it does check.. well it runs a java check then compares that with list of acceptable ones and then with the file.
Unfortunately both can be spoofed and haven't seen a real good solid solution yet. It's hard to believe there isn't a real good solid way yet. And if it did get by and it was set to be resized the image checker would puke on a code file. It's also uploading on a separate partition of a separate hd outside the root and running on a mac server so it would be pretty tough to get that to work. >Would be a good idea to also check the file extension of the uploaded file, >otherwise you may get a .cfm file uploaded with a spoofed mime type of >image/jpg for example. >2009/8/24 Dave l <[email protected]> > >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325631 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
