From 32c7212edb0488524a0eece98cb1e2321ee90c29 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 21 Oct 2013 15:35:05 +0300 Subject: Add CI_Upload:: option --- user_guide_src/source/changelog.rst | 1 + user_guide_src/source/libraries/file_uploading.rst | 5 +++++ 2 files changed, 6 insertions(+) (limited to 'user_guide_src/source') diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 053f57703..ecd0eb541 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -274,6 +274,7 @@ Release Date: Not Released - Added the **min_width** and **min_height** options for images. - Removed method ``clean_file_name()`` and its usage in favor of :doc:`Security Library `'s ``sanitize_filename()``. - Added **file_ext_tolower** config setting. + - Added **mod_mime_fix** option to disable suffixing multiple file extensions with an underscore. - :doc:`Cart library ` changes include: diff --git a/user_guide_src/source/libraries/file_uploading.rst b/user_guide_src/source/libraries/file_uploading.rst index a295d7427..ac56fabce 100644 --- a/user_guide_src/source/libraries/file_uploading.rst +++ b/user_guide_src/source/libraries/file_uploading.rst @@ -224,6 +224,11 @@ Preference Default Value Options Descripti **detect_mime** TRUE TRUE/FALSE (boolean) If set to TRUE, a server side detection of the file type will be performed to avoid code injection attacks. DO NOT disable this option unless you have no other option as that would cause a security risk. +**mod_mime_fix** TRUE TRUE/FALSE (boolean) If set to TRUE, multiple filename extensions will be suffixed with an + underscore in order to avoid triggering `Apache mod_mime + `_. + DO NOT turn off this option if your upload directory is public, as this + is a security risk. ============================ ================= ======================= ====================================================================== Setting preferences in a config file -- cgit v1.2.3-24-g4f1b