At 09:55 7-1-2003, Marcus Börger wrote:
At 01:43 07.01.2003, Rickard Andersson wrote:
I'd be glad to write a patch for image.c (function php_handle_gif()), but I
though I should ask you guys first. I wouldn't want to do it in vain. As it
is now I've got PHP code that checks this for me to prevent "malicious"
users from uploading huge avatars in my forum software.
Your scenario described above seems like a reason to accept the the
speed loss. So send an unified patch and we will have a look on it.
I don't agree.
An avatar, by nature, has a fixed _image_ size. If you allow variable avatar
image sizes, then you still have the option to use that same getimagesize()
to set the width and height attributes of the HTML IMG tag and the browser
(any browser), will render that image, with the set values.
If the image is larger, it will simply scale down proportinally and the fun
for the 'malicious haxoreditor' is spoiled already.
IIC - your reference for disallowing uploaded images, should be filesize rather
than imagesize and as described above, you can use the bug, to restrain any
layout problems that arrise.
With kind regards,
Melvyn Sopacua
<?php include("not_reflecting_employers_views.txt"); ?>
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
