[lug] php file upload vulnerability

Hugh Brown hugh at vecna.com
Wed Jul 3 19:15:33 MDT 2002


I was looking at installing some web applications that rely on php
(horde/imp, gallery).  I remember seeing that there was a problem with
file upload and that a workaround was to turn the ability to do file
uploads off in php.ini.

I want to install via rpm if possible because of its ease of upgrade. 
Are the rpms for redhat just a patch that turns off file upload are is
the problem fixed.  I will need to turn on the file upload so that I can
let people upload photos for gallery (I'm not sure what horde/imp's
needs are in that regard).

Hugh






More information about the LUG mailing list