file-type of upload
Moderator: General Moderators
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
as long as the file is returned as an image, it's the problem of the browser not exploding due to a buffer overflow or some other security issues. Basically, as long as you treat it like a file and not a script, you should be okay. Making sure you save the file as the type returned by getimagesize() and not the extension the user uploaded will protect you a bit further. 
-
Charles256
- DevNet Resident
- Posts: 1375
- Joined: Fri Sep 16, 2005 9:06 pm