PDA

View Full Version : Idea: Don't allow files to be attached with the names of VB files


VirtueTech
23 Dec 2001, 04:20
Hello,

My idea would be to have the attachment system read the name of the file the user was uploading to the site and check to see if it is a VB script name. If so deny the upload explaining that you cannot attach VB scripts to the site.

I'm pretty sure this would be reletively easy to do and would help the moderators out tremendously. Sometimes mods don't catch the script being online in large threads for quite some time.

Just a thought. :)

heretic
23 Dec 2001, 20:55
in the control panel, under vbulletin options, click on the allowed file types. as a default, .vbs files are not accepted.

JamesUS
23 Dec 2001, 21:56
He means vBulletin scripts (eg newreply.php, postings.php), not VBScript :)

VirtueTech
26 Dec 2001, 07:26
Exactly James

JamesUS
26 Dec 2001, 16:43
Only real problems with that as I see it is that people could still rename to eg newreply.php.txt.

Also some of the file names are very common (index.php etc) and blocking attachments of these could stop people attaching other files.

On a side note, if anyone does see threads containing full vB files please contact a moderator, either by email, ICQ, or using the 'report' link on every post.

exodus
27 Dec 2001, 00:12
Just don't allow attaching any .php files.. :)

Chen
27 Dec 2001, 07:24
exodus, I don't think so, .php files are pretty essential to some hacks and it's easier to just download them as is instead of renaming them from .php.txt.
And like James said, banning names like index.php or forum.php would hurt other members trying to attach these files.

We could put in a check for some PHP code in the file itself, but I can't think of any unique code only vB file have - and hacks don't.

VirtueTech
27 Dec 2001, 07:27
What about

@error_reporting(7);

JamesUS
27 Dec 2001, 11:20
That is far from unique - that is included in all my scripts and many others as a matter of course. And vB Hacks that require their own files technically should have that as well.