is_executable() does not check whether a file's contents will do something useful (or dangerous, depending on one's viewpoint) when you execute the file.
It just checks if the file has been set as "executable" with http://php.net/chmod ANY file with ANY extension, or NO extension at all, can be an executable on Un*x systems. Your uploaded files should be chmod-ed to NOT be executable, in addition to trying to catch any invalid data contents. On Mon, January 7, 2008 11:30 am, Al wrote: > clearstatcache(); > if(is_executable(PATH_TO_SOURCE_DIR . $filename) > { > code > } > > Always returns true for: > foo.jpg > foo.php > foo.sh > > And even if I feed it a non existing file. > > I found one ref that said is_executable() doesn't work in safemode, > seems dumb > if true. > > If that's so, how can I test whether an uploaded file is executable? > > I'm on a NIX with Apache, etc. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
