httpd-apreq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Edward J. Sabol" <sa...@alderaan.gsfc.nasa.gov>
Subject Feature request: Apache2::Upload permissions
Date Tue, 15 Nov 2005 19:53:50 GMT
I know this has come up on this mailing list before, but I don't think
anything came of it. (Please correct me if I'm wrong.) It's a bit of a
security issue that there isn't a mechanism to specify the file permissions
when you $upload->link(). The only work around that I'm aware of is to
chmod() the file after calling the link() method, but there's still a short
window there where the file will have potentially incorrect permissions. My
suggestion is to add an optional argument to the link() method to specify the
file permissions (or file-specific umask if you prefer). I'd also like to see
support for an argument to Apache2::Request->new that allows you to specify
the permissions of the temporary file that may exist before you
$upload->link().

Thanks,
Ed

Mime
View raw message