SmOk3 wrote: > I don't want to criticize the phpBB coders, but why is it dificult to > check out the size > of a image and telling the user that that size of image it's not > possible, or even block the > size on the viewtopic table, something like that.
Having phpbb check the image size would add no security whatsoever. The malicious user could place the image on a server that uses mod_rewrite or PHP (or whatever...) to send a nice 100 x 75 image of a kitty cat when the phpbb server requests the image, and a 4000x3000 gaping goatse to everyone else. There is absolutely no way for phpbb to be able to enforce the size of images hosted on remote machines. All it can do is specify the width and height attributes of the IMG tag when it displays the image. Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
