SilverStripe\Assets\Upload

Manages uploads via HTML forms processed by PHP, uploads to Silverstripe's default upload directory, and either creates a new or uses an existing File-object for syncing with the database.

<b>Validation</b>
By default, a user can upload files without extension limitations,
which can be a security risk if the webserver is not properly secured.
Use to limit this list,
and ensure the "assets/" directory does not execute scripts
(see http://doc.silverstripe.org/secure-development#filesystem).
provides a good start for a list of "safe" extensions.