If that’s the case, do you think a sanitize method is more appropriate for this
situation? Perhaps one that could live inside an interceptor and possibly even
be overridden by those who think they know what they’re doing? This way you
wouldn’t have to reject the upload which in my opinion is no
Unless I'm mistaken this is to prevent issues when a developer uses the
file name, unsanitized, and potentially other malicious type injection via
specially crafted file names.
On Wed, Feb 12, 2025, 10:05 AM Burton Rhodes wrote:
> I agree with Greg.
>
> IMHO, character validation should be left
I agree with Greg.
IMHO, character validation should be left to the developer which depends
on their OS and file names supported therein. But if there needs to be
protection against a buffer overflow attack (I assume that is the
problem you are trying to solve?), then the length restriction sh
