SMF Support > Install and Upgrade Help

Important Notice: Do you use Filezilla? Avatars and Attachments lost?

<< < (14/18) > >>

Arantor:

--- Quote from: headstone on March 12, 2011, 09:43:31 AM ---Just a thought... Wouldn't it be far simpler to give these files an extension that can then be removed by the forum code upon detection?



--- End quote ---

Funny you should say that. The reason the files are stored without extension is to prevent the files being abused; there was a vulnerability a bit back that allowed files with extensions to be triggered by the server itself, which lead to a lot of forums being hacked.

Honestly, though, it's a bit of a poor showing that FileZilla assumes anything without an extension is 'likely a text file' by default... which is where the problem comes in.

Yes, in theory, it can be modified to have a generic extension that won't normally be executable - but it's a change that you won't see in SMF, certainly not before 2.1 at the earliest (if at all)

AncientDragonfly:

--- Quote from: Arantor on March 12, 2011, 12:09:54 PM ---Honestly, though, it's a bit of a poor showing that FileZilla assumes anything without an extension is 'likely a text file' by default... which is where the problem comes in.
--- End quote ---

Yes, I agree.  And if I remember correctly, this was an unannounced change in an upgrade from its previous default behavior where it assumed it was not a text file, which further compounded the problem for people who had the previous version installed.  Upgrades shouldn't change user settings without some sort of notice to the user.  (imo)

Ljungberg:

--- Quote from: Arantor on May 03, 2010, 06:30:01 AM ---Text mode == ASCII mode, they're one and the same.

When I'm using either FileZilla or WinSCP, I have it set to treat *everything* as binary.

--- End quote ---
including .htaccess?
Can I uncheck both "Treat files without extension as ASCII file" and "Treat dotfiles as ASCII file"
and then upload everything as binary?

thanks

ryry46d9:
OMFG ...
This should be it the admin panel.
I have moved my site 3 times and wondered why 50% of the attachments never made it.

now my question that I didn't see a answer on is, why don't all said images have extensions? this would make life so much easier  :P


but now I know what I been doing wrong, ThankYou for the heads up  ;D

Aleksi "Lex" Kilpinen:
The attachments don't have file extensions to make it harder to upload an executable file like a shell script and use it to take over the server ;)

Navigation

[0] Message Index

[#] Next page

[*] Previous page