Peter Lind wrote:
> On 14 August 2010 22:36, Sebastian Ewert <seb2...@yahoo.de> wrote:
>> before I allow to upload images I read them and check for several html
>> tags. If they exist I don't allow the upload. Is their any need to check
>> pdf files, too? At the time I'm doing this, but the result is that many
>> files are denied because of unallowed html tags.
> Reading and checking for html tags seems rather excessive - I would
> rather use image extensions/pdf extensions and tools to verify that
> the uploaded data was in fact one or the other. If someone uploads an
> image and you cannot get the image dimensions from the file, for
> instance, then it's likely not an image.
So if imagick sais its an image/pdf there is no need to check for html
tags? My upload class first checks the mime type with imagick. Do you
know other tools?
I think I can remember of a xss tutorial where the js code was included
to an image. But I haven't tried it so I couldn't test the result. He
used a programm to combine images with text. Perhaps I have undestood
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php