Ashley Sheridan am Dienstag, 24. September 2013 - 18:22:
> In an earlier email I detailed some methods for validating other types, such
as DomDocument for HTML, XML, svg, etc, or fpdf for PDF.
>
Fine, gratulations!
> And on behalf images: GD you are using handles only
> >jpeg, gif and png. Ther
Tamara Temple am Montag, 23. September 2013 - 22:38:
>
> On Sep 23, 2013, at 1:36 PM, Domain nikha.org wrote:
>
> > Better solutions?
>
> One I have used, and continue to use in Apache environments, is place
uploads only in a place where they cannot be executed by turning off
such options and h
Ashley Sheridan am Montag, 23. September 2013 - 21:35:
> No, no, no! That is not a good stand-in for fundamental security
> principles!
>
> This is a better method for ensuring an image is really an image:
>
> if(isset($_FILES['file']))
> {
> list($width, $height) = getimagesize($_FILES['
Aziz Saleh am Montag, 23. September 2013 - 22:06:
> What Niklaus wishes for is a way to detect if an email message
contains an
> attachment by just reading the headers (correct me if I am wrong).
>
Yes, that's what I'm seeking :-)
> This isn't really a PHP issue. In any language you can't really
Negin Nickparsa am Montag, 23. September 2013 - 20:59:
> I have read your mail twice and still I could not get what you want
> exactly.
Sorry for my bad english!
What I want is, that the users of my webmail client can see at a glance,
if mails in their mailboxes have attachments or not. (Thats
Tim Streater am Montag, 23. September 2013 - 12:56:
> On 23 Sep 2013 at 11:37, Domain nikha.org wrote:
>
> > The problem is the weak PHP upload mechanism!
>
> I'd have said the problem is weak metadata provision - overloading the
filename for other purposes.
>
> --
> Cheers -- Tim
>
You a
Stuart Dallas am Montag, 23. September 2013 - 12:58:
> And, honestly, who would have a PHP file per language? I think it's
perfectly reasonable to not allow that, because duplicating PHP code
across many files is an incredible stupid way to support multiple
languages.
>
I agree!! Didn't even know
Tamara Temple am Montag, 23. September 2013 - 06:49:
>
> GoDaddy's default plesk-generated configuration for FastCGI-served PHP
files only looked to see if the file contained ".php" somewhere on it's
path - i.e. it would happily execute 'malicilous.php.txt' as php code,
even something ridiculous l
Hi Arno!
Seems to be the standard behaviour of Apache servers all over the
world!
I was testing this way:
First I renamed a real, proper GIF-file to "this.php.nice.gif", put it
in the root of my websites and called it with the browser. Result:
"Error 500 Internal Server Error". The logfile tells:
Hello all,
im posting this here, because the bug report system of "php.net" is not right
place for my problem. It's not a bug, but a wish - an I found there no
"wishlist" option at all.
I'm running my own webmail-client, written in PHP. It is stable, fast and
pretty, showing the full power of th
10 matches
Mail list logo
