Ok, this is certainly an advanced topic.
I use phplib templates and have created a page with many 'global' template variables. The goal is to have users of my site submit their own templates to help out both themselves and other users of the site.
I created a page with instructions and example templates and a form which users can use to test their custom templates by uploading the three files that comprise each template
My concern is about security on these uploaded files. I'm running php4.02 so the 'is uploaded file' funciton is not available. I do not move the uploaded files from their original temp upload location and delete them when the script finishes.
So, is there a known insecurity (not necessarily a bug) that a user can exploit by using this form of mine?
p.s. I know that phplib handles the files as it should and does not parse any php if the user uploading the file happened to include any in their template.
