Form Processor Pro
I purchased Form Processor Pro Version 5.2, to validate and process my form, which also includes image uploads. The contents of the form are being forwarded to my mail which is great.
However, the form processes everything fine, apart from the image fields.
The script is only suppose to allow image uploads but when I test an upload of an mp3 for example, I get an error that it's not correct file, which is good, i don't receive the email, which is good also, but I receive the mp3 file in the attachment folder on the server.
The company's support desk have said that unfortunately the file will be uploaded to the attachments folder but it will be deleted soon (after ttl is ended) and not to worry about harmful scripts and viruses as no one can access the folder other than FTP.
I would appreciate an advice on whether I should ask for my money back or whether I'm being too cautious?
Any comments/suggestions are greatly appreciated.
The file has to be uploaded before any script can look at what it is and determine if it's the kind of upload you want to allow. Web scripts can't peek at the user's hard drive to look at the file before upload. The best any script can do is delete the file after it's uploaded if it's not allowed.
A good practice would be to make sure your attachments folder is not web-accessible and not executable.
Thanks for your reply :) How can I make sure the attachments folder is not web-accessible? At the moment the url to the attachments folder comes back with: You don't have permission to access ../site/attachments/ on this server, but when I enter: ../site/attachments/doc.wps it comes back with the Windows message to open or save the file.
Originally Posted by Dan Grossman
Having the files uploaded somewhere above the /site/ folder, so they're not accessible to the web server at all.