skate wrote:
well, i was more thinking of, by default, only allowing say images,
documents and compressed files.
[...]
i can fully understand that determining an executable is a mean task, and
way out of the scope for what PHP needs to be.
there are more image and document formats around than there are
executable file formats i guess ...
but PHP already has the in
built functionality to check a file type, same way as i would check a file
when i have an upload script.
it is not really builtin, at least not enabled by default, and last time i
looked at it was even labled EXPERIMENTAL AFAIR (and i have to know ;)
i just think that if there's a default setting, it'll cure a lot of the
problems we get with un-educated users created wild upload scripts. most
things can be dangerous in one form or another, but would taking a few steps
like this really be more effort than it's worth?
i see your point, but checking the file type is only half of it as e.g.
M$Word documents may contain VBA macro viruses. so to really make sure
that no unwanted stuff gets uploaded you also need to apply virus checking
and stuff like that ...
--
Hartmut Holzgraefe <[EMAIL PROTECTED]>
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
