I seem to dimly remember a lib that somene wrote which will actually check
the headers in the files to make _absolutely_ sure you're actually loading a
jpeg, gif, etc etc.
it was very cool :)
_alex
--
Alex Black, Head Monkey
[EMAIL PROTECTED]
The Turing Studio, Inc.
http://www.turingstudio.com
vox+510.666.0074
fax+510.666.0093
Saul Zaentz Film Center
2600 Tenth St Suite 433
Berkeley, CA 94710-2522
> From: [EMAIL PROTECTED] ("Matt Williams")
> Newsgroups: php.general
> Date: 11 Jan 2001 03:11:21 -0800
> Subject: RE: [PHP] File Uploading Security - Urgent please
>
>
> if(ereg("jpg|jpeg|gif$",$userfile_name))
> {
> do something
> }
> else
> {
> this file is not allowed
> }
> This will check that the uploaded file has the correct extension.
>
> Where $userfile is the upload field name in the form
>
> M@
>> -----Original Message-----
>> From: Statbat [mailto:[EMAIL PROTECTED]]
>> Sent: 11 January 2001 11:00
>> To: PHP-General
>> Subject: [PHP] File Uploading Security - Urgent please
>>
>>
>> Hello,
>>
>> I am doing file uploading of only jpg file format, It first copys
>> in tmp directory then I copy it in main.... well you all know the
>> procedure... neways what I am concerned is how can I check that
>> the file in temp is correct file and is safe for me to copy it in
>> the main folder?
>>
>> Regards
>> Statbat
>>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
