Nginx and uploads
Valentin V. Bartenev
ne at vbart.ru
Wed Aug 29 11:04:47 UTC 2012
On Tuesday 28 August 2012 19:02:31 w00t wrote:
> This seems odd. If it wasn't meant for Nginx to process uploaded files,
> then it couldn't have processed them by itself.
You should do this task in your application and it's not odd (see below why).
[...]
> So I am inclined to think that there must be a way to set the filename
> without going to such lenghts as to change the code.
Just rename the uploaded file is not enough. You also need to validate its
content. Otherwise, you will open a potential security hole in your server.
wbr, Valentin V. Bartenev
More information about the nginx
mailing list