Rasmus Lerdorf wrote: > I suppose we could suck all the code from the UNIX 'file' command into PHP
we already have ;)
someone at HP already did that for apache and i wrapped it up in ext/mime_magic
> The only way to upload a file and then execute it is to know > a little bit about the web server and upload specific file types the web > server is configured to execute.
maybe the request was also about client security? (just guessing, hard to tell with no links to the mentioned "bad publicity" in the original message ...)
like maybe windows EXE files getting uploaded to galeries?
sure, the application storing and providing the uploaded files *should* check that stuff itself, but most probably wont ... :(
what about some mechanism similar to your input filtering stuff that operates on uploads so that it becomes possible to enforce sitewide upload policies even in shared hosting environments using some sort of hooks?
PS to "skate" <[EMAIL PROTECTED]>: funny that you are worried about php file uploads but not about using the root account for communication ;)
-- Hartmut Holzgraefe <[EMAIL PROTECTED]>
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
