On Tue, March 29, 2005 2:04 pm, A. S. Milnes said: > On Tue, 2005-03-29 at 22:23, Richard Lynch wrote: >> > //The mime type of the file, if the browser provided this information. >> > $userfile_type=$_FILES['userfile']['type']; >> >> Nooooooooooooooo! > > Hmm - some very senior people disagree with you!
Please reference their publications, if possible. It's just plain BAD security to trust this value for any real-world usage. And it's made meaningless by the browsers not standardizing what they send anyway. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
