Upload fayiloli sune gama ya jisa sai cike haɗari mai mahimmanci — fayiloli marasa amfani zasu iya haifar da aiwatarwar lambar, yadasassun cuta, ko nakacewar tsarin. Tabbatarwa na upload ta buƙaci guba nau'in fayiloli, girman, da abun ciki, ajiyar fayiloli cikin tsafta, da kinajeye suki jiya.\n\n## Haɗarin upload fayiloli\n\ntext Allowing users to upload files is dangerous if not secured: ✗ MALICIOUS executable/script files → could run on the server (e.g. uploading a web shell / script that gets executed → server compromise) ✗ MALWARE distribution (files served to other users) ✗ Oversized files → denial of service (disk/memory exhaustion) ✗ Path traversal in filenames (../../) → overwrite system files ✗ Files with misleading types/content (a .jpg that's actually a script) \n\n## Tabbatarwa na upload fayiloli\n\n```text
✓ VALIDATE file TYPE → check the actual CONTENT/MIME (not just the extension, which lies);
ALLOWLIST permitted types (don't blocklist); reject everything else
✓ LIMIT file SIZE → prevent resource exhaustion (max upload size)
✓ Don't execute uploads → store OUTSIDE the web root; never serve from an executable
directory; serve via a handler (not directly executable)
✓ RENAME files (random/generated names) → avoid path traversal and overwrites; sanitize
filenames
✓ SCAN for malware where appropriate; set correct Content-Type/Content-Disposition when serving
✓ Use separate storage/domain or object storage (S3) for user files; access controls
