"Domain nikha.org" wrote:
>Ashley Sheridan am Dienstag, 24. September 2013 - 18:22:
>
>> In an earlier email I detailed some methods for validating other
>types, such
>as DomDocument for HTML, XML, svg, etc, or fpdf for PDF.
>>
>Fine, gratulations!
>
>> And on behalf images: GD you are using h
Ashley Sheridan am Dienstag, 24. September 2013 - 18:22:
> In an earlier email I detailed some methods for validating other types, such
as DomDocument for HTML, XML, svg, etc, or fpdf for PDF.
>
Fine, gratulations!
> And on behalf images: GD you are using handles only
> >jpeg, gif and png. Ther
"Domain nikha.org" wrote:
>Ashley Sheridan am Montag, 23. September 2013 - 21:35:
>
>> No, no, no! That is not a good stand-in for fundamental security
>> principles!
>>
>> This is a better method for ensuring an image is really an image:
>>
>> > if(isset($_FILES['file']))
>> {
>> list($w
Tamara Temple am Montag, 23. September 2013 - 22:38:
>
> On Sep 23, 2013, at 1:36 PM, Domain nikha.org wrote:
>
> > Better solutions?
>
> One I have used, and continue to use in Apache environments, is place
uploads only in a place where they cannot be executed by turning off
such options and h
Ashley Sheridan am Montag, 23. September 2013 - 21:35:
> No, no, no! That is not a good stand-in for fundamental security
> principles!
>
> This is a better method for ensuring an image is really an image:
>
> if(isset($_FILES['file']))
> {
> list($width, $height) = getimagesize($_FILES['
On 23 Sep 2013, at 11:37, Domain nikha.org wrote:
> Tamara Temple am Montag, 23. September 2013 - 06:49:
>>
>> GoDaddy's default plesk-generated configuration for FastCGI-served
>> PHP
> files only looked to see if the file contained ".php" somewhere on
> it's path - i.e. it would happily exec
6 matches
Mail list logo
