|
Posted by Geoff Berrow on 10/22/64 11:22
I've written a script which takes a couple of user image files and uses
them to create a watermarked image.
http://www.ckdog.co.uk/watermark.php
I'm checking the images like so:
if(!empty($_FILES['pattern']['tmp_name']) ){
if(is_uploaded_file($_FILES['pattern']['tmp_name'])){
if(
!$patternsize=getimagesize($_FILES['pattern']['tmp_name'])){
header('Location: watermark.php?nosize=2');
exit;
}
$patt=$_FILES['pattern']['tmp_name'];
}
}
It has been suggested to me that this is still insecure as people could
use 'character substitution hacks' to upload files to the tmp directory.
Comments?
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Navigation:
[Reply to this message]
|