Re: filtering uploaded files — PHP — IT news, forums, messages

You are here: Re: filtering uploaded files « PHP « IT news, forums, messages

Posted by Richard Lynch on 03/30/05 06:59

On Tue, March 29, 2005 2:04 pm, A. S. Milnes said:
> On Tue, 2005-03-29 at 22:23, Richard Lynch wrote:
>> > //The mime type of the file, if the browser provided this information.
>> > $userfile_type=$_FILES['userfile']['type'];
>>
>> Nooooooooooooooo!
>
> Hmm - some very senior people disagree with you!

Please reference their publications, if possible.

It's just plain BAD security to trust this value for any real-world usage.

And it's made meaningless by the browsers not standardizing what they send
anyway.

--
Like Music?
http://l-i-e.com/artists.htm

Navigation:

Next in forum: HTTP RAW CONETNE question
Prev in forum: Re: [PHP] HELP , HELP ,HELP
Thread view: Re: filtering uploaded files

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация