The author suggests not allowing uploads of files with specific extensions. That's ignoring the root cause of the problem: allowing uploads into a folder that your web server knows about. Why would you do that? Save all your uploads into some isolated directory on disk that the web server knows nothing about. What am I missing here?
