On Tuesday 16 May 2006 07:45, Richard Lynch wrote: > On Mon, May 15, 2006 1:58 am, Jason Wong wrote: > > 2) the uploaded file is a "script" (perl/php/python/etc) > > > > In the case of (2), if the script relies on its shebang line to > > execute > > Not necessarily -- What if I upload an "image" file named > "badscript.php" and then I surf to it, after it's in your /images > directory?
I was assuming that any developer who allowed image files to be named *.php would be hung, drawn & quartered and shot a few times for good measure :) -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * ------------------------------------------ Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general ------------------------------------------ New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
