PEAK XOOPS - Re: Protector protects from a legitimate upload. in englishin japanese

Top > XOOPS Modules >Protector >Protector protects from a legitimate upload.

Re: Protector protects from a legitimate upload.

List posts in the topic

none Re: Protector protects from a legitimate upload.

msg# 1.5.1
depth:
2
Previous post - Next post | Parent - No child | Posted on 2007/9/5 12:34 | Last modified
GIJOE  ÀèǤ·³Áâ   Posts: 4110
When I had read the class of media uploader in the core from xoops.org 1~2 years ago, it didnot look well-designed.

Checking MIME is non-sense at all.
It's just a member of user's post.

Even image files you have to check their contents.
(by getimagesize() etc.)

There is a major and bad browser named "Microsoft Internet Explorer".
Since the idiot browser ignores the header of "Content-Type", storing HTML as gif makes XSS.

Of course, attackers can post HTML file as ".gif" and "image/gif".
Votes:17 Average:10.00

Posts tree

  Advanced search

Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!