Check out Symmetric Chess, our featured variant for March, 2024.


[ Help | Earliest Comments | Latest Comments ]
[ List All Subjects of Discussion | Create New Subject of Discussion ]
[ List Earliest Comments Only For Pages | Games | Rated Pages | Rated Games | Subjects of Discussion ]

Single Comment

How to Design and Post Your Own Game. A reference for those who want to post their own games here.[All Comments] [Add Comment or Rating]
H. G. Muller wrote on Mon, May 18, 2020 03:55 PM UTC:

... I can't let archives unpack indiscriminately, because that would allow hackers to upload server-side scripts.

Indeed, that is a worry. Is the server configured to execute scripts anywhere, or just in some designated directories? It should still be made impossible to unpack anywhere outside the directory intended for the article. But I suppose that archiving commands to extract files can be called in a way that they ignore directory structure, and save everything in the current directory.

Savest would probaby be to extract everything to a temporary directory not accessible through the net, and then only copy files with some allowed extensions to the target directory, and delete what is left over.