Manages uploads via HTML forms processed by PHP, uploads to Silverstripe's default upload directory, and either creates a new or uses an existing File-object for syncing with the database.

By default, a user can upload files without extension limitations,
which can be a security risk if the webserver is not properly secured.
Use to limit this list,
and ensure the "assets/" directory does not execute scripts
provides a good start for a list of "safe" extensions.