A few things to keep in mind are:
* Don't just validate against the MIME type submitted by the client,
verify the MIME type by inspecting the uploaded file directly.
* Image transformations help to prevent some exploits (i.e. by
stripping comment metadata).
* Uploaded files shouldn't be directly
@woodsman - No I agree with you.
I was simply showing him the media view because you he wanted to
supply downloads/files to users.
On Sep 1, 4:21 am, the_woodsman wrote:
> RE The media view - I try and avoid this unless it's a real security
> requirement, as it means every request for a simple
RE The media view - I try and avoid this unless it's a real security
requirement, as it means every request for a simple image requires
CakePHP to handle it, vastly increasing the load on yoru servers, and
the latency for that file.
An alternative is to save each file based on a UUID, or similar
Regarding the mimetype, it allows all mimetypes listed in the config
folder. If you want to restrict the type, use the file validation
behavior.
For the second part of your question. You would do a normal controller
action setup like /files/download/1 and then use the media view and
your own logi
Hey,
yeah that's what I intend to do. I used your Uploader to upload files
for testing purposes, this works well, BUT I think that the allowed
mimetypes are not working as they should. I can upload ANY file,
although I allowed only JPEG and GIF to the plugin. That's a bit
weird, but I'm sure I'll
Yeah but thats pretty pointless if your just uploading images.
But yes what you said would be the ideal situation if you want to do a
download system, or supply files to users.
On Aug 31, 4:56 am, Stinkbug wrote:
> There is one thing to keep in mind when uploading files and that's the
> securit
There is one thing to keep in mind when uploading files and that's the
security risks in uploading files to the webroot where people can
access them directly. It's generally recommended to upload files to a
directory outside of the webservers document root and give them a
unique name, so that the
Haha awesome, glad someone found it useful :]
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email
Hey,
this looks nice, and I like the fact that it can handle mutliple files
at one time!
I will try to implement this into my project, and then start to
customize it to fit my requirements. I want to create some records in
the database for each uploaded file, but I'm sure this is gonna work
with
Hey,
I couldn't wait and tried out your Plugin. And, well, it works like a
charme! It does everything I want to do right from the start, the data
I need is stored, I can even set the path where the files are uploaded
to within the action (so I can save the files in a separate directory
for each u
A few here:
- Check the extension as well as the mimetype
- Only allow certain types
- Check the filesize if needed
- Make sure the file is a valid file resource
- Make sure there are no errors upon uploading
I however have create a file upload plugin. You can use the plugin
itself or you can ta
Hey,
in my first "real" and own project, I want to implement the ability to
upload files to a user's account. The filetypes I need to be able to
upload are:
- PDF
- JPG
- GIF
- PNG
- XLS
- DOC
- OpenOffice Documents
- ZIP
- RAR
Before I start to implement a file-uploading action, I need to
cons
12 matches
Mail list logo