A client-supplied value isn't going to be too useful - it can be spoofed, or
may not be present. (I believe a Windows browser would set the mime-type
based purely on the file extension, though I haven't tested this myself).
Then my apologies. I thought php determined the file type on upload, and not rely on user input as your're saying.
Makes me rethink some of my own code :)
Looking for opinions. Can a spoofed uploaded file hurt a script or a webserver??
Reason why Im asking is because, I looked over the magic.mime file on my server, and I see that it
doesn't support flash files (I may be wrong), of which I currently allow flash files to be uploaded.
So who knows what else it may not support.
I guess, can it really be bad for your script, your server, and/or your health??
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
