On Sat, Aug 14, 2010 at 10:36:07PM +0200, Sebastian Ewert wrote:

> Hi,
> before I allow to upload images I read them and check for several html
> tags. If they exist I don't allow the upload. Is their any need to check
> pdf files, too? At the time I'm doing this, but the result is that many
> files are denied because of unallowed html tags.

If I'm not mistaken, more recent versions of the PDF spec allow for
embedded javascript. If so, it might be worthwhile to check for
javascript in PDFs. (Whoever first thought of embedding *code* in
documents should be shot.)


Paul M. Foster

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to