HTF???

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

Weirdan wrote:Well, you contradict yourself. You wanted people to upload php files:
Hockey wrote:I also want to let people have the power of uploading PHP scripts
and then you complain they did. :/
Unintentionally...

I want them to be optionally allowed to upload PHP scripts...the point is...in my demo I had PHP files restricted from uploading, not realizing that somefile.php.gif would be interpreted as PHP instead of a GIF returning garbage to the browser - I assumed wrong I admit...

The whole purpose of this thread was to figure out a practical way to allow uploads of arbitrary files except executables and make sure files which have the file extension GIF or PDF or ZIP or POO don't get executed as PHP or Perl scripts, etc... :)
Post Reply