Hello all,
im posting this here, because the bug report system of php.net is not right
place for my problem. It's not a bug, but a wish - an I found there no
wishlist option at all.
I'm running my own webmail-client, written in PHP. It is stable, fast and
pretty, showing the full power of the
Hi Arno!
Seems to be the standard behaviour of Apache servers all over the
world!
I was testing this way:
First I renamed a real, proper GIF-file to this.php.nice.gif, put it
in the root of my websites and called it with the browser. Result:
Error 500 Internal Server Error. The logfile tells:
Tamara Temple am Montag, 23. September 2013 - 06:49:
GoDaddy's default plesk-generated configuration for FastCGI-served PHP
files only looked to see if the file contained .php somewhere on it's
path - i.e. it would happily execute 'malicilous.php.txt' as php code,
even something ridiculous like
Stuart Dallas am Montag, 23. September 2013 - 12:58:
And, honestly, who would have a PHP file per language? I think it's
perfectly reasonable to not allow that, because duplicating PHP code
across many files is an incredible stupid way to support multiple
languages.
I agree!! Didn't even know,
Tim Streater am Montag, 23. September 2013 - 12:56:
On 23 Sep 2013 at 11:37, Domain nikha.org m...@nikha.org wrote:
The problem is the weak PHP upload mechanism!
I'd have said the problem is weak metadata provision - overloading the
filename for other purposes.
--
Cheers -- Tim
Negin Nickparsa am Montag, 23. September 2013 - 20:59:
I have read your mail twice and still I could not get what you want
exactly.
Sorry for my bad english!
What I want is, that the users of my webmail client can see at a glance,
if mails in their mailboxes have attachments or not. (Thats a
Aziz Saleh am Montag, 23. September 2013 - 22:06:
What Niklaus wishes for is a way to detect if an email message
contains an
attachment by just reading the headers (correct me if I am wrong).
Yes, that's what I'm seeking :-)
This isn't really a PHP issue. In any language you can't really
Ashley Sheridan am Montag, 23. September 2013 - 21:35:
No, no, no! That is not a good stand-in for fundamental security
principles!
This is a better method for ensuring an image is really an image:
?php
if(isset($_FILES['file']))
{
list($width, $height) =
Tamara Temple am Montag, 23. September 2013 - 22:38:
On Sep 23, 2013, at 1:36 PM, Domain nikha.org m...@nikha.org wrote:
Better solutions?
One I have used, and continue to use in Apache environments, is place
uploads only in a place where they cannot be executed by turning off
such
Ashley Sheridan am Dienstag, 24. September 2013 - 18:22:
In an earlier email I detailed some methods for validating other types, such
as DomDocument for HTML, XML, svg, etc, or fpdf for PDF.
Fine, gratulations!
And on behalf images: GD you are using handles only
jpeg, gif and png. There
10 matches
Mail list logo
