As Aaron said below (above ? :P), customers are 'clever'. You need to take into consideration all of the weird things they might do including renaming files to match extension requirements and that might be either
a) way too time consuming to write tests for all of the cases, and from a business perspective it might not be feasible cost wise.
b) you most likely will miss something
Imho best thing is to treat all user input as junk all of the time, and constantly sanitize and compare with what you actually need.
Also remember that the web is 'typeless', so user input is always tricky to validate.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
As Aaron said below (above ? :P), customers are 'clever'. You need to take into consideration all of the weird things they might do including renaming files to match extension requirements and that might be either
a) way too time consuming to write tests for all of the cases, and from a business perspective it might not be feasible cost wise.
b) you most likely will miss something
Imho best thing is to treat all user input as junk all of the time, and constantly sanitize and compare with what you actually need.
Also remember that the web is 'typeless', so user input is always tricky to validate.