Nginx and uploads

Valentin V. Bartenev ne at vbart.ru
Wed Aug 29 11:04:47 UTC 2012


On Tuesday 28 August 2012 19:02:31 w00t wrote:
> This seems odd. If it wasn't meant for Nginx to process uploaded files,
> then it couldn't have processed them by itself.

You should do this task in your application and it's not odd (see below why).

[...]
> So I am inclined to think that there must be a way to set the filename
> without going to such lenghts as to change the code.

Just rename the uploaded file is not enough. You also need to validate its 
content. Otherwise, you will open a potential security hole in your server.

 wbr, Valentin V. Bartenev



More information about the nginx mailing list