Quote:
vaughan wrotes:
the submit form uses $_FILES['userfile']['name'] & $_FILES['userfile']['type']
You should know $_FILES[]['type'] has non-sense at all.
And if you dare to use $_FILES[]['name'], filter it by white list like
preg_replace( '/[^0-9a-zA-Z_-]/' , '' , $_FILES[]['name'] ) ;
And its extension should be set by file contents (check by getimagesize()).
If the file is not a image, don't place it under DocumentRoot.