https://legacy.forums.gravityhelp.com/topic/filter-php-files-on-file-upload Gravity Support Forums Topic: Filter .php files on file upload en-US Sun, 19 Apr 2026 19:57:54 +0000 http://bbpress.org/?v=1.0.1 q https://legacy.forums.gravityhelp.com/search.php https://legacy.forums.gravityhelp.com/topic/filter-php-files-on-file-upload#post-3673 Mon, 01 Mar 2010 19:06:35 +0000 Carl Hancock 3673@https://legacy.forums.gravityhelp.com/ <p>Very good point and I remember doing this already so i'm going to have to look into why it is no longer in place and we will certainly correct it in the next release. </p> https://legacy.forums.gravityhelp.com/topic/filter-php-files-on-file-upload#post-3671 Mon, 01 Mar 2010 18:31:36 +0000 jhherren 3671@https://legacy.forums.gravityhelp.com/ <p>It seems dangerous to me that a user can upload a .php file through a file upload if no file extension are set, which is the default behavior for the file upload field. Since files are uploaded to an easily guessable path, this looks like a file inclusion vulnerability waiting to happen. </p> <p>I think you should consider filtering .php files (and .js, too) from being uploaded. Users wanting to submit .php files can package them in an archive such as a zip file. </p>