This would introduce cross-site scripting, and depending on the server's configuration, arbitrary code execution vulnerabilities.
See tstarling.com/blog/2008/12/secure-web-uploads/ for full details.
Great tutorial - thanks for the info.
What can you do if you want to allow users to upload muliple files in one go, e.g., not just one picture, but a whole bunch?
pls am working on an application and i already have a form to post my data to my server.i have it in this form:
then submit formCode:
<form action = "../upload.cgi method "post"
<text area name="Comments" rows=12 cols =78></text area>
pls i need a cgi program to take care of the posted data and save it to a directory in my site in a text file: ../htdoc/dotmove.txt
how can i do this am new in this forum
I'm trying to get this code to work on my windows system. Copied everything pretty much as laid out in the article, except to change some directories. When the form submits, I get a page with the CGI script listed. I set the permissions to allow execution. what am i missing?