file-type of upload

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

as long as the file is returned as an image, it's the problem of the browser not exploding due to a buffer overflow or some other security issues. Basically, as long as you treat it like a file and not a script, you should be okay. Making sure you save the file as the type returned by getimagesize() and not the extension the user uploaded will protect you a bit further. ;)
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

only if your server is set to process .jpg files as php files:-D
Post Reply