Problem viewing image upload directory
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=18016
Printed Date: 13 April 2026 at 1:48pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: Problem viewing image upload directory
Posted By: dpyers
Subject: Problem viewing image upload directory
Date Posted: 18 January 2006 at 3:30am
|
Noticed that when I upload an image, I can see file names uploaded by
other people. The names don't mean a lot but if I click on one it
previews. Seems like this could eat a lot of badwidth as people browse
images.
Also, and more importantly, any directories in the image upload
folder are viewable and browsable. The window should only
display valid image extensions as set by the forum admin.
------------- 
Lead me not into temptation... I know the short cut, follow me. |
Replies:
Posted By: WebWiz-Bruce
Date Posted: 18 January 2006 at 10:03am
|
This is part of the Web Wiz RTE version 3. Files are first uploaded to a temp folder which is not viewable, once they have been checked out for malicous code, file size, etc. and included in a post are they placed in the public upload folder. You can set what files and images are allowed to be viewed in the public upload folder by editing the RTE_setup.asp files, but by defualt only safe file types can be viewed. The RTE file bowser will only allow you to move around the public upload folder and sub folders, and will only display allowd file and image types, so is quite secure. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: WebWiz-Bruce
Date Posted: 18 January 2006 at 10:05am
|
Sorry my mistake, I thought I had coded more security than that The only file types viewable in the RTE file browser are those set by the forum admin in the upload section, so you don't need to edit the RTE_setup.asp file to put in allowed file types. So yes only valid file types set by the forum admin are viewable. The image and file upload should be much more secure than in previous versions, and security has been taken into account when coding it. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |