Or put it in a directory with no PHP or CGI.
On 1/22/06, jonathan <[EMAIL PROTECTED]> wrote:
> this is a little my fault. the example my friend showed me was a
> retracing of the example he saw in Pro PHP Security (p284).
> Basically, the short of the example is that a valid gif image could
> be
this is a little my fault. the example my friend showed me was a
retracing of the example he saw in Pro PHP Security (p284).
Basically, the short of the example is that a valid gif image could
be uploaded with the extension .php and pass a getimagesize because
it would have the necessary b
sorry guys if i'm wrong, but
if you have the required gd library, and a user changes the above to
exec(); a command, you might be in trouble, i might be wrong though... but
if you successfully hide the directory and dont tell the user where he
placed the file i think it would be pretty secur
Rory Browne wrote:
I'd be a bit skeptical about the possibly of embedding PHP code inside
a GIF file. Could you outline how he performed the task?
On 1/22/06, jonathan <[EMAIL PROTECTED]> wrote:
what is the best way to prevent malicious code from being uploaded
via a .gif file? A friend sho
i think you guys are talking about the using the gd library, it may be
possible so when you upload check for any php code or other data
On 1/22/06, Rory Browne <[EMAIL PROTECTED]> wrote:
I'd be a bit skeptical about the possibly of embedding PHP code inside
a GIF file. Could you outline how h
Perhaps this would be a problem if you wrote a PHP program to reverse
stenography on images it receives and execute them. ;-)
On Sun, Jan 22, 2006 at 10:58:37AM GMT, Rory Browne [EMAIL PROTECTED] said the
following:
> I'd be a bit skeptical about the possibly of embedding PHP code inside
> a
i think you guys are talking about the using the gd library, it may be
possible so when you upload check for any php code or other data
On 1/22/06, Rory Browne <[EMAIL PROTECTED]> wrote:
>
> I'd be a bit skeptical about the possibly of embedding PHP code inside
> a GIF file. Could you outline how
I'd be a bit skeptical about the possibly of embedding PHP code inside
a GIF file. Could you outline how he performed the task?
On 1/22/06, jonathan <[EMAIL PROTECTED]> wrote:
> what is the best way to prevent malicious code from being uploaded
> via a .gif file? A friend showed me how php could b
what is the best way to prevent malicious code from being uploaded
via a .gif file? A friend showed me how php could be embedded within
the .gif file. Does this problem also exist for .jpeg's?
thanks,
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.ph
9 matches
Mail list logo
