On Wed, May 17, 2006 11:29 am, Jason Wong wrote: > On Tuesday 16 May 2006 07:45, Richard Lynch wrote: >> On Mon, May 15, 2006 1:58 am, Jason Wong wrote: >> > 2) the uploaded file is a "script" (perl/php/python/etc) >> > >> > In the case of (2), if the script relies on its shebang line to >> > execute >> >> Not necessarily -- What if I upload an "image" file named >> "badscript.php" and then I surf to it, after it's in your /images >> directory? > > I was assuming that any developer who allowed image files to be named > *.php would be hung, drawn & quartered and shot a few times for good > measure :)
I'd rather assume that PHP newbies will write any damn code that works, and not worry about picuyane things like the extension on an image, because they don't know any better. I believe I'm being more realistic that way. :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
