Melvyn Sopacua wrote: > I don't agree. > An avatar, by nature, has a fixed _image_ size. If you allow variable > avatar image sizes, then you still have the option to use that same > getimagesize() > to set the width and height attributes of the HTML IMG tag and the browser > (any browser), will render that image, with the set values. > > If the image is larger, it will simply scale down proportinally and the > fun for the 'malicious haxoreditor' is spoiled already.
To tell you the truth, I never really thought about running getimagesize() to get width="x" height="y" when displaying the images. For some reason I always thought that I would be forced to save the width and height in the database (or somewhere else) in order to display the images with the width and height HTML properties. Man, do I feel like an idiot now. I tried messing with an image and using the method you described and it works great in IE and Mozilla. Opera still has problems though (latest 7.0 beta). It seems to disregard the HTML properties and relies solely on the width and height of the actual data blocks in the image. I'm telling you, for every day that passes, my hatred towards that sorry excuse for a browser grows stronger and stronger :-) > IIC - your reference for disallowing uploaded images, should be filesize > rather than imagesize and as described above, you can use the bug, to > restrain any layout problems that arrise. Well, there's nothing worse than a browser-scaled image in my opinion. What should be validated and what should not be is up to the forum administrator (in my case anyway). Thanks for the heads up. I guess I will scrap the patch I just finished now. That is, unless someone is interested in the code. /Kennel -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
