temporary uploaded files not deleted

When I use imagefield to upload image , I found that if I select a image and press upload, then it will upload to my server. it's a correct action.
However, if I uploaded a wrong image, then I replace another one image and press upload button. the wrong image that I have uploaded still exist in my server.

I guess if a hacker create a script to replace replace ad replace image. then many image will upload to my server. also, some user actually upload the wrong image , that also use of the server space.

Comments

mecano’s picture

Comment #1

mecano commented 10 November 2008 at 00:21

subscribing

Log in or register to post comments

greggles’s picture

Comment #2

he/him

English

Denver, Colorado, USA

commented 13 November 2008 at 19:46

Title:

is it a security issue ?

» temporary uploaded files not deleted

then it will upload to my server

Specifically where on the server does the file get uploaded?

Log in or register to post comments

mecano’s picture

Comment #3

mecano commented 13 November 2008 at 20:07

He means files are not physicaly replaced when you replace a file through the form, even when using the same name for replacing the same file, the new file gets incrementaly renamed filling up the server space with no reason.

Log in or register to post comments

drewish’s picture

Comment #4

drewish commented 1 December 2008 at 22:37

a filefield issue: #292151: Files are not deleted when replaced

Log in or register to post comments

drewish’s picture

Comment #5

drewish commented 1 December 2008 at 22:36

Status:

Active

» Closed (duplicate)

though temp files should be removed during the cron run.

Log in or register to post comments