Re: [PHP] Need to check pdf for xss

2010-08-15 Thread Peter Lind
On 15 August 2010 06:14, Paul M Foster pa...@quillandmouse.com wrote: On Sat, Aug 14, 2010 at 10:36:07PM +0200, Sebastian Ewert wrote: Hi, before I allow to upload images I read them and check for several html tags. If they exist I don't allow the upload. Is their any need to check pdf

Re: [PHP] Need to check pdf for xss

2010-08-15 Thread Ashley Sheridan
On Sun, 2010-08-15 at 08:43 +0200, Peter Lind wrote: On 15 August 2010 06:14, Paul M Foster pa...@quillandmouse.com wrote: On Sat, Aug 14, 2010 at 10:36:07PM +0200, Sebastian Ewert wrote: Hi, before I allow to upload images I read them and check for several html tags. If they exist I

Re: [PHP] Need to check pdf for xss

2010-08-15 Thread Sebastian
OK THX to everyone. I will check the images with imagick and let the pdfs in adobes responsibility. One worry less. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Need to check pdf for xss

2010-08-15 Thread Ashley Sheridan
On Sun, 2010-08-15 at 11:51 +0200, Sebastian wrote: OK THX to everyone. I will check the images with imagick and let the pdfs in adobes responsibility. One worry less. Also, if you're really worried, try suggesting people use an alternative pdf reader. There are quite a few to choose from,

[PHP] Need to check pdf for xss

2010-08-14 Thread Sebastian Ewert
Hi, before I allow to upload images I read them and check for several html tags. If they exist I don't allow the upload. Is their any need to check pdf files, too? At the time I'm doing this, but the result is that many files are denied because of unallowed html tags. -- PHP General Mailing

Re: [PHP] Need to check pdf for xss

2010-08-14 Thread Peter Lind
On 14 August 2010 22:36, Sebastian Ewert seb2...@yahoo.de wrote: Hi, before I allow to upload images I read them and check for several html tags. If they exist I don't allow the upload. Is their any need to check pdf files, too? At the time I'm doing this, but the result is that many files

Re: [PHP] Need to check pdf for xss

2010-08-14 Thread Sebastian
Peter Lind wrote: On 14 August 2010 22:36, Sebastian Ewert seb2...@yahoo.de wrote: Hi, before I allow to upload images I read them and check for several html tags. If they exist I don't allow the upload. Is their any need to check pdf files, too? At the time I'm doing this, but the result is

Re: [PHP] Need to check pdf for xss

2010-08-14 Thread Peter Lind
I'm guessing you may have been referring to something like: http://kestas.kuliukas.com/JavaScriptImage/ - this actually does seem to be a valid threat to IE6 and would go undetected by the measures proposed. Checking an image for script tags seems to the only way to check if IE6 will render it as

Re: [PHP] Need to check pdf for xss

2010-08-14 Thread Paul M Foster
On Sat, Aug 14, 2010 at 10:36:07PM +0200, Sebastian Ewert wrote: Hi, before I allow to upload images I read them and check for several html tags. If they exist I don't allow the upload. Is their any need to check pdf files, too? At the time I'm doing this, but the result is that many files