.exe unprotected upload and to crush the corresponding files for every user, thus all the server
the tpl is forbidden by default because it is normal to have such file in an upload folder, to customize it.
On the other hand it should be possible to be able to uploader a hfs.diff.tpl file for the persons authorized by the administrator of the server.
We can envisage a server on which the directories are created for every type of template existing and being able to be updated in distant for the last versions by their owner and in only reading for the others
-
if you are able to describe a situation where the user is NOT FOOL and needs to put the vfs/ini inside the upload folder, then i'll consider it
For the vfs / ini: it is possible by mistake to put the file of hfs.exe unprotected upload and to crush the corresponding files for every user, thus all the server
"by mistake" is the way you describe the situation.
my advice is to keep away any gun from your bedside table.
We can envisage a server on which the directories are created for every type of template existing and being able to be updated in distant for the last versions by their owner and in only reading for the others
that's not exactly what we are aiming to at the moment.
-
None of This explains how to create a fillter....
EXAMPLE:
I want all people who don't have a login to be restricted to uploading a file to only one dir "Public" {DONE} No filltering everything execpt .gif
I want only .gif to be uploaded....how do I do this?
-
I want only .gif to be uploaded....how do I do this?
I think tou had to invert the logic with a /
so you should try "/*.gif" in the filter and see if that works.
-
\
not /
this topic didn't meant to be a guide
the official documentation on how to write filters is here
http://www.rejetto.com/wiki/index.php?title=HFS:_File_masks
-
lol, Thanks for correcting me rejetto.
-
filter for upload is by default \HFS.* all files begining by hfs. are not allowed,
changing this default by * will enable overwrite files like hfs.diff.tpl in a sub folder
function complyUploadFilter():boolean;
var
s: string;
begin
if f.isTemp() then s:=f.parent.uploadFilterMask
else s:=f.uploadFilterMask;
if s = '' then s:='\hfs.*'; // the user can disable this default filter by inputing * as mask
result:=fileMatch(s, optAnsi(tpl.utf8, conn.post.filename));
if result then exit;
data.uploadFailed:='File name or extension forbidden';
end; // complyUploadFilter