--- Sean Burlington <[EMAIL PROTECTED]> wrote: > I'm not sure what harm could be done by this though. > > if a broswer attempts to load an image reference by > an <img tag - but finds an unsuitable type of data - > I would expect it simply to ignore it...
I sent a response about this earlier, but you should research CSRF and XSS. It does not matter that the browser shows a broken image if it has already sent the HTTP request. There is no special HTTP request for checking whether the Content-Type is really an image without the receiving Web server taking any action. A GET is a GET. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
