g.wygonik's old home on the web
Post details: Flash FileReference.browse bypass filetype
07/30/07
12:34:07 pm, Categories: FlashFlash FileReference.browse bypass filetype
This is more of a note to people that might encounter the same issue than it is a complaint or "OMG A BUG!!!" post... This is definitely one of those easy-to-overlook items, and not something that I've seen noted online.
When you browse for a file via the Flash FileReference.browse() method and have supplied a filetype description/extension filter, a user can bypass the filter by simply typing in the name of the file they wish to upload.
This is fairly consistent with HTML file uploads in browsers, as most (if not all) ignore the "accept" filetype filter param and just upload whatever to the server.
So - you might want to double-check the file type in your onSelect function before sending to the server, and triple-checking on your upload script. Just don't count of the file being what you set the filter for.
Comments:
No Comments for this post yet...
Comments are closed for this post.
Categories
Search
Archives
- November 2011 (1)
- January 2009 (1)
- December 2008 (1)
- May 2008 (2)
- March 2008 (1)
- January 2008 (1)
- December 2007 (1)
- September 2007 (1)
- July 2007 (2)
- April 2007 (1)
- February 2007 (3)
- January 2007 (2)
- more...
Misc
The opinions expressed on this blog are those of the author only and are not necessarily those of his employer.
This work is licensed under a
Creative Commons License.
powered by
Original template design by François PLANQUE.
