Cheers, thats great,
in fact I recycled some code from a tutorial on the cake wiki
(http://wiki.cakephp.org/tutorials:beginners_only) to do what i wanted
fairly sucessfully.
I have another question regarding the safety of letting users upload
content to my database, as it seems a fairly risky business if you get
it wrong!
Firstly i check if the uploaded file exists and is a photo with
if ($file = $this->params['form']['userfile'])
and
if ((is_uploaded_file($file['tmp_name'])) and ($filedetails =
getimagesize($file['tmp_name'])))
Then I get the filestype to store in 'ext' by
$filename = $file['name'];
if (($pos = strrpos($filename, ".")) === FALSE) {
$this->Picture->invalidate('no_file');
} else {
$this->data['Picture']['ext'] = substr($filename, $pos + 1);
}
I then validate 'ext' in Picture.php using regex
'/^(?:jpg|jpeg|gif|png)$/i'
so that upload into the databse will be prevented before
$this->Picture->save($this->data)
It is a bit of a belt and braces approach, but is it safe?
would a non-picture file be able to still be uploaded to the temp
directory, and will it be able to execute if it was mailicous?
when should i read the file content into the database, and when would a
malicous piece of code be executed if it was uploaded sucessfully?
would it be when the "image" was viewed again?
Sorry for all the questions!
Cheers,
JP
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/cake-php
-~----------~----~----~----~------~----~------~--~---
