I mean, if you already specified it as a PNG image with header(), how
do you execute Javascript/malicious code, as the browser will render
it as a PNG?

Malicious code can still be embedded in images. The vulnerabilities ISTR are in Windows image handling libraries. I assume they've been fixed now though because it was some time ago. But that doesn't mean to say more won't be found.

--
Richard Heyes

+----------------------------------------+
| Access SSH with a Windows mapped drive |
|    http://www.phpguru.org/sftpdrive    |
+----------------------------------------+

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to