What version of PHP/Apache/etc are you using?...

What browser on what OS?

If it's consistently doing this for all browsers, you could write some code
to check the uploaded file, and if it starts with "Content-type: ", strip
off the lines.

Both GIF and JPEG files have distinctive starting characters, so you could
even generalize it to strip off anything up to those characters.

> echo "<FORM ENCTYPE=\"multipart/form-data\" ACTION=\"$PHP_SELF\"
> METHOD=\"POST\">";
> file://echo "<FORM ACTION=\"$PHP_SELF\" METHOD=\"POST\">";
> echo "<INPUT TYPE=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"10000000\">";
> echo "Send this file: <INPUT NAME=\"userfile\" TYPE=\"file\">";
> echo "<INPUT TYPE=\"submit\" name=\"upload\" VALUE=\"upload\">";
> echo "</FORM>";
> if ($upload) {
> echo "Userfile : $userfile<BR>";
> if (is_uploaded_file($userfile)) {
> copy($userfile, "/tmp/WynnBase.tmp");
> } else {
> echo "Possible file upload attack: filename '$userfile'.";
> }
> }

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to