Thanks Rasmus,
I thought there had to be function out there that could examine the actual
contents.
Now the question remains, would an ereg/eregi check for html/code/commands
work on a "jpg/jpeg" type file? From a brief examination of one, I note that
it's not text, but code. I tried writing
Rasmus Lerdorf <[EMAIL PROTECTED]> wrote:
> Are you afraid of someone embedding PHP in a .jpg file? That's not really
> an issue as your web server is probably configured to only serve up PHP as
> .php files. Likewise, your web server config is likely such that any .jpg
> file is served up as co
Are you afraid of someone embedding PHP in a .jpg file? That's not really
an issue as your web server is probably configured to only serve up PHP as
.php files. Likewise, your web server config is likely such that any .jpg
file is served up as content-type image/jpeg and as such it really doesn'
My question will probably expose my woeful lack understanding of security
breaches, but perhaps someone can enlighten me.
On my site, registered members will be allowed to upload jpg/jpeg
pictures. I'm concerned about possible security problems. First, is there a
way to ensure that a picture (
Hi
What I do is use the function GetImageSize(), if that returns x and/or y =
0 it probably isn't an image file and dump it.
Tom
At 05:06 AM 16/05/2002, you wrote:
>On Wed, 15 May 2002, Andre Dubuc wrote:
> > Actually, I figured out how to do it: a combination of checking:
> > if ( $_REQUEST['p
On Thursday 16 May 2002 03:06, Miguel Cruz wrote:
> On Wed, 15 May 2002, Andre Dubuc wrote:
> > Actually, I figured out how to do it: a combination of checking:
> > if ( $_REQUEST['pix']['type'] == "image/jpeg")} blah, blah, blah
>
> I'm pretty certain that the 'type' that appears here is just d
On Wed, 15 May 2002, Andre Dubuc wrote:
> Actually, I figured out how to do it: a combination of checking:
> if ( $_REQUEST['pix']['type'] == "image/jpeg")} blah, blah, blah
I'm pretty certain that the 'type' that appears here is just derived from
the file name, and therefore is not trustworthy
Thanks Miguel,
Actually, I figured out how to do it: a combination of checking:
if ( $_REQUEST['pix']['type'] == "image/jpeg")} blah, blah, blah
and then using 'fread' on the actual file itself, applying my 'eregi'
verification code. It works!
The problem before was that I was attempting
On Tue, 14 May 2002, Andre Dubuc wrote:
> My question will probably expose my woeful lack understanding of security
> breaches, but perhaps someone can enlighten me.
>
> On my site, registered members will be allowed to upload jpg/jpeg
> pictures. I'm concerned about possible security problems.
Have a look at the getimagesize() function. This function looks at the
actual file data, not the mime type nor the file's extension but the data
itself and tells you what sort of image file it is.
And no, it wouldn't really be after the fact because because stores the
file with a temporary rando
My question will probably expose my woeful lack understanding of security
breaches, but perhaps someone can enlighten me.
On my site, registered members will be allowed to upload jpg/jpeg
pictures. I'm concerned about possible security problems. First, is there a
way to ensure that a picture (
11 matches
Mail list logo
