TalkPHP - View Single Post

jordie · 09-30-2007, 07:30 PM

Sorry for the double post. But I'd also like to add Attack 4: Malicious files through form uploads

We're discussing it in this thread. Summary: Check the mime type and the file extension. Use white-lists and not black-lists when doing so. And if you're uploading images you can use the getimagesize() to triple check its a valid image. :)

09-30-2007, 07:30 PM	#19 (permalink)
jordie The Wanderer Join Date: Sep 2007 Location: Sydney, Australia Posts: 19 Thanks: 0	Sorry for the double post. But I'd also like to add Attack 4: Malicious files through form uploads We're discussing it in this thread. Summary: Check the mime type and the file extension. Use white-lists and not black-lists when doing so. And if you're uploading images you can use the getimagesize() to triple check its a valid image. :)