Support Forums

Can malicious user execute php code if html are allowed in fields or uploads

This is a discussion on Can malicious user execute php code if html are allowed in fields or uploads within the Technical Support forums, part of the Technical Support Forums category; Can malicious users execute php code if html are allowed in fields or uploads. Example 1. Allow html tags in ...


Go Back   68 Classifieds Forums > Technical Support Forums > Technical Support
Reload this Page Can malicious user execute php code if html are allowed in fields or uploads
Register FAQ Calendar Search Today's Posts Mark Forums Read

This topic is resolved.

If you have a similar issue that this thread does not address, open a new related support topic.
 
Thread Tools Display Modes
Old 06-25-2008, 03:40 PM   #1
Junior Member
 
Join Date: May 2008
Posts: 14
Rep Power: 11
j890432m is on a distinguished road
Default Can malicious user execute php code if html are allowed in fields or uploads
Can malicious users execute php code if html are allowed in fields or uploads.

Example 1. Allow html tags in description field

example 2: creating an extra field of type upload and file extension html. Since some servers, like mine is set to execute html as php, if someone inserts php into the uploaded file, will the php execute, or is there a way to prevent php and javascript etc. executions in such a file in order to limit it to pure html in order to have a nice and flexible display of text but without the danger.
j890432m is offline  
Old 06-25-2008, 04:34 PM   #2
68 Classifieds Staff
 
Eric Barnes's Avatar
 
Join Date: Mar 2006
Location: Belmont, NC
Posts: 5,497
Rep Power: 132
Eric Barnes is just really nice Eric Barnes is just really nice
Default
Yes they could and it is recommended to only allow txt,pdf,doc,etc. Although I have also seen viruses in doc files.

Anything uploaded that can be parsed can be used against your site.
__________________
Eric Barnes
68 Classifieds Developer
 Customer Area | Issue Tracker | Documentation | 68C Mods | 68 @ Twitter | My Modules
Eric Barnes is offline  
Closed Thread

« Adding Additional Tabs | What is difference between template directory checkout and membercheckout »
Thread Tools
Display Modes
Linear Mode Linear Mode



All times are GMT -4. The time now is 10:41 AM.

68 Classifieds - Archive - Top

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2011, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.2.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22