On Thu, 16 May 2002, r wrote:
> Here goes,
> I have a program that uploads any file and allows the person to see whats in
> a particular directory without any problems,
> not bad for a newbie eh? stand up and clap!!!
> what i want to do is make sure that whatever the person uploads cannot "run"
> or be executed....any ideas on how to do this?
> Baically its a file sharing program..."a" uploads something "b" downloads
> it...I just dont want to get screwed in the bargain
Not sure I get your question. Cannot be "run" or "executed" by whom? By
the web server? Just don't let it run them. By people who download them?
Impossible. There are too many executable formats. The only choice would
be to have a whitelist of file formats (i.e., "GIF", "JPEG", "PNG", use
'file' to check the prologue of each file, and then toss anything else.
P.S. Your system clock is about 11 hours fast (or you've selected the
wrong time zone), which is annoying since it puts your messages out of
sequence and I can't tell whether or not they've been replied to without
reading through 200 other headers.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php