tedd wrote: > I can't imagine evil code still working after someone resizes the file. >
Yeah, but the uploaded OpenOffice Writer doc won't look too good either... :) I prefer to move files to an off-line store, run them through a unix 'file' command (with a mime-type magic file) to get the mime-type, use that to decide whether or not to accept, and then serve them back to clients through a script. As an optional step, on really paranoid systems, I run a virus scan over the upload (with clamav, usually). <troll> I'm not exactly sure what all the fuss is about protecting IE users from malicious code - if they care then they shouldn't be using IE, and if they don't care they shouldn't be on the internet. </troll> Tim's efforts do seem to be a bit of overkill... -- Peter Ford phone: 01580 893333 Developer fax: 01580 893399 Justcroft International Ltd., Staplehurst, Kent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
