PEAK XOOPS - Re: Protector protects from a legitimate upload. in englishin japanese

Top > XOOPS Modules >Protector >Protector protects from a legitimate upload.

Re: Protector protects from a legitimate upload.

List posts in the topic

none Re: Protector protects from a legitimate upload.

msg# 1.3.2.1
depth:
3
Previous post - Next post | Parent - No child | Posted on 2007/8/31 4:30
GIJOE  ÀèǤ·³Áâ   Posts: 4110
Quote:

vaughan wrotes:
the submit form uses $_FILES['userfile']['name'] & $_FILES['userfile']['type']
You should know $_FILES[]['type'] has non-sense at all.

And if you dare to use $_FILES[]['name'], filter it by white list like
preg_replace( '/[^0-9a-zA-Z_-]/' , '' , $_FILES[]['name'] ) ;

And its extension should be set by file contents (check by getimagesize()).

If the file is not a image, don't place it under DocumentRoot.
Votes:1 Average:10.00

Posts tree

  Advanced search

Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!