Im re-writing a file hosting site, and I want to have the ability to host every single file type (instead of just having a whilelist of allowed extensions).
Im running nginx and linux. Site is built in php. I'd disable th upload of .php files.... but other than that.... is there anything else I should watch out for?
Here's a list of the extensions we tend to block on our php file upload system.
1st you would be best to save the files in a none accessible folder that way no one can run any files uploaded and second do a force download of every file, that way it can't be opened either.
Extension list :
bat
exe
cmd
sh
php
pl
cgi
386
dll
com
torrent
js
app
jar
pif
vb
vbscript
wsf
asp
cer
csr
jsp
drv
sys
ade
adp
bas
chm
cpl
crt
csh
fxp
hlp
hta
inf
ins
isp
jse
htaccess
htpasswd
ksh
lnk
mdb
mde
mdt
mdw
msc
msi
msp
mst
ops
pcd
prg
reg
scr
sct
shb
shs
url
vbe
vbs
wsc
wsf
wsh
Also here is a Javascript regular expression of the above:
/(\.|\/)(bat|exe|cmd|sh|php([0-9])?|pl|cgi|386|dll|com|torrent|js|app|jar|pif|vb|vbscript|wsf|asp|cer|csr|jsp|drv|sys|ade|adp|bas|chm|cpl|crt|csh|fxp|hlp|hta|inf|ins|isp|jse|htaccess|htpasswd|ksh|lnk|mdb|mde|mdt|mdw|msc|msi|msp|mst|ops|pcd|prg|reg|scr|sct|shb|shs|url|vbe|vbs|wsc|wsf|wsh)$/i
A cleaner maneer to solve the problem would be to setup a subhost (something like files.somewhere.com) or a directory, and disable execution via a .htacess (Users will be able to upload php script, but the server will send it instead of executing it).
The best way here is a combination of:
Disable execution in your upload dir.
Rename all files that you suspect: PHP, SH, BIN, etc or store all files compressed in ZIP/TAR files.
Use an antivirus (Dr. Web, ClamAV, etc) on the server and scan files regularly.
Related
I would like to know how I can load my own custom autocad files to the autocad working supported files without options inside Autocad software, but programmatically.
I have these following files that I want to load to supported files of autocad programatically ,
.cuix file
.vlx file
.mnl file
.mnr file
.fas file.
I tried with inno setup.
Honestly, I don't know how to do.
Please guide me or teach me how to do.
As per my understanding, you can achieve this stuff by Autoloading those File, while the AutoCAD is started, there is plenty amount of solution available on internet you may check this link1 Link2
Or you can refer below step(Before following this step read above link)
1.Write a function to load the required file as you mention in Question
(defun Load_File()
;To load CUIX file "<..MyPath.../MYMENU.CUIX>" replace this with you CUIX file path
(command "_MENULOAD" "<..MyPath.../MYMENU.CUIX>" "")
;To load VLX file "<..MyPath.../MY.VLX>" replace this with you VLX file e path
(command "_appload" "<..MyPath.../MY.VLX>")
;Loading a MNU file overwites the corresponding .MNR, .MNS and .MNC files. Keep in mind that if you make any custom toolbars ;and/or buttons using the graphical on-screen method - they will be wiped when you load the MNU
;(I am not sure about MNL/MNR file loading you may try this )
;To load MNLfile "<..MyPath.../MY.MNL>" replace this with you MNL file e path
(command "_appload" "<..MyPath.../MY.MNL>")
;To load Fas file
(load "<your .Fas file path/my.fas>"
)
(load_File)
2.save this file with name as Load_file.Lsp on trusted path (ie "c:/trusted path/...../Load_File.lsp")
(if lisp file is save in trusted path of AutoCAD so AutoCAD not show pop-up while lisp file is load )
3.make new lisp file so it can Autoload as AutoCAD is started with name "acad.lsp" put below code inside file (this code say that load our first "Load_File.lsp" file)
(load "c:/trusted path/...../Load_File.lsp")
this lisp file must be save in install directory of autocad (Ex. "C:\Program Files\Autodesk\AutoCAD 2018") this step is for automatically load "acad.lsp"
As soon as acad.lsp is loaded all your files are load in Autocad.
InnoSetup is a very good choice for You. I use it for few years and it let me do anything I need.
