On 14 August 2010 22:36, Sebastian Ewert <seb2...@yahoo.de> wrote:
> Hi,
> before I allow to upload images I read them and check for several html
> tags. If they exist I don't allow the upload. Is their any need to check
> pdf files, too? At the time I'm doing this, but the result is that many
> files are denied because of unallowed html tags.

Reading and checking for html tags seems rather excessive - I would
rather use image extensions/pdf extensions and tools to verify that
the uploaded data was in fact one or the other. If someone uploads an
image and you cannot get the image dimensions from the file, for
instance, then it's likely not an image.


WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to