One can always change a file name extension to something else, so testing against the file extension is probably not useful. PHP's $_FILES['userfile']['type'] will indicate the file's mime type if provided by the browser, but I don't know how browsers determine the mime type for uploaded files. The *nix "file" command reads the file headers and determines file type based on the pattern of bytes in the headers of files -- that is the most reliable way to do it. But again, I don't know if browsers use a similar method or not.
- Ed > I think a exclude list is better than an include list - that is, we > should exclude files with .exe .php and so on, and include any files > not matching this ban-list. _______________________________________________ Openfontlibrary mailing list Openfontlibrary@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/openfontlibrary