double-extensions in apache?
Eric Shubert
ejs at shubes.net
Sun Mar 20 14:16:25 MST 2011
On 03/20/2011 01:11 AM, Joseph Sinclair wrote:
>
> There are tools to check your site and ensure everything is clean with extensions, metadata, etc... Those should be used by everyone developing a website.
> There are also settings to disable content-type-determination on uploads, and those should ALWAYS be enabled.
I'd like to be clear about this. Do you mean to say that the setting to
disable content-type-determination should be enabled (which appears to
be what you said), or that the content-type-determination setting should
be enabled?
> It's OK to guess the content type of a file in the filesystem, but an HTTP PUT request is supposed to *tell* you the mime type, and if it doesn't then the sender simply cannot be trusted to put content to your site.
>
> Just my thoughts on the matter.
>
> ==Joseph++
>
--
-Eric 'shubes'
More information about the PLUG-discuss
mailing list