Maintainer: Nobody, feel free to modify or take over
This space is for User-contributed commentary and notes. Please include your name and a date along with your comment.
Note that as it is now, the recipe will allow the presence & size of any file accessible via the PHP script to be determined. To fix, take a look at what HandleDownload() in scripts/upload.php does when downloading an attached file. Also, for a relatively robust file size > string converter, take a look at Attachtable's AttachFilesizeString(), eg. from line 269 of thisΔ. —Eemeli Aro May 27, 2009, at 02:46 AM
The presence & size disclosure vulnerability is now fixed.
I didn't bother with the more involved formatting because (1) uploads over 10MB are highly unlikely (do I really need to format petabytes correctly?) and (2) someone would very quickly come along asking for additional formatting like KiB, "octets", etc. Maxim?