If You have InnoSetup installed, just click File->New and InnoSetup Script Wizard will guide you through the process of creation script. One of the steps is Application Files, where just select Your files mnu, cuix, fas whatever You like
After that compile ( just one click ) and You have Your setup.exe
Using Innosetup You may install files, but also manipulate OS registry - which may be helpful for Your application, but also set Acad supported files paths.
here
You can find more details about how to load Your application to Acad after is installed.
I want to write a selenium program on a site which I need as part of the process to browse a file from the operating system. How can I do that?
If you mean to use Selenium to open a html file on local, it's easy to do.
1. open the html file on browser
2. copy the url in browser address, it should be like:
file:///C:/workspace/js-projects/tey/protractor-cucumber-tey/reports/cucumber_report.html
3. put above url in browser.get()
Better way it's to caclcute the html file absolute path in your scritp dynamically (rather than hard code), then prefix with file://// on the path, possible need to replace '\' to '/' in path.
I don't know what you mean by "browse a file from the operating system."
If you mean choosing file to upload, you can.
see link below
https://www.programcreek.com/java-api-examples/index.php?api=org.openqa.selenium.remote.LocalFileDetector
If you want to browse a file in the local machine with the OpenFileDialog (not sure if this is what you are looking for), in my case, I created an autoIt script, building it as .exe and then call it from Java code (or any programming language you are using with Selenium).
I found an exmaple, it might works: https://github.com/ellysh/autoit-examples/blob/master/Helpfile/FileOpenDialog.au3
I have to download all site content and then parse the downloaded folder for "*.pdf" files. I am downloading site using wget -r --no-parent http://www.example.com/ But the problem is that sometimes link looks this
http://www.foodmanufuture.eu/dpubs?f=K20
and the dowloaded pdf is downloaded with name "dpubs?f=K20" and file format is not specified, it does not look like this "dpubs?f=K20.pdf", is there a way to check how many pdf files I have in this folder?
Have you tried the --content-disposition flag? From the man page:
If this is set to on, experimental (not fully-functional) support for "Content-Disposition" headers is enabled. This can currently result in extra round-trips to the server for a "HEAD" request, and is known to suffer from a few bugs, which is why it is not currently enabled by default. This option is useful for some file-downloading CGI programs that use "Content-Disposition" headers to describe what the name of a downloaded file should be.
So it tries to ask the server for a filename. I tried it for the URL you gave and it seemed to work.
You could use the command
file filename
Like this:
file pdfurl-guide
pdfurl-guide: PDF document, version 1.5
You could use:
file *
To know exactly which files in your folder are pdf files
I have a very particular case and I don't know if this is possible to be done.
I'm using NWJS to run a web app as a desktop app. I need to zip/package the source files because my code should not be available to eavesdroppers. This package will be delivered on a flash drive. And this is were my trouble begins.
There are a lot of .pdf file that must be shipped together with the package. The user can browse which pdf he wants to open, and when he clicks it, the pdf is "downloaded" to his pc. The content of the pdf is NOT available on the application. I have a list with the name of each pdf file.
If I zip/package the .pdf together with the source files it becomes a huge .nw file and it takes forever for my application to load. I need to mantain the pdf on a separate folder and they need to be accessible through the source code. This is easy if i run the application directly without packaging it, as nw uses the relative url to it's root, but when I do package nw uses a temp folder for the source files and I can't use relative url to access the pdf folder.
The only approach i can think of is to write a js script to identify where the flash drive was mounted but i don't know if this is possible.
I have to support Windows and Mac for this case.
Searching on NWJS google group i found that the answer was quite simple. These two lines returns the path where the nw bin is running. From there is quite simple to get the pdf folder.
var path = require("path");
pathstr = path.dirname(process.execPath);
I am trying to use WinSCP to access a remote HTML file, and I do have root permission. However, if I open that HTML, it seems that all the sources and scripts are dysfunctional, e.g no images, buttons etc are loaded, and no js functions work. So how can I open a HTML using WinSCP so that all the sources are loaded and work properly? Thanks a lot.
I assume you "Open" the HTML file from a remote panel of WinSCP.
This makes WinSCP download the file to a temporary local folder and open the file from there.
As all the references to images and java script files are typically relative paths, they won't work from the temporary folder as the referenced files are not there. So it cannot work.
Either you need to download all files (including images and .js) to a local folder and open the HTML there.
Or you actually want to open the file from the server, via HTTP.
For that use the WinSCP extension "Generate HTTP URL".