Hi Anil!
On Sun, 19 Aug 2001, Anil Madhavapeddy wrote:
> Guessing the file-type from the first few magic bytes is
> probably a good thing (especially in the case where other
> methods have failed, and the MIME type has fallen back to
> application/octet-stream or something equally unhelpful).
>
uhm,
well, but if I send foo.gif and it starts with some "friendly"
VBScript I won't bet you'll think the same.
Apache does same guessing on the server, which is safer (and
does not do it by default, iirc.)
> The bug here is that it ignores the explicit Content-Type
> header instead of its own detection mechanisms, which is
> clearly bad.
>
> Anyone want to file a Microsoft bug report? :-)
was already discussed on bugtraq not too long ago; I remember
a link pointing that it's actually a documented feature :)
-- teodor
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
