Posted: Sat Oct 08, 2005 5:36 pm
as long as the file is returned as an image, it's the problem of the browser not exploding due to a buffer overflow or some other security issues. Basically, as long as you treat it like a file and not a script, you should be okay. Making sure you save the file as the type returned by getimagesize() and not the extension the user uploaded will protect you a bit further. 